Free Resource
Not sure where your security program actually stands? This guide walks you through the key areas every organization needs to address — governance, access management, incident response, compliance, and vendor oversight — so you can identify gaps before a regulator, insurer, or attacker does.
Get the Readiness GuideSix program areas that determine whether your organization is defensible — to regulators, cyber insurers, and clients asking security questionnaires
Does someone own security at the leadership level? Are policies documented, approved, and reviewed? Is there a named person responsible for program outcomes?
Who has access to what — and why? Is multi-factor authentication deployed? Are vendor and contractor accounts reviewed and terminated promptly?
Is there a written incident response plan? Do staff know what to do when something goes wrong? Has the plan been tested or walked through in the past 12 months?
Which frameworks apply to your organization — HIPAA, IRS Safeguards, FTC Safeguards, NIST, Virginia CDPA? Do you have documentation to demonstrate compliance?
Are vendor contracts reviewed for security obligations? Do you have executed BAAs with healthcare vendors? Is there a process for offboarding vendors and revoking access?
Are staff trained on phishing, acceptable use, and data handling? Is training documented and tracked? Does it cover insider risk awareness — not just external threat scenarios?
Enter your information below. We’ll send the guide to your inbox and follow up only if you want a conversation.
Schedule a 30-minute consultation. You’ll leave with a written summary of your top three security risks and what to do about them — whether you engage us for ongoing advisory or not.
Schedule an Executive Risk Consultation