Set Up Your Service Catalog

Your service catalog is the foundation of LanternOps. It defines what you offer, how you price it, and what compliance value it delivers. Once configured, the RAG system automatically maps services to controls—no manual work required.

Time to Complete: 15-30 minutes

What Is the Service Catalog?

The service catalog is your master list of MSP offerings. Each service includes:

• Name and description - What you call it and what it does
• Pricing - How you charge (per endpoint, flat fee, etc.)
• Features - Specific capabilities delivered
• Category - Monitoring, Security, Backup, etc.
• Required integrations - Tools needed to deliver it

The Magic: LanternOps RAG automatically maps services to compliance controls based on semantic understanding of descriptions and features. You don’t manually map to frameworks—the AI does it.

Prerequisites

Before setting up your catalog:

• List of services you currently offer
• Pricing for each service
• Understanding of what each service delivers
• Knowledge of which tools (integrations) power each service

Step-by-Step Instructions

Step 1: Navigate to Service Catalog

1. Log in to LanternOps
2. Click Settings in the sidebar → Service Catalog
3. Click Add Service button to create your first offering

Step 2: Create Your First Service

Let’s start with a common MSP service: Complete Asset Management

Basic Information

Service Name: Complete Asset Management

Category: Monitoring

Description:

Automated asset discovery and tracking via NinjaOne and Syncro.
Provides real-time visibility into all hardware and software assets
across your organization with automated inventory updates.

Why This Matters: The description is what the RAG system reads to understand what compliance controls this service satisfies. Be specific about what you do.

Pricing Configuration

Pricing Model: Select from:

• Per Endpoint - Most common for asset management
• Per User - Common for Microsoft 365 services
• Flat Monthly Fee - Fixed price regardless of size
• Tiered - Different prices based on volume
• One-Time - Project-based services

Price: $3.00 per endpoint/month

Minimum: 10 (optional - smallest engagement)

Features Definition

Add specific features this service delivers:

✓ Real-time endpoint inventory
✓ Hardware lifecycle management
✓ Warranty expiration alerts
✓ Software license tracking
✓ Automated discovery (no manual input)
✓ Integration with NinjaOne and Syncro
✓ Monthly inventory reports
✓ Compliance evidence collection

Why This Matters: Features help RAG map to specific control requirements. For example, “automated discovery” maps to CIS 1.1, “warranty tracking” maps to asset management controls.

Required Integrations

Select integrations needed to deliver this service:

• NinjaOne - Primary asset data source
• Syncro - Secondary asset data source (if you use both)

Why This Matters: LanternOps knows where to collect evidence for this service.

Value Proposition

Customer-Facing Description:

Never lose track of your IT assets again. We automatically discover,
track, and monitor every device on your network. You'll always know
what you have, where it is, and when it needs replacement—without
lifting a finger. Includes compliance-ready documentation for audits.

Why This Matters: This is what appears on customer dashboards and proposals.

Step 3: Save the Service

Click the Save button. The system will:

1. Save your service to the catalog
2. Index it in the RAG system
3. Automatically map it to applicable compliance controls
4. Make it available for customer subscriptions

Processing time: 5-10 seconds

Step 4: Review Automatic Mappings

1. Click View Control Mappings on your newly created service
2. See which controls the RAG mapped automatically:

Example Automatic Mappings:

• CIS 1.1: Establish and Maintain Detailed Enterprise Asset Inventory ✅
• CIS 1.2: Address Unauthorized Assets ✅
• CIS 1.5: Use a Centralized Asset Inventory ✅
• NIST ID.AM-1: Physical devices and systems are inventoried ✅
• NIST ID.AM-2: Software platforms and applications are inventoried ✅
• CMMC AC.1.001: Limit system access to authorized users ⚠️ (Partial)
• SOC 2 CC6.1: Logical and physical access controls ⚠️ (Partial)

Green checkmarks = Full coverage Yellow warnings = Partial coverage (service addresses it but doesn’t fully satisfy all requirements)

Step 5: Add More Services

Repeat for your other core offerings. Here are common MSP services to consider:

Security Services

Advanced Email Security

• Category: Security
• Pricing: $9/user/month
• Features: Phishing protection, link scanning, attachment sandboxing, DMARC/SPF/DKIM
• Integrations: Microsoft 365, Avanan
• Maps to: CIS 9.1-9.7, NIST PR.AC-7, SOC 2 CC6.1

Endpoint Detection & Response (EDR)

