Add-On Services
One-Time or As-Needed
Compliance & Audit Preparation
Compliance Package (HIPAA, PCI-DSS, SOC 2)
What It Is:
A comprehensive compliance assessment that identifies exactly what you need to do to meet HIPAA, PCI-DSS, or SOC 2 requirements. You'll receive a detailed gap analysis, step-by-step remediation roadmap, policy templates, and evidence collection guidance.
Choose Your Compliance Focus:
For healthcare providers, health plans, clearinghouses, and business associates
What We Assess:
-
Administrative Safeguards
-
Physical Safeguards
-
Technical Safeguards
-
Breach Notification Requirements
-
For businesses that accept, process, store, or transmit credit card information
What We Assess:
-
Build and Maintain Secure Network
-
Protect Cardholder Data
-
Maintain Vulnerability Management
-
Implement Strong Access Control
-
Monitor and Test Networks
-
Maintain Information Security Policy
-
For technology and cloud service providers who handle customer data
What We Assess:
Trust Services Criteria
-
Security (Required)
-
Availability (Optional)
-
Processing Integrity (Optional)
-
Confidentiality (Optional)
-
Privacy (Optional)
-
Who This Is For:
✅ First-time compliance
✅ Preparing for audit
✅ Cyber insurance requirements
✅ New business requirements
✅ Failed previous audit
What You Receive:
✅ Comprehensive Gap Analysis Report
✅ Detailed Remediation Roadmap
✅ Evidence Collection Guidance
Why This Matters:
❗HIPAA violations: $100 - $50,000 per violation
❗PCI-DSS non-compliance: $5,000-$100,000/month fines
❗SOC 2 failure: Lost customers, failed sales, inability to compete for enterprise clients
❗Breach notification costs: $120-$400 per affected individual
❗Reputation damage: Priceless
Employee Security Training Workshop
What It Is:
An engaging, interactive security awareness training session customized to your industry and business. Your employees will learn to recognize threats, follow best practices, and become your first line of defense against cyberattacks.
What's Covered:
-
Password Security Best Practices
-
Spotting Phishing & Social Engineering
-
Safe Internet Browsing & Email Habits
-
Remote Work Security
-
Mobile Device Security
-
Incident Reporting
-
Industry-Specific Scenarios
-
Healthcare: HIPAA considerations, patient data protection
-
Finance: PCI-DSS requirements, financial data handling
-
Legal: Client confidentiality, document security
-
Manufacturing: IP protection, operational technology risks
-
Retail: Customer data, payment card security
-
Who This Is For:
✅ New employee onboarding
✅ Annual refresher training
✅ Response to incidents
✅ Compliance requirements
What You Receive:
✅Training Materials
✅Attendance roster (for compliance documentation)
✅Training certificate for each attendee
✅Summary report of topics covered
✅Recommended next steps
Impact & Results:
🎯 70% reduction in clicking on phishing links
🎯 65% increase in reporting suspicious emails
🎯 4x more likely to use strong passwords
🎯 85% improvement in recognizing social engineering
Ransomware & Disaster Recovery
What It Is:
A comprehensive ransomware preparedness package that verifies your backups actually work, documents recovery procedures, reviews offline backup strategies, and ensures you meet cyber insurance requirements. You'll know exactly what to do if ransomware strikes.
