Our service catalog covers the full lifecycle of a small-to-mid-market security program — from initial assessment through ongoing compliance and incident response. All delivered by experienced practitioners who understand your world.
The foundational services that every organization needs — delivered at your scale, not borrowed from enterprise playbooks.
A named security executive who owns your security strategy, advises leadership, engages with vendors, and represents you to auditors, insurers, and clients. Available part-time at a fraction of full-time cost.
A systematic evaluation of your current security posture against recognized frameworks. Delivered in plain language with prioritized recommendations — not a 200-page report you’ll never read.
Written policies your team will actually use: acceptable use, data classification, incident response, vendor management, access control, and more — customized for your organization.
Quarterly training programs for employees and volunteers covering phishing, password hygiene, social engineering, and the specific threats relevant to your industry and risk profile.
A documented, tested plan for what happens when something goes wrong — including tabletop exercises, communication templates, and regulatory notification guidance.
Review and ongoing management of your technology vendors, SaaS tools, and service providers. Because your security is only as strong as your weakest vendor.
We maintain deep expertise across all major regulatory and certification frameworks relevant to small businesses and nonprofits.
| Framework | What We Do | Who Needs It |
|---|---|---|
HIPAA Health Insurance Portability & Accountability Act | Risk analysis, gap assessment, policy development, workforce training, BAA review, OCR audit prep, incident response. | Healthcare providers, covered entities, business associates, health-adjacent services handling PHI. |
SOC 2 Service Organization Control 2 | Readiness assessment, control gap analysis, evidence library building, auditor liaison, Type I & Type II prep. | SaaS companies, managed service providers, any business whose customers require security attestation. |
PCI-DSS Payment Card Industry Data Security Standard | Scoping, gap analysis, remediation roadmap, QSA liaison, evidence collection, annual validation support. | Any organization that accepts, processes, stores, or transmits cardholder data. |
CMMC Cybersecurity Maturity Model Certification | Level 1 & 2 readiness, NIST 800-171 gap analysis, System Security Plan (SSP), C3PAO preparation. | Defense contractors and subcontractors handling CUI or pursuing DoD contracts. |
GDPR / CCPA Global and state privacy laws | Data mapping, privacy impact assessments, policy drafting, consent mechanisms, breach notification procedures. | Organizations handling EU data, California residents, or subject to emerging state privacy laws. |
NIST CSF NIST Cybersecurity Framework | Profile development, current/target state mapping, roadmap creation, integration with existing programs. | Organizations seeking a risk-based framework baseline or government-adjacent compliance posture. |
Our dedicated nonprofit program covers donor data protection, grant compliance narratives, volunteer access management, board education, and the Stewardship & Security posture your major donors and grantors expect to see. Learn more →
We review your current policy, identify coverage gaps, prepare documentation that demonstrates security maturity to underwriters, and help you get the right coverage at the right premium. Often saves clients more than the retainer cost.
Facilitated tabletop exercises that put your team through realistic breach scenarios. Available in-person or virtually. Highly effective for board education and for validating your incident response plan before you need it.
Most clients begin with a free consultation. We’ll ask the right questions, look at your current situation, and tell you honestly what matters most. No pressure. No jargon. Just clarity.