Michael Thomsen on Building a Process-Driven MSP and Using Compliance Frameworks for Strategic IT

Host of Command Control Power welcomes returning guest Michael Thomsen of Origin 84 from Sydney ahead of the ACEs conference in Minneapolis, discussing the mental and operational preparation to leave a company running without him through documentation, chain of command, and role accountability using Confluence and selected EOS practices. Thompson explains balancing perfectionism with repeatable team standards, prioritizing avoiding preventable mistakes, and aligning service quality to what clients value. The conversation pivots to SOC 2, HIPAA, and ISO 27001 as validation frameworks increasingly demanded via vendor risk and tenders, emphasizing policy vs procedure and continual improvement. He outlines Origin 84’s flat-fee, services-first model and “magic quadrant” approach—help desk, IT administration, account management, and strategy—using root-cause fixes and programmatic improvements across clients. He advocates standardizing on Microsoft (often using Entra even for Google clients), careful vendor selection, and tailoring higher-cost governance features (e.g., Defender/Purview, logging) to client needs while keeping baseline security consistent.

00:00 Welcome Back Michael

00:35 27 Hour Travel Ritual

01:14 Leaving The Business

03:23 Planning Like Military

04:47 Runbooks And EOS

07:22 Perfection Versus Good

12:24 Standards And Apologies

13:53 SOC2 HIPAA ISO Explained

16:32 Policies Versus Procedures

17:56 Making Services Sticky

20:14 Magic Quadrant Strategy

23:16 Fix Root Causes