CCP welcomes returning guest Michael Thomsen of Origin 84 from Sydney, Australia and discusses how he prepares to leave his business for long travel by relying on organizational design, documentation, and clear accountability, using Confluence and EOS-style role success criteria to prevent gaps and duplication. They explore perfectionism versus "good enough," emphasizing repeatable standards a team can deliver, protecting integrity, and avoiding preventable mistakes. The conversation shifts to why SOC 2, HIPAA, and ISO 27001 matter as clients face more vendor-risk questions, and how policies differ from procedures by enabling decentralized decisions. Michael explains Origin 84's fixed-fee, services-first model and a "magic quadrant" approach that moves from help desk and IT admin to account management and strategy, using root-cause fixes across all clients. He details standardizing on Microsoft-first tooling (including Entra SSO for Google), vendor-risk concerns, and how certification frameworks drive continual improvement and practical, auditable policies.

00:00 Welcome Back Michael

00:35 Travel Rituals Offline

01:14 Leaving the Business

03:23 Planning Like Military

04:47 Runbooks EOS Accountability

07:22 Perfection Versus Good

13:53 Standards And Certifications

16:32 Policy Versus Procedure

17:56 Building Sticky Services

20:14 Magic Quadrant Strategy

23:16 Fix Root Causes

26:21 Flat Rate Incentives

27:45 Strategy Alignment Limits

29:13 Listening Before Pushing

30:08 Pricing Pushback Story

31:52 Standardize Security Baselines

34:33 Paying for Certification Proof

36:10 Cut Costs via Account Management

36:50 Client Owned Subscriptions

39:21 Microsoft as North Star

41:10 Vendor Risk and Contingencies

47:37 Entra SSO for Google

50:46 ISO 27001 Policy Reality Check

54:57 Part Two Wrap Up