Two months ago, we said your clients aren't just asking "are we secure?" They're asking "can you prove it?" Last month, we showed you how Telivy and Tentacle are connecting: findings flowing into compliance assessments, evidence collection getting simpler, the distance between discovering a risk and documenting the fix getting shorter.
This month, we're shipping the surface that makes proof durable.
Here's the problem most compliance programs still have: you run an assessment, collect evidence, present it to an auditor or an insurance carrier, and then that evidence goes stale. It sits in a shared drive or a spreadsheet. Nobody maintains it between audit cycles. Three months later, an auditor asks "show me this control was satisfied on March 14th" and the scramble begins.
Tentacle's Evidence Locker changes that. It is going live now, partners will start rolling into it over the coming weeks, and it is one of the single most important capabilities we've shipped this year. Every Telivy scan now becomes a timestamped, source-attributed evidence snapshot with a full approval lifecycle. When a control drifts, the approval invalidates automatically. When you fix it and re-scan, the evidence trail picks back up. A 90-day compliance timeline shows the full story: when you were compliant, when you drifted, what you did about it, and who signed off.
Alongside it, Telivy shipped HIPAA Compliance Reports that map scan results directly to Security Rule safeguards, industry vertical tagging that auto-detects relevant frameworks, and unified remediation tasks that surface directly in Tentacle. The "Assess, Prioritize, Remediate, Prove" loop now has real infrastructure behind the Prove step rather than just a PDF export.
And looking ahead, the evidence system is now in place. The next frontier is a platform that doesn't just record that remediation happened, but actively participates in it. We're investing in agentic security operations where the platform identifies the fix, dispatches it, verifies it worked, and captures the proof in one closed loop. The repeatable remediations get handled autonomously. The judgment calls get escalated to you. More on that in the months ahead.
Here's what we shipped over the last month.
If you're already running compliance programs with Tentacle, our governance, risk, and compliance (GRC) platform, or you've been thinking about adding compliance-as-a-service to your practice, this is the release that changes the conversation with your clients.
Continuous Control Evidence (the "Evidence Locker"), now GA. This is the headline. Tentacle now includes a dedicated evidence management surface on every compliance control. What this gives you:
Most GRC tools can tell you whether a control is met right now. Very few can tell you whether it was met last Tuesday, whether it drifted on March 14th, who fixed it, and what the evidence looked like at the moment an auditor asked. That's the gap the Evidence Locker closes.
The partner conversation shifts from "we ran a compliance assessment" to "we've maintained continuous compliance for 180 days, and here's the auditor-ready timeline with source-attributed evidence, approval history, and operator notes." That's a fundamentally different value proposition, and it's the kind of proof that drives retention, justifies premium pricing, and makes renewal conversations easy.
If compliance-as-a-service is a service line you're building or expanding, particularly for healthcare, financial services, or CMMC work, reach out to your partner manager to walk through how to wire the Evidence Locker into your existing client programs.
The HIPAA Compliance Report is the strongest single feature this month for partners with healthcare clients. It's a tangible, client-ready deliverable that connects Telivy's scanning depth to a specific regulatory framework your clients are measured against. Combined with the Evidence Locker and unified remediation in Tentacle, the path from "we ran a scan" to "here's your HIPAA compliance evidence trail" is now a straight line.
The vertical tagging and mandatory review dates are quieter but strategically important: they make Telivy smarter about your client's industry and more disciplined about keeping risk decisions current. Both matter when you're building programs that last rather than running one-time assessments.
The Seat Transfer Wizard removes a real friction point for partners managing user changes across their client base. The PSA missed-call integration is worth paying attention to beyond the feature itself: it's built on the same integrations architecture as Autotask v2, which means every new integration we ship benefits from the same foundation. The pattern is: build the architecture once, extend it everywhere.
The mobile refreshes continue the UX modernization we started last month. If you're in Early Access, you're seeing a meaningfully different mobile experience. If you're not, now is a good time to opt in.
ControlOne in April was a polish and reliability month. These are the kinds of improvements that don't make headlines but remove daily friction: clearer status messaging so your techs aren't confused, naming flexibility so your portal reflects your terminology, and a VPN fix that eliminates a real blocker for partners setting up multi-site tunnels.
Later this quarter, you'll see Telivy ship Browser Password Risk Intelligence, giving you visibility into one of the most common and under-assessed credential risks in your clients' environments. Custom Security Reports are coming so you can tailor deliverables to your specific client conversations. And the Evidence Locker will continue to deepen with audit package export, cross-framework evidence mapping, and a "Continuously Monitored" certification badge.
On the integration front, more PSA integrations are in active development for UCaaS, extending the same architecture powering the Autotask and missed-call integrations today.
And as we said up top: we're building toward a world where the platform doesn't just record remediation. It executes it. Agentic security operations, where repeatable fixes are dispatched, verified, and evidenced automatically, is the strategic direction we're investing in. The evidence system is now the foundation. The autonomous remediation layer is what comes next.
The through-line for 2026 remains: Assess. Prioritize. Remediate. Prove. Every release deepens that loop.
Upcoming Events: Let’s Connect
If you're planning to attend any of the following events, we'd welcome the opportunity to connect while you're there!
Let us know if you will be attending any of the events - we'd love to catch up!
Standardization remains one of the clearest levers MSPs have to simplify operations and build a more scalable business.
Across both UC and ControlOne, partners who commit to standardization are reducing the day-to-day friction that comes from managing exceptions, one-off environments, and disconnected tools. The result is a more consistent service experience, cleaner deployments, and a stronger foundation for delivering secure connectivity and communications as true managed infrastructure, not piecemeal solutions.
When UC and network security are aligned under a standardized approach, MSPs gain tighter operational control, clearer packaging, and a more compelling story for customers who are increasingly asking about reliability, security, and accountability.
If you’re looking at where to simplify your stack and create more consistency across clients, we’re happy to share how other partners are approaching standardization across Cytracom UC and ControlOne, and what it’s enabling for their teams.
We’re excited to welcome the newest TeamLogic IT partners to Cytracom. As you get up and running, our focus is on helping you build a more scalable, standardized foundation across your services, so you can grow with less friction and more confidence.
We look forward to working alongside you as you expand your offerings, strengthen your operations, and continue building long-term customer value.
Welcome Aboard!
We want to hear from you!
Which top-of-mind topics would you like to hear about? Email swise@cytracom.com with what you'd like covered in the upcoming newsletter - and we will put it on our radar!
Thank you for your continued partnership and leadership within the TeamLogic IT community.
— The Cytracom Team