The Spreadsheet Problem
Almost every IT team that manages Cisco Meraki networks has a compliance spreadsheet somewhere. It might live in SharePoint, Google Drive, or on someone's desktop. It probably has tabs for each site, columns for each compliance control, and conditional formatting that turns cells red or green. Someone spent a few hours building it, and it felt like progress at the time.
The problem is not that the spreadsheet was a bad idea. It was a reasonable first step. The problem is that the spreadsheet silently becomes the source of truth for your compliance posture while being fundamentally unfit for that role. It looks authoritative — rows, columns, colour-coded status indicators — but it has no connection to the actual state of your network. The moment someone saves it, the data starts going stale.
For a single Meraki organisation with a handful of networks, a spreadsheet might hold up for a few months. For an MSP managing ten or twenty orgs, spreadsheets do not scale. They become a liability — giving you confidence in a compliance posture that may not reflect reality.
Why Teams Default to Spreadsheets
It is worth acknowledging why spreadsheets are the default. The reasons are entirely rational:
- Familiarity. Everyone knows how to use Excel or Google Sheets. There is no learning curve, no onboarding, no vendor evaluation. Open a new sheet and start typing.
- Zero cost. Most organisations already pay for Microsoft 365 or Google Workspace. The spreadsheet is free. Compliance tooling is not.
- Flexibility. You can structure the data however you want. Add columns, merge cells, create pivot tables, build charts. A spreadsheet adapts to your process because it has no opinion about what your process should be.
- Speed to value. You can build a working compliance tracker in an afternoon. No procurement, no implementation project, no API integration. Just a person and a keyboard.
These are genuine advantages. If you are tracking compliance for a single small network and you review it once a year before an audit, a spreadsheet might be enough. But the moment you need accuracy, consistency, or scale, spreadsheets start breaking down in ways that are hard to see until it is too late.
Where Spreadsheets Break Down
The failures are predictable because they stem from the same root cause: a spreadsheet has no connection to the network it describes. Every data point is manually entered, and every data point starts decaying the moment it is typed.
- Data goes stale immediately. You check a firewall rule on Tuesday and record it as compliant. On Wednesday, someone adds a new allow-any rule. Your spreadsheet still says "Pass". It will say "Pass" until the next time a human manually checks and updates it — which might be months away.
- No connection to live configuration. The spreadsheet cannot query the Meraki Dashboard API. It cannot tell you whether firmware has been updated, whether a new admin account was added, or whether an SSID encryption setting was changed. It only knows what someone typed into it.
- Manual data entry errors. When you are copying firewall rule counts, VLAN configurations, and encryption settings from the Meraki dashboard into a spreadsheet, mistakes happen. A transposed number, a missed network, a misread setting. These errors are invisible because nobody audits the spreadsheet against the live config.
- Version control chaos. Which copy of the spreadsheet is current? The one in the shared drive, the one Sarah emailed last month, or the one Dave downloaded and updated locally? When multiple people contribute to compliance tracking, version conflicts are inevitable and undetectable.
- No automated alerting. If a configuration change pushes you out of compliance, a spreadsheet cannot notify anyone. It cannot send an email, create a ticket, or flag a dashboard. Drift happens silently.
- Does not scale across organisations. MSPs managing fifteen Meraki orgs end up with fifteen tabs, fifteen separate update cycles, and fifteen opportunities for data to fall behind. The administrative overhead grows linearly with every org you add.
- Evidence is screenshots in cells. When an auditor asks for evidence, the best a spreadsheet can offer is a screenshot pasted into a cell or linked from a folder. There is no timestamp proving when that screenshot was captured, no chain of custody, and no way to verify it reflects the current state.
- No audit trail. A spreadsheet does not record who changed which cell and when. There is no history showing that the compliance status was verified on a specific date using specific data. For regulated environments, this is a serious gap.
What Purpose-Built Compliance Tooling Looks Like
The alternative to a spreadsheet is not a better spreadsheet. It is a compliance tracking tool that connects directly to your Meraki infrastructure and pulls live configuration data via the Dashboard API.
Here is what that looks like in practice:
- Live data from the Meraki API. Every compliance check is evaluated against real configuration data pulled from your Meraki organisation. No manual entry, no copy-paste, no screenshots. The tool reads the same API endpoints your dashboard uses.
