Device Compliance & Evidence

BEST PRACTICESCOMPLIANCEDOCUMENTATIONOPENFRAMEPATCH MANAGEMENTSECURITY

Phase 9 — Security & Access Control · Step 4

Section

June 25, 2026

Published

Vladislav Marchenko

Vladislav Marchenko

Head Of Marketing

Device Compliance & Evidence

Phase 9 — Security & Access Control · OpenFrame Onboarding

When a client asks "are our machines patched and in policy?" — or an auditor does — the Compliance tab on a device is where you get the answer. It pulls patch status, applied policies, and compliance checks into one view per machine. This guide covers reading it as part of your security and accountability story.


Where it is

Open a device from Devices, then the Compliance tab on its detail page. It sits naturally alongside Audit Logs (Phase 9) — together they're your "who did what" and "what state is it in" evidence trail.


Patch Management

The top block, Patch Status, tells you how current the machine is:

  • Last Installed — when patches were last applied (or Never).
  • Pending Patches — whether updates are waiting (No is what you want).
  • Status — the headline: Up to Date or behind.

This is the fastest read on whether a device is a patching risk — and it's the other side of Tracking Device Vulnerabilities (Phase 4), since missing patches are a common source of exposure.


Policy Compliance

The next block shows which policies govern the device and how they're layered:

  • Applied Policies — what's in effect at each level: Agent Policy, Site Policy, Client Policy, Default Policy. None means nothing is set at that level.
  • Policy Configuration → Policy Inheritance — when Enabled, a device inherits policy down the hierarchy (Agent → Site → Client → Default), so you can set a baseline at the client level and let machines pick it up automatically (this is the multi-tenancy structure from Organizations & Multi-Tenancy Overview).

The inheritance model is what lets you manage policy per client without configuring every machine by hand.


Compliance Checks

The Compliance Checks block summarizes the device's pass/fail posture — Total Checks, Passing (and failing) — giving you a single scorecard of whether it meets the standards you've set.


Using it as evidence

This tab is built for accountability:

  • Answer the client. "Are we patched and compliant?" — screenshot or summarize the tab.
  • Prove it for audits. Patch status, applied policies, and passing checks together form a per-device compliance record.
  • Find the gaps. A device showing None for every policy, Pending Patches: Yes, or failing checks is one to fix before it's a finding.

Quick checklist

  • Opened a device's Compliance tab
  • Read Patch Status (Last Installed, Pending Patches, Status)
  • Checked Applied Policies across Agent / Site / Client / Default
  • Confirmed whether Policy Inheritance is enabled
  • Reviewed Compliance Checks (passing vs. failing)
  • Flagged devices with no policy, pending patches, or failing checks

What's next

That rounds out Phase 9 — Security & Access Control on the device side. Patching and vulnerabilities connect back to Tracking Device Vulnerabilities (Phase 4); the people and AI controls live in the other Phase 9 guides.


Based on OpenFrame v0.9.19. Compliance data, policy levels, and checks evolve between releases — what's in your console wins. Compliance views are an aid to your security process, not a substitute for it.

Vladislav Marchenko

Head Of Marketing

Hi all! My name is Vlad and I’ve been brought on to head the marketing team at Flamingo. Thankfully, this isn’t the first time I will be building a marketing department from scratch, so the experience should come in handy. Now it’s time to dive into the world of MSPs and find myself in this new world.

Related Content

Product Releases

Webinars

Case Studies

Blog Posts

Frequently Asked Questions

MSP AI Agents

Yes. In production MSP shops today, 10% to 25% of tickets close before a human opens them. Thread alone has processed 173 million tickets across 750-plus MSP partners at 96% triage accuracy, handing back 490,000-plus technician hours. Agents own the low-risk, high-volume work (password resets, MFA enrollment, known installs, onboarding and offboarding) and flag anything that touches production data or needs judgment for a human to take.
On a five-person desk, reported deployments show $78,000 to $130,000 in annual direct labor savings, roughly 30% fewer escalations, and 15% to 20% better SLA compliance. Broader MSP adoption data adds ticket handling time cut by 45% and five to 12 points of margin, all from reclaimed capacity rather than headcount cuts.

AI MSP

MSPs use AI to triage and route tickets, cut alert noise, schedule patches, assist L1 security work, and draft client reports. Kaseya's 2025 benchmark found 30% already use it to eliminate tedious tasks, with ticket triage the most common starting point.
Start with a readiness assessment, not a tool purchase. Confirm your ticket history is clean and your RMM, PSA, and monitoring systems connect. Then pick one high-volume, low-risk workflow, usually ticket triage, and pilot it on internal tickets before any client sees it.
Automate high-volume, low-risk tasks first. Ticket triage and alert noise reduction top the list because they run constantly and a human still resolves the underlying issue. Save security approvals, billing changes, and client-facing actions for later, always with a human in the loop.

AI Safety

It can be, with governance. Keep a human in the loop on high-risk actions, log every automated step for audit, and choose platforms that keep your data yours with no vendor lock-in. Pilot on internal data first so you catch issues before client systems are involved.

AI for MSPs

Set a baseline before rollout, then track tickets closed per technician, mean time to resolution, percentage of tickets resolved with no human touch, technician hours reclaimed, and cost per ticket. AI-driven automation commonly cuts operational cost per ticket by 25 to 40%.

About OpenFrame

OpenFrame isn't built to plug into your stack. It replaces it. Instead of duct-taping a dozen tools together (RMM, MDM, SIEM, patching, remote access, each its own login and bill), we bundle it into one unified platform: RMM, MDM, monitoring, automation, remote access, patch management, security monitoring, and ticketing, plus built-in AI copilots. So "does it integrate with X?" usually means: you won't need X anymore.

IT Documentation

Hudu is IT documentation software that MSPs and internal IT teams use to centralize client documentation, network details, encrypted passwords, IT assets, and SOP runbooks in one searchable platform, so technicians find what they need without digging through scattered files.

Password Manager

Yes. Passbolt's Community edition is free under the AGPLv3 license with unlimited users, but you self-host it yourself. Paid Pro and Cloud tiers, starting around $5.40 per user monthly with a 10-seat minimum, add LDAP, SSO, and audit logs.