HailBytes MSSP Program | ASM for MSSPs → | SAT for MSSPs → | Book a demo →
A practical onboarding checklist MSSPs use to stand up new client engagements in their first 30 days. Built by HailBytes for the MSSPs we work with — opinionated, honest, and skipping the vendor theater.
This repo is for MSSPs managing 5–50 clients who want a repeatable, professional onboarding playbook instead of reinventing the wheel every time a new client signs. If you're:
- Building (or rebuilding) a standard 30-day engagement model
- Tired of bespoke onboarding that's only in one person's head
- Looking for editable templates your team can actually use — not slide decks from a vendor sales kit
- Evaluating or already using ASM and SAT tools as core service pillars
...this is for you. Fork it, adapt it, and make it yours.
| File | Phase |
|---|---|
| day-1-kickoff.md | Day 1 — Stakeholders, access, scope sign-off |
| week-1-discovery.md | Week 1 — Asset inventory, IAM audit, cloud exposure |
| week-2-tooling-deployment.md | Week 2 — EDR, ASM, SAT, SIEM deployment |
| week-3-baseline-assessment.md | Week 3 — First ASM scan, phishing baseline, posture report |
| week-4-reporting-cadence.md | Week 4 — Reporting setup, SLAs, client handoff |
| ongoing-monthly-cadence.md | Ongoing — Monthly operations and QBR prep |
| compliance-onboarding-addendum.md | Addendum — HIPAA, PCI-DSS, SOC 2, CMMC, GDPR steps when compliance is in scope |
| client-offboarding.md | Offboarding — Access revocation, data return, agreement closure, and handoff |
| File | Description |
|---|---|
| client-kickoff-agenda.md | 60-min kickoff call agenda with facilitator notes |
| discovery-questionnaire.md | ~35-question client discovery form |
| monthly-status-report.md | Monthly client-facing report template |
| quarterly-business-review.md | QBR document for CISO/VP-level audiences |
| incident-response-runbook.md | IR runbook with escalation paths and comms templates |
| File | Description |
|---|---|
| asm-tool-selection.md | MSSP-grade ASM criteria, matrix, recommendation → asm-tool-comparison repo |
| sat-platform-selection.md | SAT platform criteria, matrix, recommendation |
| siem-vs-managed-detection.md | DIY SIEM vs. MDR — honest cost comparison |
| File | Description |
|---|---|
| README.md | Anonymized MSSP case studies from HailBytes customers |
- Fork this repo. It's your starting point, not a finished product.
- Adapt per client. Use
<!-- NOTE: -->comment blocks to flag client-specific deviations. - Use templates as starting points. Search for
[to find every placeholder before sending anything to a client. - Track progress in your PM tool. These markdown files import cleanly into Linear, Notion, GitHub Projects, or your clipboard.
- Don't treat tooling guides as gospel. Pricing changes. Read them critically, run your own evaluation using the criteria we've laid out.
- Contribute back. If you find a gap, open a PR. The bar: would this help another MSSP build a better practice?
HailBytes builds ASM and SAT tooling specifically for MSSPs — not enterprise products retrofitted for the channel.
In practice:
- Multi-tenant by default. Manage all clients from one dashboard. No toggling between separate logins.
- Per-client reporting built in. Each client gets their own view. You get the aggregate.
- No per-seat pricing. Add a client — your ASM and SAT cost goes up by a flat, knowable amount.
- API-first. Pull findings into your PSA, push data to your SIEM, automate client onboarding.
The checklists in this repo were built around how HailBytes ASM and SAT are deployed. If you're using HailBytes, the steps map directly. If you're not, they're still useful — expect some translation.
HailBytes MSSP Program → | Book a demo →
PRs are welcome. See CONTRIBUTING.md for the full editorial bar and process. The short version: practitioner-first, honest about tradeoffs, useful over comprehensive. Open an issue before a large PR that changes the repo structure.
MIT. Fork it, adapt it, sell services built on it. A link back is appreciated but not required.