- Automated checks against real standards. Each check maps to a specific control in Cyber Essentials+, PCI-DSS, NIST CSF, or CIS Benchmarks. The mapping is built in. You do not have to decide which firewall setting relates to which control.
- Timestamped evidence. Every scan produces a record of exactly what was checked, what the result was, and when it was captured. This is evidence an auditor can trust because it has provenance.
- PDF reports on demand. Generate a formatted compliance report in seconds. No manual formatting, no assembling screenshots into a document, no wrestling with page breaks in Word.
- Drift detection. Run a scan today and another next month. The tool highlights what changed between scans — a new firewall rule, a disabled security feature, a firmware version that fell behind. Configuration drift becomes visible before it becomes an audit failure.
- Multi-org dashboard. See the compliance posture of every Meraki organisation in a single view, sorted by score. Identify which clients need attention without opening fifteen spreadsheets.
Feature Comparison
Here is how the two approaches compare across the dimensions that matter for compliance tracking.
| Capability | Spreadsheet | MerakiGuard |
|---|---|---|
| Data freshness | Manual — stale on save | Real-time from Meraki API |
| Evidence quality | Screenshots pasted into cells | API-sourced, timestamped data |
| Consistency | Human judgment, varies by person | Automated, identical every scan |
| Multi-org support | Separate tabs or files per org | Unified dashboard, all orgs |
| Reporting | Manual formatting, hours of work | One-click PDF export |
| Drift detection | None — invisible until audit | Automatic scan-to-scan comparison |
| Audit trail | None — no history of checks | Timestamped scan history |
| Cost | Free tool, expensive labour | Subscription, minimal labour |
Log into Meraki dashboard
Navigate to each config page
Screenshot and paste into spreadsheet
Manually assess pass/fail
Repeat for every network and org
Time: hours to days per org
Enter read-only Meraki API key
Click "Run Scan"
Review compliance scorecard
Download PDF report with evidence
Track drift between scans
Time: under 2 minutes per org
The Hidden Cost of Free
The most common argument for spreadsheets is that they are free. And the tool itself is — but the labour to maintain it is not.
Consider a realistic scenario. You are an MSP or an internal IT team managing 10 Meraki organisations. Each org needs a compliance review at least once a month to stay on top of configuration drift. Each review takes roughly 2 hours when done manually — logging into the dashboard, checking each setting, updating the spreadsheet, verifying the data is accurate.
2 hours per org × 10 orgs × 12 months = 240 hours per year
At £50/hour (a modest rate for network engineering time), that is £12,000 per year spent keeping spreadsheets current — and that assumes the data is actually accurate, which it often is not.
That £12,000 does not buy you real-time visibility, automated alerting, PDF reports, or an audit trail. It buys you a spreadsheet that was correct at the moment someone last updated it and has been silently decaying since.
The cost gets worse when you factor in the risks. A missed compliance gap that surfaces during an audit means remediation under pressure, potential certification failure, and reputational damage. A spreadsheet that shows "Pass" when the actual configuration says otherwise is worse than having no tracker at all — because it creates false confidence.
Purpose-built compliance tooling costs a fraction of that annual labour spend and delivers results that are verifiable, repeatable, and current. The subscription pays for itself the first month you do not have to spend a day updating a spreadsheet.
Making the Switch
Replacing a compliance spreadsheet does not require a migration project. There is no data to import, no mappings to configure, and no training programme. MerakiGuard replaces the spreadsheet entirely.
- Generate a read-only API key from your Meraki Dashboard. This takes 30 seconds and gives MerakiGuard access to read your configuration without the ability to change anything.
- Add your Meraki organisation to MerakiGuard. Enter the API key, and the platform discovers your networks, devices, and configuration automatically.
- Run your first scan. In under two minutes, you get a compliance scorecard showing your posture against Cyber Essentials+, PCI-DSS, NIST CSF, and CIS Benchmarks. Every check has a pass/fail result, evidence data, and remediation guidance.
- Download a PDF report. Hand it to your auditor, your client, or your management. It contains everything the spreadsheet was trying to capture, except it is accurate, timestamped, and professionally formatted.
From that point on, every scan builds a history. You can see how your compliance posture has changed over time, catch configuration drift early, and prove to auditors that you are monitoring continuously — not just checking a box once a year.
The spreadsheet served its purpose. It was the best tool available when there was nothing else. Now there is something else.
Learn more about MerakiGuard or read about how automated scanning maps to Cyber Essentials+ controls.