Building your Packages

Clients rely on you to give them the professional advice they need to protect their business. Whilst you might feel that giving them lots of options and flexibility is the moral thing to do, it often works against you. This is because they don't understand the value of the services or the risk associated with their decisions, resulting in them focussing more on the cost rather than the risks and benefits.

Packaging your Security services into Security Packages is the best way to protect your clients without being chipped down on price on individual line items. By providing turnkey or customized security packages, you are helping them to not only meet their compliance requirements, you are creating a more robust and balanced security posture and reducing their risk of cyber-attack.

Security Packages in HighGround are designed to be easily understood by your clients by using KPIs and visualisations that are both powerful and meaningful. We align to the NIST Cybersecurity Framework 2.0, often referred to as the grandfather cybersecurity framework, giving you and your clients confidence in the credibility behind the robustness of your security stack and the security packages you build and sell to your clients.

You can create 2 different types of security packages in HighGround:

MSP Standard Packages: these are your standard packages that you provide, for example Bronze, Silver and Gold.

Custom Packages: these are security packages you create for specific clients to meet their unique needs. When creating a custom package, you will be prompted for which client you want to create it for and it will not be available for use with any other client.

​

Security Packages are made up of a collection of Security Services and Products:

Security Services: these are the actual security services you offer and are re-usable across different security packages. This gives you the rigour of engineering your security services independently of how you package and sell them (aka security packages). You can read our Building your Security Services article to learn more.

Products: these are the actual products you buy from your suppliers. Think of these as the actual line items on the invoices you purchase, for example Sentinel One Complete License. Products can be created manually in HighGround or imported from your PSA/Finance System and are linked with the tools in your Security Stack.

The image below demonstrates the relationship between security packages, Security services and products.

Whilst building security packages in HighGround is pretty simple, there are a lot of options and flexibility, which can make creating security packages complicated very fast!

Use this section to learn what is possible as well as a handy reference resource.

To create a security package, you must be in the MSP Portal (i.e. they cannot be created from the client portal).
​
Navigate to Packages > Proposals > Click 'Add'

Select 'Create Standard MSP proposal' unless you want to create a custom proposal for a client, in which case you can search for and select the client the proposal will be for.

Give your proposal a Name and Description - now you're ready to add your security services.
​

​

Now it's time to start adding the various security services that you will provide in this proposal. All security services you have created in the packages module are available for selection in your proposal since security services are re-usable (i.e. using them in one proposal will not prevent you from adding them again in another).

To add a security service to your proposal, under 'Services', click 'Add'.
​
​

If a service has already been added to the proposal, it will appear in the services list above and in the dropdown list highlighted in blue with a blue tick at the end of the row.

You can remove a security service from your proposal by hovering over the service in the list and clicking the 'x' button.

The Security Posture of your proposals will be displayed dynamically as you build it. This is driven from the services themselves and is an aggregation of the security components and their associated security weightings from the services you have added to your proposal.

The security posture of your proposal includes the following:

Security Posture: this is a visualization of the security posture of the proposal against the NIST Cybersecurity Framework 2.0.
​
For each of the Functions in the Framework, the maturity of the proposal is plotted on an axis of the chart. The further from the centre to the outer point of the axis, the more mature the security package is in this Function of the NIST Cybersecurity Framework 2.0. A numerical value from 0 to 50 is already provided.
​
​Predicted CyberScore: this is the CyberScore that clients would achieve if they had this proposal applied, all tools configured correctly and in good health, and all other security attestations removed.

Predicted CyberResilience: this is the CyberResilience score that clients would achieve if they had this proposal applied, all governance & resilience activities performed correctly in HighGround, all tools configured correctly and in good health, and all other security attestations removed.

A financial breakdown of your proposal is provided so you can see what the package will cost and how much margin you will make.

Billing Model: there are 2 different billing models for proposals:
​
​Asset Pricing

Package Pricing

For asset pricing users will need to enter a minimum unit count.

For package pricing users will need to enter a minimum revenue amount.

The security capabilities give your clients a high level overview of the security components of a proposal. These are the security components from the services you have added to your proposal and can be toggled between 2 different views as follows:

Show by NIST CSF Function: these align to the 5 functions of the NIST Cybersecurity Framework (Identify, Protect, Detect, Respond & Recover). They are inherited from the security components alignment in the NIST CSF Framework and are not controllable by the MSP.

Show by Security Pillar: this is a useful way for your clients to visualize the functional areas that the security components align to and are more recognizable by non-technical people such as business owners and management teams. Options include User Security, Device Security, Network Security, Cloud Security, Business Resilience and Compliance. These are customizable by the MSP on a per security component level when building your services.

Security Components have additional status icons as follows:
​

​Pre-existing: the client already has this security component (as defined by their security attestation in HighGround). This is only visible when building a custom security package, or when viewing it from the proposals module for the client.
​

New!: the client does not currently have this security component (as defined by their security attestation in HighGround) and this proposal will provide this as a new security capability

Monitored by SOC: for any security component which will be monitored by a security operations centre, this icon will show at the end of the security component. This is controlled from the Tool which is linked with the security component when you are building your services.

When building your services, you will define their features. These are often technical and are of limited value to clients trying to understand the bigger picture of what a proposal will provide them.

These features are shown in the 'Included Features' section and arranged by service so it's clear what features are being provided by which service and its associated billing details.

A security component is a technology or practice that delivers a security benefit.

This section will display the security components included in this package (via the services you added) together with the icon of the tool being used and product that is linked with that tool. For practices, a generic icon will be used however a product may not be linked.

When building your services, you answer questions about what the service will provide. The majority of these questions are actually controls in the NIST Cybersecurity Framework (known as Subcategories) which have been converted into MSP security service questions.
​

When the service is added to a proposal, the questions that you answered converted into statements about what you will do for your clients, along with the control-ids of the framework that they can use for cross-referencing this against other security frameworks.

This saves you time explaining to clients what actual security activities you are performing/providing, saving you time and giving your clients confidence.

The last time your security was edited, including who edited it, is shown at the bottom of the proposal. This is helpful in being able to track changes. In future releases we will provide versioning and an audit log for enhanced auditing capabilities.

You can edit a proposal that is not applied to any clients without any complications - simply open the security package you want to edit, make the changes and click save.

If you want to edit a proposal that you have already applied to a client the there are some additional considerations and options. By changing a proposal that is already applied to a client, you will change the security posture of every client the package is applied to.

To prevent you from doing this by accident, HighGround will notify you of this, including which clients the security package is applied to, and prompt you to either continue with your editing or to clone the proposal.

​

Step 1: Find the package you want to delete.

Step 2: Click on the '...' at the end of the package.

Step 3: From the list of options, select 'Delete'.

Step 4: If you are still sure you want to delete the package select 'yes, Delete'.

Your security package will now be removed from your list.

Once you have sold a proposal to a client, you should apply it to them in HighGround. This is a quick and easy process to perform:

Step 1: Go to the company dashboard and select the client to manage their account.

Step 2: Select 'proposals' on the left menu.

Step 3: In the 'Active proposals' block, click 'Select proposal'.

Step 4: Select the proposal you want to apply to your client.

Step 5: Select 'Keep' or 'Remove' and your package will be applied to your client and show as being 'Active'.