GRC for MSPs

A fast, efficient, and cost-effective governance risk and compliance tool for MSPs.

The frameworks you need

Within a couple minutes, Lavawall® automatically puts together the data that Google has available to identify suspected breaches and security risks.
Lavawall® covers every framework your clients need, including:

Security Frameworks
  • CIS Critical Security Controls v8.1 IG1, IG2, and IG3
  • NIST Cybersecurity Framework v2.0 Tier1, Tier2, Tier3, and Tier4
  • NIST SP 800-171 r3
  • Canadian Centre for Cyber Security Guidance v2024
  • ISO/IEC 27001
  • CMMC Level 2 v2
  • SOC 2 2024 (Security, Availability, Processing, COnfidentiality, Privacy)
  • Canadian Cyber Essentials 2024
  • Australia Essential Eight 2024
Privacy Frameworks
  • HIPAA Security Rule 2024
  • Alberta Health Information Act (AB HIA) 2024
  • British Columbia Health Information Act (BC HIA) 2024
  • Canadian PIPEDA 2024
Industry Frameworks
  • PCI DSS SAQ A v4.01 (web page accepts credit cards in a fully-outsource iframe or in a fully-hosted window)
  • PCI DSS SAQ A-EP v4.01 (web page hosts styles or credit card forms that are transmitted directly to your payment processor from the client)
  • PCI DSS SAQ B v4.01 (credit card machine that connects via cellular or telephone line)
  • PCI DSS SAQ B-IP v4.01 (credit card machine that uses WiFi or a wired network connection)
  • PCI DSS SAQ C v4.01 (accept credit cards in a POS or other computer terminal)
  • PCI DSS SAQ C-VT v4.01 (enter customer credit card numbers in a web-based virtual terminal)
  • PCI DSS SAQ D v4.01 (store, process, or transmit credit card numbers)
  • NERC CIP v7
  • IIROC Cybersecurity Best Practices 2024
  • CPA Canada Cybersecurity Framework
  • Ontario Cybersecurity Framework (public sector) 2024
  • BC Financial Services Authority Security Guidance 2024

Select the frameworks you need

Unified Controls

In today’s world, most companies need to comply with more than one framework. Traditional GRC tools require multiple questionnaires and evidence for each.
Lavawall® was designed by an auditor who founded an MSP, so it avoids this work and makes life really simple by only asking questions once.
Simple, unified controls.

Answers you didn’t know you had

Lavawall® knows what’s on your computers, your Google Workspace apps, your Microsoft 365 and Azure Apps, your network, everything on your domain, and even your Active Directory.
We use that information to fill in your GRC information and provide evidence based on what we discover. If we can see 100% coverage, we'll suggest that you mark the control as implemented. In other cases, we may suggest that it is in progress.
Lavawall uses your Google, Microsoft, Azure, workstations, servers, and network to fill in compliance questionnaires for you.

Don’t waste time writing policies from scratch

The most time-consuming part of any compliance effort is writing policies and gathering evidence.
Lavawall® comes with tonnes of built-in templates for each required control, recommends the best options, and makes them easy to fill in.
Tonnes of templates to start from

The templates have built-in variables to make your life super easy. Just fill in the blanks and Lavawall® does the rest.
Template variables



If you have any questions or need further assistance, feel free to reach out through our chat, phone or email on our contact page!