Our Subscription Services

We have built our services into simple packages, and have created our Protector tier specifically to help even the smallest of organizations jumpstart (and manage) your 3rd party Vendor and Supply Chain Security Risk and Customer Assurance programs.

This package includes: 

​

Vendor Risk Assessments

Your security is only as strong as your weakest vendor connection, yet evaluating partner security postures is complex.

​

We help you establish vendor security standards and ongoing monitoring processes to verify compliance.

 

• Vendor Risk Assessments​

• Reviewing Vendor security documentation​

• Assessing vendor adherence to industry standards and contractual security requirements​

• Identifying risks related to data access, storage or transmission

​​​​

Security Assessment Questionnaire

We'll help you respond to your customers' security assessment questionnaires (SAQs) to prove your security and compliance readiness and support you in responding to queries. 

​

• Complete 1 Security Assessment Questionnaire. 

• Complete the SAQ and write answers to be reused in subsequent SAQ’s

• Ensure policies, procedures, and controls are created or refined to expedite future assessments

• Quickly remediate risk areas  to score higher on the questionnaire

• Affirm the questionnaire is completed in proper security "language".

• Act as security liaison with prospective client/partner, advocating on the company’s behalf

• Act as your CISO (which is oftentimes a requirement for the client/partner)

​

Vendor Onboarding and Dule Diligence

Implement structured processes to vet vendors before granting access to sensitive systems or data.

 

• Collecting and verifying vendor security certifications and compliance attestations

• Conducting questionnaires or interview to evaluate security practices

​

Contractual Security Requirements

Our team will create and embed cybersecurity and compliance obligations into vendor contracts to enforce accountability 

​

• Clauses for data protection, incident reporting and audit rights

• Specifying compliance with relevant frameworks

• Defining penalities for non-compliance or security breaches

​

Continuous Monitoring and Compliance Validation

Continuous oversight of vendor security practices to ensure sustained compliance. 

​

• Regular review of vendor security reports (Pen test results, vulnerability scans)

• Monitoring vendor compliance through automated tools or periodic audits

• Tracking changes to vendor operations that could impact security

​

Vendor Offboarding and Data Destruction

Ensuring secure termination of vendor relationships to prevent data leaks

​​

• Revoking vendor access to systems and data upon contract termination

• Requiring vendors to certify secure data deletion or return

• Auditing offboarded practices to ensure compliance

Compliance is a necessary effort for just about every organization, but compliance doesn’t equal security. Our Sentinel package is designed to bring you past checkbox compliance. Of course, compliance is at the forefront – but we never want it to get in the way of your team’s ability to do their jobs. We focus on creating practical compliance solutions that protect your business while enhancing operations

Our Sentinel Compliance as a Service includes:

​Compliance Framework

We'll update and align your security policies and controls with your desired compliance frameworks and transform your internal compliance structure to support these new processes.

​

• Create and update policies and controls to align with desired compliance frameworks

​

Expert Guidance

Our security gurus will present their humble opinions on a wide range of security strategies, regulations and topics.

​

• Provide expert opinions on diverse security topics, regulation, and strategy

​

Strategic Documentation Development

Our team creates and maintains the policies, procedures, and records that demonstrate your compliance commitment.

​

Tactical Implementation and Verification

We ensure the technical controls match your documented policies through regular testing and validation

​

Continuous Compliance Monitoring

Our dedicated resources stay ahead of regulatory changes, preparing you for requirements before they impact your operations.

​

Compliance as a Service 

Our team will prepare you to hold recurring meetings to discuss and implement security management.

 

• Gap Analysis; We identify vulnerabilities in both your documentation and implementation to prioritize remediation efforts.

• Controls; Our team then helps you deploy and verify the technical measures needed to satisfy regulatory requirements

• Documentation; We create comprehensive, audit-ready documentation that clearly demonstrates your compliance.

• Audit Preparation; When auditors arrive, we ensure you have everything needed to showcase your commitment to compliance.

​

Audit Assistance

We'll support you amid the dreaded security audit by suggesting the best technical controls for your next audit

​

• Data Security: We'll take a good look at your encryption use, access controls and data security during transmission, storage and at rest.

• Network Security: When we dig into your network security, we'll look at elements like network and security controls, monitoring capabilities, security operations center (SOC), and antivirus configurations.

• Operational Security: Our operational security inspections include a review of your company's security controls, procedures and policies (oh my!).

• Physical Security: We get physical with these security checks, where we'll check out elements like multifactor authentication, disk encryption, biometric data and role-based access controls.

• System Security: Our team of Cybersecurity partitioners will review your system security by analyzing your patching processes, hardening processes and privileged account management.

You can reap the benefits of our Guardian CISO and Blue Team advisory services at $10,000 a month. This vCiso as a service pricing plan is a great choice for companies already working to maintain and improve their security, start-up with no security staff and compliance programs or looking to augment/manage their current teams.

