label
August 12, 2026 11:00 - 12:00 EDT

The gap between «controls deployed» and «contract awarded» will now include completing a third-party audit from a C3PAO. This upcoming Phase 2 cliff is where organizations that still have not engaged with their MSP or assessors are now operating on a constricted timetable. This session covers what assessors actually validate, how external service providers affect certification scope, and the evidence and operational standards that separate organizations that earn certification from those that receive a POA&M.

Key Takeaways

  • Why fully deployed controls alone don’t get you there.
  • Determine whether you fall in scope as an external service provider and how to handle it before an assessor decides for you.
  • The evidence and operational standards that get organizations certified.

Speaker

Lewis Pope

Head Nerd, Sec Ops

Lewis started his career in the MSP channel, spending six years as a System Administrator, Manager of Service Delivery, and IR Lead with a break/fix operation that eventually matured to a full MSP. Lewis joined N‑able in 2018 as a Sales Engineer, and in 2021 became a member of the Head Nerds team.

As a Head Nerd at N‑able, Lewis is focused on cybersecurity, helping MSPs overcome security and operational challenges by providing education, training, and advocacy for implementation of practical security controls, proper risk management, and incident response. His primary goal is helping MSPs start the cybersecurity maturation process that is needed to contend with modern risks and the evolving threat landscape, as well as finding opportunities for growth.

In his downtime, you can find him hosting gameshows at sci-fi conventions, tinkering with microcontrollers that have way too many LEDs, or reading endless threat-intelligence feeds. He’s also very proud of his daughter, but if we got into all of the reasons for that we’d be here for quite a while.

Loading form....