Many small businesses encounter compliance barriers to entry when working with bigger firms.   The bigger firm requests a Business Associate Agreement and upon signing it, the small business must be upheld to the same rigorous security standards as the big corporations.

These are the things that may be asked for the small business to provide if they are working in the financial sector:

  • External Audit – SSAE18/SOC Reports
  • Information Security Policies
  • Penetration Test
  • BRP/DR plans and or summary test results


It is common for many small business environments of under 10 users to be lacking the foundation for them to proceed with a risk assessment and therefore, a lost opportunity working with a big firm is likely.  Their environment may contain a workgroup environment meaning there is no centralized user authentication that is at the core of all security and compliance.  Many other key components for managing and maintaining security are missing too if they lack centralized user authentication.

Fortunately, compliance setup for Microsoft 365 rolls everything into an umbrella suite of products for a very low price per user.  So yes, we can point in the direction of performing a risk assessment but almost all businesses fail the risk assessment if they do not already have a traditional IT setup as seeing at many large corporations.

Compliance setup for Microsoft 365 is being considered at many large corporations because of its emphasis on its modern IT approach to security with bring your own devices to work and all the hazards the work from anywhere.  Fortunately, it does not take as nearly as the amount of cost to secure a small business in the modern IT setup as opposed to traditional setup with on-premise servers.  All security and file accessibility is done in the cloud.


The Compliance Setup for Microsoft 365 Game Plan

In order to assist with your current setup, we would need to a snapshot of environment so any consulting going in is not promoting the wrong solution.  Here are some example questions…


  • How are you collaborating with your team and your clients?
  • How many mailboxes do you have?
  • What is your file server solution(s)?
  • How much data are currently using in Dropbox?
  • What issues is your team currently experiencing with Dropbox?
  • Is Google Drive being used too?  Very limited or pretty significant use?



NA Recommendation


  • Managed IT Services Bundle Suite of Services
    • Managed IT Flyer – Emphasis on ongoing support, consulting, compliance and bundling projects below.  This is the comprehensive solution.
      • Call today to go over those services!
    • Managed IT Services Agreement – Depending on the size and scale of the operation, we may promote some 1k,2k,3k a month plus something like a $1495 setup fee
      • Included everything below plus ongoing security and support.



Piecemeal Alternative

  • M365 Compliance Security Implementation Project
    • 2k or 3k Project
      • Note:  This price based on a project scope we recommend for best practice security for best effort compliance
    • Migrate from DropBox & Gsuite to M365 email, file sharing, collaboration, and security.
      • DropBox -> Sharepoint
      • Gsuite Email -> Exchange
      • No compliance -> Microsoft 365 Intune Security and Compliance features.  Note: These features aren’t enabled out of the box.  Separate project above for that.
        • 2k or 3k Project


Use the Compliance Setup for Microsoft 365 post as a Worksheet

Much of what we presented today is hypotheticals but it will certainly get the creative juices going for what your team may decide what to do going forward for resolving issues in compliance and professional grade security.  Check out our Microsoft 365 Business Premium post for viewing what is all including in the suite.



Leave A Comment