 

With the Guardian model, our Cybersecurity  team becomes an extension of your organization's capabilities, providing highly involved services with our partners in security infrastructure with all prior features as well as:

​​

Security Roadmap

We won't just point out your problems and hit the road. We'll help you improve by creating a personalized strategy for executing your security projects in a way that manages your risks and aligns with your big-picture goals. Our team will build a comprehensive Cybersecurity road map that happily marries your security processes with your business goals. We'll also monitor your road map progress down the line to make sure all is well.

 

• Meet with executive management

​

• Understand your IT environment and security program to provide expert insight into industry leading practices

​

• Conduct initial security assessment and high-level gap assessment to understand deficiencies and improvement areas

​

• Establish a proposed program roadmap for security projects based on identified deficiencies

​

• Maintain a deep understanding of your business model and objectives and provide insight as it relates to risk. 

​

Security Assessment Questionnaire

We'll help you respond to your customers' security assessment questionnaires (SAQs) to prove your security and compliance readiness and support you in responding to queries. 

​

• Complete 1 Security Assessment Questionnaire. 

• Complete the SAQ and write answers to be reused in subsequent SAQ’s

• Ensure policies, procedures, and controls are created or refined to expedite future assessments

• Quickly remediate risk areas  to score higher on the questionnaire

• Affirm the questionnaire is completed in proper security "language".

• Act as security liaison with prospective client/partner, advocating on the company’s behalf

• Act as your CISO (which is oftentimes a requirement for the client/partner)

​

Resource Guidance 

You'll learn about all the latest Cybersecurity resources, tools and technologies — and which ones will best complement your IT toolbox.

 

• Provide resources around compliance efforts. 

​

People, Process Technology

Our team will connect you with the hottest security policy templates around so you can lay out your company's guidelines for handling sensitive data.

​

• Policy Templates

• Customize controls and policies

• Standard Operating Procedures

• Technical SOPs 

​

Facilitate Penetration Testing

​

• Network Vulnerability Assessments External and basic web application scans

​

Report Cards

You'll feel like an A+ student when we provide you with weekly report cards on any progress or issues we encounter in your Cybersecurity posture.

​

Provide Weekly Report Card on Progress, Issues,

​

Security Management

Our team will prepare you to hold recurring meetings to discuss and implement security management.

 

• Conduct recurring security team meetings with management

• Weekly configuration monitoring

• Digital footprint and risk monitoring

• Monthly technical assessment of your cloud security posture, architecture, permissions and entitlements

• Dedicated resource to support your sales cycle for all security/compliance inquiries and requests from prospects 

​

Governance, Risk and Compliance (GRC)

We'll assist you in choosing, obtaining and implementing a dependable GRC solution.

​

• We'll create and give you solid recommendations on the best risk mitigation tools for your company and even go the extra mile to implement them for you.

• Vulnerability management program. (Scan, assess, triage, scan for remediation success). 

​

Evidence Control

Preparing for an upcoming audit or ongoing compliance is easy as pie when we help you review and improve your audit evidence.

​

Security Content

We'll take a look at your existing security awareness content, make changes and create brand-new content for your team.

 

Risk Mitigation Tools

Get ready for tool time. We'll provide you with recommendations on how to enhance your Cybersecurity with tool integrations you can use to complement your existing architecture and data flows.

​

Security Program

 Lead and direct security program enhancements and/or compliance initiatives including: defining scope and objectives, providing recommendations on configuration, and assigning tasks to delegates for implementation

​

Security Management

Our team will prepare you to hold recurring meetings to discuss and implement security management.

 

• Conduct recurring security team meetings with management

• Weekly configuration monitoring

• Digital footprint and risk monitoring

• Monthly technical assessment of your cloud security posture, architecture, permissions and entitlements

• Dedicated resource to support your sales cycle for all security/compliance inquiries and requests from prospect

​

Compliance as a Service

Oversee annual compliance audits:

• Coordinate compliance efforts

• Represent your company with audit team

• Facilitate evidence validation before and during audit fieldwork

• Gap analysis & audit roadmap

• Build policies, procedures, and controls

• Assess overlap with other audits

• Advocate client on any ‘audit pushback’

• Oversee audit readiness

• Acting as the liaison with auditors

• Build future audit roadmap

• Provide evidence in proper 'audit language'

​

​Operations and Management

We can coordinate disaster recovery tests, incident response and business continuity operations annually.

​

• Data Privacy Officer service

• Transfer Impact Assessments/Business Impact Analysis services

• Design and implementation of a public security page

• Annual business continuity table-top exercise

• External monthly vulnerability assessments (up to 10 targets)

• Internal monthly vulnerability assessments (up to 4,000 targets)

​

Security Awareness and Training Program

​

• Security Training Program - Employees (Managed KnowBe4 Training Services) 

• Custom Industry Based Training Development

• Role Based Training

• Annual information security training

​

​