Keep your systems safe and compliant:Security and Compliance
We serve government clients, including first responders and DoD contractors, in addition to our work in the private and non-profit sectors. We are focused on security, with work product emphasizing compliance with most public and private IT compliance standards, including NIST 800-53, 800-171, HIPAA, PCI, CJIS, CMMC and other security standards. We are an authorized public-sector vendor and all employees have passed FBI fingerprint background checks. We are a member of Infragard - the FBI/Private Sector joint task force for critical IT infrastructure. We are fully insured (GL, Worker’s Comp, E&O, Cyber-Security) to protect you.
Systems we build and manage for our clients are audited by DHS, DoD, DoJ, and the FBI. They assess our security, compliance and performance multiple times per year. Because of that experience, we know the how and why of security. But we also know enough to match our expectations to your core needs. Example: We implement and use FIPS-compliant algorithms for encryption, but we don’t expect your organization to pay an extra $5k for a FIPS certified device sticker on their firewall.
We also come complete with out-of-the-box policies that meet the requirements of all major compliance standards.
The Tools You Need to Protect Your Business
We provide all of our clients, at no additional charge, with offsite, fully-encrypted cloud backups. We also include Enterprise-grade password management for all users, as well as security awareness training (SAT) and phish testing on a regular basis. We protect your devices through advanced endpoint management that includes anti-virus, anti-malware, anti-exploit and anti-ransomware protection. We implement MFA, SSO and other identity protection strategies as an included cost. We run non-interruptive OS backups and 3rd-party patching on a schedule. We include these services in our pricing because it is important to us that you never experience the negative consequences of a malicious threat actor. We actively help you secure your users and your data, and we make sure that you are in a position to easily recover in the event a compromise ever does occur. Ongoing new services are added regularly.
We go beyond the items covered by most vendors. For example, we manage your firewalls and perimeter security on-premises and in the cloud, but we also block all access attempts that are not US-based, eliminating most attacks before they happen. We force modern authentication methods. We algorithmically assess high-risk logins. We implement sandboxing and link safety checks for your email. We take care of your backups, but we also implement multi-layer redundancy, failover, and multiple tiers of backups (and test them!). We implement secure baseline imaging for all systems. We have clients who are entirely on-site-based, are hybrid cloud and are 100% cloud and we integrate smoothly with your environment. Again, this is all included at no additional cost.