• Category: Security
• Pricing: $5/endpoint/month
• Features: Real-time threat detection, automated response, 24/7 monitoring
• Integrations: Huntress, CrowdStrike
• Maps to: CIS 10.1-10.7, NIST DE.CM-1, CMMC CA.2.157

DNS Security Filtering

• Category: Security
• Pricing: $2/endpoint/month
• Features: Malware domain blocking, web filtering, DNS-based threat protection
• Integrations: NextDNS, Cisco Umbrella
• Maps to: CIS 9.2, NIST PR.PT-4

Backup & Continuity

Backup & Disaster Recovery

• Category: Backup
• Pricing: $25/server/month
• Features: Daily backups, cloud replication, restore testing, 30-day retention
• Integrations: Veeam, Datto
• Maps to: CIS 11.1-11.5, NIST PR.IP-4, SOC 2 CC7.5

Infrastructure Management

Patch Management

• Category: Maintenance
• Pricing: $2/endpoint/month
• Features: Automated OS patching, third-party app updates, patch testing, rollback
• Integrations: NinjaOne, Action1
• Maps to: CIS 7.1-7.7, NIST PR.IP-12

Network Monitoring

• Category: Monitoring
• Pricing: $50/site/month
• Features: 24/7 uptime monitoring, bandwidth analysis, alert management
• Integrations: Auvik, PRTG
• Maps to: CIS 12.1-12.8, NIST DE.AE-1

Microsoft 365 Services

M365 User Management

• Category: Cloud Services
• Pricing: $8/user/month
• Features: User provisioning, license management, MFA enforcement, conditional access
• Integrations: Microsoft Graph
• Maps to: CIS 5.1-5.6, NIST PR.AC-1, CMMC IA.1.076

Step 6: Assign Services to Customers

Once your catalog is built:

1. Click Customers in the sidebar → Select customer
2. Click Services tab
3. Click Add Service Subscription button
4. Select services from your catalog
5. Set quantity (endpoints, users, etc.)
6. Click Activate button

What Happens: LanternOps immediately begins:

• Collecting evidence from integrations for this customer
• Mapping customer to applicable controls
• Calculating compliance percentages
• Identifying gaps and revenue opportunities

Service Catalog Best Practices

Naming Conventions

Good Names (Clear and specific):

• “Complete Asset Management”
• “Advanced Email Security with Sandboxing”
• “Huntress EDR Protection”

Poor Names (Vague):

• “Monitoring”
• “Security Stuff”
• “IT Management”

Description Writing

Good Description (Detailed, specific):

Automated vulnerability scanning and patch management for all
endpoints and servers. Includes weekly scans, automated patch
deployment, testing in staging environment, and rollback capability
if issues detected. Covers OS patches and 100+ third-party applications.

Poor Description (Too vague):

We patch your systems.

Why: The RAG system reads descriptions to map to controls. More detail = better mappings.

Features Lists

Include:

• What the service does (automated discovery)
• How it works (via NinjaOne integration)
• What value it delivers (compliance evidence)
• Frequency (real-time, daily, weekly)
• Scope (all endpoints, all users, etc.)

Example:

✓ Automated daily backups
✓ Cloud replication to geographically diverse datacenter
✓ Monthly restore testing with documentation
✓ 30-day retention period
✓ Encryption at rest and in transit
✓ Compliance evidence for SOC 2 and HIPAA

Pricing Strategy

Recommendations:

1. Be consistent - Same pricing model for similar services
2. Include minimums - Protect against unprofitable small deals
3. Bundle logically - Create package deals for common combinations
4. Map to controls - Higher-value controls justify higher pricing

Example Bundles:

• Compliance Starter Pack: Asset Management + Patch Management + Backup = $X/endpoint
• Security Suite: EDR + Email Security + DNS Filtering = $Y/endpoint
• Full Stack: Everything = $Z/endpoint (discount vs. à la carte)

Understanding Automatic Mappings

How RAG Maps Services to Controls

When you save a service, the RAG system:

1. Reads Description & Features

   • Converts text to semantic embeddings (vector representations)
   • Understands concepts like “asset tracking,” “threat detection,” “backup”

2. Searches Control Database

   • Compares service embedding to all control embeddings
   • Finds controls with similar requirements

3. Calculates Match Confidence

   • High confidence (>0.9) = Full implementation ✅
   • Medium confidence (0.6-0.9) = Partial implementation ⚠️
   • Low confidence (below 0.6) = No match ❌

4. Validates Through Knowledge Graph

   • Checks if other MSPs map similar services to these controls
   • Considers integration data (does NinjaOne provide asset data? Yes → confirms mapping)

Result: Automatic, intelligent mapping with no manual configuration.

