Our Services

HIPAA Security Rule Compliance

Healthcare practices, behavioral health, medical billing companies, and anyone who touches Protected Health Information (PHI).

What's Included

We focus exclusively on HIPAA Security Rule compliance — the technical and administrative safeguards that protect patient data. We coordinate with your legal counsel on Privacy Rule matters, but our specialty is keeping your systems secure.

• Risk Assessment: Identify vulnerabilities across systems, devices, vendors
• Security Program Build: Policies, procedures, technical controls, vendor management
• Employee Training: Annual HIPAA security awareness for all staff
• Ongoing Management: Quarterly reviews, annual updates, continuous monitoring

Who This Is For

• Medical practices (small to large)
• Behavioral health clinics
• Medical billing companies
• Health IT vendors
• Any business associate handling PHI

Timeline

• Assessment: 2-3 weeks
• Program Build: 90-120 days
• Ongoing: Quarterly check-ins, annual review

Schedule HIPAA Consultation

FTC Safeguards Rule Compliance

Auto dealers, mortgage brokers, credit unions, financial advisors — if you handle customer financial information, the FTC Safeguards Rule applies to you.

What's Included

The FTC Safeguards Rule requires financial institutions to develop, implement, and maintain a comprehensive information security program. We build that program for you.

• Risk Assessment: Required annual assessment of your security posture
• Written Security Program: Policies, procedures, and technical controls
• Vendor Management: Due diligence on all service providers
• Incident Response Plan: Know what to do when something goes wrong
• Employee Training: Security awareness for all staff
• Board Reporting: Annual report to qualified board member or senior officer

Who This Is For

• Auto dealerships
• Mortgage brokers and lenders
• Credit unions
• Financial advisors
• Payday lenders
• Anyone subject to Gramm-Leach-Bliley Act

Timeline

• Assessment: 2-3 weeks
• Program Build: 90-120 days
• Ongoing: Annual assessment + quarterly reviews

Schedule FTC Consultation

SOC 2 Compliance

SaaS companies, cloud service providers, tech startups — if you're selling to enterprise clients, they're going to ask for your SOC 2 report.

What's Included

SOC 2 is an audit of your security controls performed by a licensed CPA firm. We get you audit-ready, then work with you through the audit process.

• Readiness Assessment: Gap analysis against SOC 2 Trust Service Criteria
• Control Implementation: Build and document all required controls
• Policy Development: Security policies, procedures, evidence collection
• Vendor Selection: Help you choose the right auditor
• Audit Support: Work with auditor through entire process
• Ongoing Compliance: Maintain controls for Type II audits

Who This Is For

• SaaS companies selling to enterprise
• Cloud service providers
• Health tech companies
• Fintech companies
• Any tech company handling sensitive customer data

SOC 2 Type I vs Type II

• Type I: Point-in-time audit (faster, cheaper, good for first audit)
• Type II: 6-12 month observation period (required by most enterprises)

Timeline

• Readiness Assessment: 2-4 weeks
• Control Implementation: 90-180 days
• Type I Audit: 4-6 weeks
• Type II Audit: 6-12 months observation + 4-6 weeks audit

Note: CPA audit fees ($20,000-$50,000+) are paid directly to the auditor and are not included in our pricing.

Schedule SOC 2 Consultation