Red Team Trust

PTRPartner Program

Grow your MSP withsecurity and compliance.

Refer clients to independent security assessments. Resell compliance management as a monthly subscription. We provide the platform, the tooling, and the reports — you provide the relationship.

01What You Get

Three things in one platform.

// 01

Operator console

Your dedicated MSSP account. Create orgs, generate assessment bundles, track scan status, manage compliance posture, and invite clients — all in one place.

// 02

Referral revenue

Earn a fee for every completed security assessment you refer. RedTeamTrust delivers and brands the reports. You're the trusted advisor who brought in the outside eyes.

// 03

Compliance subscription

Resell compliance management as a monthly service. Findings auto-map to controls. You manage posture; clients get their own portal. Includes the policy-acknowledgment workflow and the auditor engagement portal for SOC 2 / HIPAA / PCI / CMMC / ISO reviews.

// partner deliverables

Five outputs per assessment.

One to present live. Three to leave behind. One stays internal.

Findings slide deck

Present live

PPTX — your primary tool for introducing findings to the prospect in the proposal meeting. Walk it live: attack surface scorecard, ranked findings, real incident case studies, and managed service callouts.

Executive Summary PDF

Share with client

Leave-behind after the meeting. Risk score with band, section-by-section narrative, finding table — suitable for leadership and insurers.

MSSP Remediation PDF

Partner only

Internal prep document. Step-by-step remediation per finding organized by attack surface. Use to build the proposal and create tickets.

Technical Detail PDF

Share with IT

Full evidence inventory with raw findings, timestamps, and collector checklist. Hand to IT after the client commits.

Compliance gap report

Share with client

Framework-mapped control status after every assessment run. Select the relevant framework — or default to Cyber Insurance Readiness.

02Built For Your Pipeline

Your best prospecting toolis a risk score.

Most SMBs don't know how exposed they are — and most MSPs struggle to make that real without seeming like they're fear-selling. An independent third-party assessment changes the conversation entirely. You're not telling them they have a problem. The data is.

// before they sign

Replace the pitch deck with a risk score

Send a prospect their actual endpoint risk score — a concrete 54/100 with 12 specific findings hits differently than any slide. The neutrality of a third-party report converts skeptics that a vendor conversation never would.

Baseline before you inherit liability

Run an assessment before onboarding any new client. Document their posture on day one with a timestamped, signed authorization record. You know exactly what you're taking on — and you have proof of what pre-existed your engagement.

Walk in with the meeting structured

The findings slide deck runs a 30–45 minute proposal meeting without prep. Attack surface scorecard, ranked findings, real incident stories, and managed service callouts — built in.

// after they sign

Every finding is a billable conversation

No EDR? Sell EDR. BitLocker off across the fleet? Sell device management. Logging gaps? Sell SIEM. The assessment report isn't a deliverable — it's a structured list of things your clients need that you can provide.

Close compliance as a recurring line

After the assessment, findings auto-map to CIS v8 controls. Show clients their compliance gap report and close them on monthly managed compliance. Assessment becomes the top of a funnel, not a one-time engagement.

Re-assess to demonstrate ROI

Run the assessment again after remediation. Show the risk score improvement — 54 → 81. That before/after story is exactly what clients need to justify continued spend.

03Client Workflow

Four steps, all from your console.

  1. 01

    Add the organization

    Create the client as an organization in your partner console. Set up their ingest configuration.

  2. 02

    Send the assessment bundle

    Generate the assessment agent. Client runs it on their endpoint — it collects structured telemetry and sends results back. Written authorization required before bundle download.

  3. 03

    Present findings & sell remediation

    Download the findings slide deck for the proposal meeting and the MSSP Remediation PDF for internal prep. After the meeting, email the executive PDF as the leave-behind. Close the client on monthly managed compliance.

  4. 04

    Invite the client to their portal

    Send an invite link to your client's compliance contact. They set a password and access their own GRC portal — a read-only compliance dashboard where they can view control status and upload evidence for manual controls.

04Client Portal

Your clients gettheir own portal.

Send an invite link. The client clicks it, sets a login, and immediately accesses a clean GRC dashboard showing their compliance posture across all mapped frameworks.

  • Invite link generated in one click from your console
  • Client sets their own password — no admin intervention
  • Read-only compliance dashboard — they see their posture, not yours
  • Evidence upload for manual and hybrid controls
  • Separate login from your operator console — fully isolated
  • You control which frameworks are visible per client

05Retention Features

Two surfaces clientscan't get from a checklist tool.

Both are included with the compliance subscription. Neither requires the assessment platform. Together they are the difference between a one-time engagement and a multi-year managed relationship.

// policy management

Policies sent. Acknowledged. Controls closed.

Maintain a library of security policies — Acceptable Use, Password Policy, Incident Response, and more. Employees receive a secure one-time email link to review and acknowledge. Every acknowledgment is timestamped, IP-logged, and automatically marks the associated compliance controls as passing across every active framework.

  • 11 policy categories covering the most-audited control domains
  • No employee account required — magic link expires after sign-off
  • Overdue tracking flags employees who haven't signed in 7 days
  • Acknowledgment IS the evidence — audit-defensible record automatically
  • Bring-your-own policy library (PDF or URL) or use ours as a starting point

// audit engagements

Auditors get a workspace. You stay in control.

When your client engages a SOC 2 / HIPAA / PCI / CMMC / ISO auditor, you create an engagement and grant scoped, time-limited read access. The auditor sees exactly one org, one framework, one date range — never your full workspace. Every action they take is logged. The engagement closes with a sealed PDF you hand to the client.

  • Magic-link auditor access — no account creation, no IT ticket
  • Scoped to one engagement: org × framework × date range
  • Auditor evidence requests surface in your MSSP queue like support tickets
  • Time-limited access — link expires on engagement end date automatically
  • Sealed PDF on close — final control status, evidence index, full action log
  • Sells as a paid prep service: 'we hand the auditor a fully prepared workspace'

Ready to get started?

Subscribe to a plan and your partner account is provisioned immediately. No application, no waiting — you're in the console the same day.