What's Included:
-
Backup Verification and Testing (3 hours)
-
Backup Job Analysis
-
Backup Testing
-
Gap Identification
-
-
Recovery Procedures Documentation (2 hours)
-
Step-by-Step Recovery Procedures
-
Immediate Response (First Hour)
-
Full Recovery (Days 2-7)
-
-
Offline Backup Review and Recommendations (1 hour)
-
Current Offline Backup Assessment
-
Offline Backup Strategies
-
Immutable Backups
-
Air-Gapped Backups
-
3-2-1 Backup Rule - 3 copies of data, 2 different media types, 1 copy offsite/offline
-
-
Cyber Insurance Requirement Review (1 hour)
-
Insurance Policy Analysis
-
Compliance Verification
-
Gap Remediation
-
Who This Is For:
✅ Backup uncertainty
✅ Cyber insurance requirements ✅ Regulatory requirements
✅ Business continuity planning
What You Receive:
✅Backup Assessment Report
✅Ransomware Recovery Plan Document
✅Offline Backup Strategy Guide
✅Cyber Insurance Compliance Checklist
✅Emergency Contact Card
Why It Matters:
🔴 Average ransom demand: $200,000
🔴70% of businesses don't test backups regularly
🔴90% of backup failures aren't discovered until restore is attempted
With a Ransomware Recovery Plan:
🟢 10x faster recovery when you have documented procedures
Cloud & Infrastructure Security
What It Is:
A focused security assessment of your cloud environment—whether Microsoft 365, Google Workspace, or AWS—identifying misconfigurations, security gaps, and opportunities to better protect your data in the cloud.
Choose Your Cloud Platform:
What We Assess:
-
Identity & Access Management
-
Email Security (Exchange Online)
-
Collaboration Security (Teams, SharePoint, OneDrive)
-
Device & Endpoint Management
-
Threat Protection
-
Information Protection
-
Compliance & Governance
-
-
What We Assess:
-
Identity & Access Management
-
Gmail Security
-
Drive & Collaboration Security
-
Device Management
-
Security Center
-
Admin & Access Controls
-
What We Assess:
-
Identity & Access Management (IAM)
-
Network Security
-
Data Protection
-
Logging & Monitoring
-
Compute Security
-
Database Security
-
Compliance & Governance
-
Who This Is For:
✅ Recently migrated to cloud
✅ Never had security review
✅ Compliance requirements
✅ Expansion or growth
What You Receive:
✅Security Assessment Report
✅Security Best Practices Checklist
✅Data Loss Prevention (DLP) Recommendations
Impact:
🎯 90% reduction in account compromise risk with proper MFA
🎯 80% reduction in data leakage through better sharing controls
🎯 70% improvement in threat detection with proper logging
🎯 60% faster incident response with better visibility
Vendor & Third-Party Risk
What It Is:
A professional evaluation of your vendors' and third-party partners' security practices, helping you understand and manage the risks they introduce to your business.
What We Assess:
Vendor Security Posture
-
Security policies and procedures
-
Data protection practices
-
Access controls and authentication
Data Handling Practices
-
What data they access or store
-
Where data is stored (geographic location)
-
How data is encrypted (at rest and in transit)
-
Data retention and deletion policies
Contract Security Review - Security requirements and obligations
Risk Assessment - Overall risk rating (critical/high/medium/low)
Best for those who have:
✅ Due diligence for new vendors
✅ Existing vendor review
✅ Regulatory compliance
✅ Customer requirements
"We're considering moving our customer database to a cloud CRM. We need to know if they're actually secure or just have good marketing."
What we assess:
-
Cloud infrastructure security (AWS/Azure/GCP)
-
Data encryption and protection
-
Access controls and authentication
-
SOC 2 Type II report review
-
Business continuity capabilities
-
Previous security incidents
-
Contract data protection clauses
Result: Risk rating + contract recommendations + implementation security checklist
-
"Our billing company handles patient data. HIPAA requires us to ensure they're protecting it properly."
What we assess:
-
HIPAA compliance program
-
Business Associate Agreement adequacy
-
PHI handling and encryption
-
Access controls and audit logs
-
Breach notification procedures
-
Training and awareness program
-
Subcontractor management
Result: HIPAA compliance assessment + BAA review + risk mitigation plan
-
Choose Your Add-On Services
or call us for a custom quote
The Advisory Journey
![AdobeStock_433604231 [Converted].jpg](https://static.wixstatic.com/media/206799_46b5453b25954d0d826be7eb4d599577~mv2.jpg/v1/fill/w_100,h_67,al_c,q_80,usm_0.66_1.00_0.01,enc_avif,quality_auto/206799_46b5453b25954d0d826be7eb4d599577~mv2.jpg)