Reviewing and Adjusting Mappings

To review mappings:

1. Click Settings in the sidebar → Service Catalog → Select service → Click View Control Mappings button

To adjust:

• Click Suggest Mapping button if you think RAG missed one
• Click Remove Mapping button if you disagree with RAG’s choice
• RAG learns from your feedback over time

When to adjust:

• RAG marks as Partial but you believe it’s Full (add more detail to description)
• RAG missed an obvious mapping (suggest it)
• RAG mapped to wrong framework version (update service details)

Troubleshooting

Service Not Mapping to Expected Controls

Cause: Description not specific enough for RAG to understand

Solution:

1. Edit the service
2. Add more detail to description and features
3. Use keywords from the control requirements
4. Save and wait 10-20 seconds for RAG to re-index
5. Check mappings again

Example Fix:

Before (vague):

Description: "We monitor your network."

After (specific):

Description: "24/7 network monitoring with automated threat detection,
bandwidth analysis, uptime tracking, and alert management for all
network devices including firewalls, switches, and access points."

Result: Now maps to CIS 12.1, 12.4, 13.1, NIST DE.AE-1, etc.

Customer Not Showing Compliance After Service Assignment

Cause: Integration not yet synced or evidence not collected

Solution:

1. Click Integrations in the sidebar → Check last sync time
2. Click Sync Now button to manually trigger sync if needed
3. Wait 15 minutes for evidence to collect
4. Click Compliance in the sidebar to check dashboard again

Pricing Not Calculating Correctly

Cause: Quantity or pricing model misconfigured

Solution:

1. Edit customer service subscription
2. Verify quantity (endpoints, users, etc.)
3. Check pricing model matches service definition
4. Update and save

Advanced: Custom Services

Creating Niche Services

If you offer unique services not common in MSP industry:

Example: OT/ICS Security Monitoring

Name: Industrial Control Systems Security
Category: Security (OT/ICS)
Description: Specialized security monitoring for operational technology
and industrial control systems. Includes network segmentation validation,
anomaly detection on OT protocols (Modbus, BACnet), and compliance with
ISA/IEC 62443 standards.

Features:
✓ OT protocol monitoring (Modbus, BACnet, DNP3)
✓ Network segmentation validation
✓ Anomaly detection specific to ICS environments
✓ ISA/IEC 62443 compliance evidence
✓ Integration with Claroty/Nozomi

Maps to: NIST CSF (all functions), custom ICS controls you add

Compliance Project Services

You can also catalog project-based compliance services:

Example: SOC 2 Certification Project

Name: SOC 2 Type 2 Certification Assistance
Category: Compliance Project
Pricing: $15,000 one-time + $500/month ongoing
Description: Complete assistance achieving SOC 2 Type 2 certification
including gap assessment, remediation roadmap, policy development,
evidence collection automation, and auditor coordination.

Features:
✓ Initial gap assessment against SOC 2 requirements
✓ Remediation roadmap with priorities
✓ Policy and procedure template library
✓ Automated evidence collection configuration
✓ Auditor selection and coordination
✓ Ongoing compliance monitoring

Maps to: All SOC 2 controls

Next Steps

After setting up your service catalog:

• Assign services to 3-5 customers
• Generate audit package to see mappings in action
• Review revenue opportunities (services customers don’t have)
• Create customer business impact dashboards
• Refine descriptions based on mapping results

Related Guides

• Generate Audit Package - See your services mapped to controls
• Review Revenue Opportunities - Find upsell gaps
• Add Integration - Connect tools that power services
• Configure Customer Dashboards - Show customers what they get

Need Help?

Common Questions:

• Q: How many services should I create?

• A: Start with 5-10 core services, expand from there. Most MSPs have 15-30.

• Q: Can I change pricing later?

• A: Yes, but only affects new subscriptions. Existing customer pricing unchanged unless you update manually.

• Q: Do I need to map to all 6 frameworks?

• A: No. RAG automatically maps to ALL frameworks. You just define the service once.

Support Resources:

• View Video Tutorial
• Service Catalog Examples Library
• Contact Support

Ready to see LanternOps in your environment?

Join the Founding Partner Pilot (60 days) and get a client-ready compliance + security reporting layer connected to your PSA/RMM/security stack.

No credit card required

~30-minute setup (typical)

Limited founding partner spots

Start Trial →