Most managed services providers (MSPs) will agree with the statement that all companies are becoming technology companies. Digital transformation is happening in all verticals in businesses of all sizes, and productivity is increasingly dependent upon technology. However, small to medium-sized (SMB) businesses often don’t – or financially can’t – have a Chief Information Officer (CIO) on staff who understands their business and guides decisions about technology implementation. These organizations can benefit significantly from virtual chief information officer (vCIO) services.
Sean McCloat, CISSP, Vice President of Technical Services for Corserva, says two main areas make up a vCIO offering: strategic planning/consulting and IT roadmap development. With new clients, he says Corserva starts with fact-finding. “We find it best to assess their organization’s overall mission and strategy, as well as critical business applications and functions. Then we determine the status of their IT services and supporting IT infrastructure and operations, whether provided by internal IT staff or an outside MSP,” says McCloat. “The initial IT assessment offers the client a clear set of requirements and highlights what’s missing from their IT strategy and operations.”
Are “MSP” and “vCIO” Roles Mutually Exclusive?
When an MSP offers vCIO services, it’s possible that conflicts could arise. Still, McCloat says that doesn’t have to be the case “as long as the vCIO is looking out for the client first and foremost and is completely separated from the MSP’s sales team or account management team. After all, a full-time staff CIO probably has internal IT staff reporting to them yet can make decisions that will be in the best interests of the company’s long-term goals.”
He points out that clients may want to contract vCIO services differently, depending on their preferences. “For simplicity, some clients prefer to deal with only one MSP. This model works when the vCIO remains independent of other parts of the MSP’s business. In these cases, the vCIO should provide recommendations to the client where changes should be made without promoting the MSP’s services,” McCloat says. However, other clients may prefer separate managed services and vCIO providers to gain a third-party, unbiased view that can better bridge the gap between company leadership and IT. These companies may use internal resources, an MSP for day-to-day technology needs, and a separate MSP for vCIO services.
Pricing vCIO Services
McCloat advises MSPs to price vCIO services using a monthly recurring revenue model, typically for a 12-months term, with a set number of hours per month. He says it’s essential to define the scope of your work based on the client’s needs. He says the prospective client may need a vCIO for risk management functions such as contract reviews and audit reviews in industries such as healthcare, finance, and manufacturing. Other clients may seek a vCIO to represent them during a merger or acquisition. You also need to account for on-site hours, which are expected at the beginning of a client engagement. “Do not make assumptions,” McCloat stresses. “Properly defining the scope of the requirements leads to the correct pricing structure.”
Overcoming vCIO Challenges
McCloat says communication is one of the biggest challenges a vCIO has compared to a CIO. “You can lose some perspective if you’re only involved with the organization once a month for an executive meeting. The challenge is to bridge those gaps daily, weekly, and monthly,” he says. “The vCIO will build trust with the C-level team by aligning IT with the company’s long-term business strategy.”
He says some tools can help you automate some of the reporting you need to do, gathering and presenting metrics from various systems that help you answer questions like “What’s the status of operations?” and “What’s the status of our security risk?”
Metrics will also allow you to show quantitatively that you are achieving the goals that you and your client established, such as decreasing costs, increasing revenue, improving service quality, and identifying and managing risks. “If you do your job right, you will hit your targets,” McCloat says. 
