Enterprise Governance.
Small Business Price.
Compliance Shield Policy Pack
$499 / one-time ($149 re-run)
Complete "Business in a Box" toolkit.
- Governance: AUP, IRP, WISP, Data Retention, and industry specifics.
- Operations: HR Checklists (New Hire/Term, Annual Security Review)
- Evidence: Excel Registers and Log Templates for Assets & Incidents
Policy Gap Analysis
$300 / review
For businesses with existing (outdated/insufficient) handbooks.
- Upload/ Send your current PDF
- 24-Point NIST Gap Analysis
- "Red-Line" Deficiency Report
- Pass/Fail Compliance Scorecard
Specialist Reviews
A La Carte Services
Contract Liability & Breach Check.
Application "Trap" & Denial Risk Review.
π Compliance Watch Subscription
$99 / month
Included free for 3 months with every Compliance Shield purchase.
Laws like MODPA and NIST standards change constantly. We don't just send news; we send the actual updated policy pages. Just swap them into your handbook to stay legally bulletproof.
Most "tech news" is noise. We filter it down to Zero-Fluff Directives. If a critical exploit hits Windows or Chrome, we tell you exactly what to tell your staff to stop a breach before it starts.
Insurance carriers now demand proof of "Ongoing Training." We provide monthly security "snackable" content for your team. Forward it to your staff to satisfy the policy and keep your claim valid.
You use Toast, Microsoft, or COX. If they are compromised, you are at risk. We monitor your software stack and provide Client Notification Templates if your vendors leak your data.
Governance is a habit, not a project. We send "Action Item" reminders for the boring but essential tasks: Backup Testing, User Access Reviews, and Asset Inventories.
Hear about a new TTP (Tactic) or local Maryland breach? We provide the "Executive Summary"βwhat it means for your liability and how to adjust your posture without a consultant.
"Because security is a marathon, not a sprint."
Whatβs Inside the Compliance Shield?
I. Core Governance & Ethics
- Executive Adoption Resolution: Formal adoption of policies by leadership to activate the security program.
- Acceptable Use Policy (AUP): Clear rules on how employees can and cannot use company systems.
- Disciplinary & Enforcement Policy: Establishes consequences for security violations.
- Code of Conduct and Ethics: Standards for professional integrity regarding assets.
- Security Awareness Training Policy: Mandates initial and recurring training for all staff.
- Vendor & Third-Party Risk Policy: Protocols for vetting outside software providers.
II. Access & Identity (The "Locks")
- Access Control & MFA Mandates: Strict requirements for Multi-Factor Authentication.
- Least Privilege Access Standard: Users only access what they strictly need.
- Password Standards: NIST 800-63 aligned rules for length and complexity.
- Offboarding & Revocation Policy: Procedures to disable access for departing staff.
III. Network & Device Security
- Remote Work & BYOD Policy: Rules for personal devices and unsecured Wi-Fi.
- Clean Desk & Physical Security: Locking screens and physical file cabinets.
- Software Updates & Patch Management: Timelines for critical security updates.
- Hardware Sanitization & Disposal: Wiping data before retiring old devices.
- Network Segmentation Standard: Separating staff networks from Guest Wi-Fi.
IV. Incident & Data Integrity
- Incident Response Plan (IRP): The "Break Glass" guide for breaches.
- Data Retention & Disposal Policy: Legal timelines for keeping records.
- Backup & Recovery Policy: Proof of backup testing and offline storage.
- Data Minimization Standard: Aligning with MODPA to only collect necessary data.
V. Operational Checklists
- New Hire IT Setup Checklist: ID verification, MFA setup, policy sign-off.
- Termination "Kill Switch" Protocol: Checklist for revoking access.
- Annual Executive Security Review: A yearly checkup for owners.
- Vendor Security Scorecard: A rapid vetting tool for new software.
VI. Evidence Registers (Excel)
- Asset Inventory Log: Mandatory record of every device.
- Security Incident Log: Required documentation for auditors.
- Training & Policy Log: Master proof that staff signed handbooks.
Industry-Specific Modules (Included)
π₯ Healthcare & Dental
- Protected Health Information (PHI) Handling
- Business Associate Agreement (BAA) Vetting
- Notice of Privacy Practices (NPP) Review
- Patient Data Request & Deletion Protocol
π Auto Dealerships & Finance
- FTC Safeguards NPI Security Program
- Qualified Individual (QI) Designation
- Customer Info Disposal & Shredding Policy
- Periodic Vulnerability Assessment Mandates
βοΈ Legal Services
- Attorney-Client Privilege Data Segregation
- Wire Fraud Prevention & Dual-Authorization
- Litigation Hold & Document Preservation
- Remote Deposition Security Guidelines
π Real Estate & Property Mgmt
- Escrow & Closing Data Protection Standard
- Tenant PII/Credit Report Handling & Disposal
- Title Insurance Cybersecurity Readiness Cert
π Accounting & Financial
- IRS Data Security Plan (DSP) Compliance
- Taxpayer Information Safeguarding Protocol
- FinCEN/Anti-Money Laundering (AML) Data Gov
ποΈ Retail & Restaurants
- Point of Sale (POS) Hardware Integrity Policy
- Cardholder Data Environment (CDE) Access
- Customer Loyalty Program Privacy Disclosures
ποΈ Local Gov & Municipalities
- Essential Service Continuity Plan (COOP)
- Public Records Request (FOIA) Data Protection
- Law Enforcement Data (CJIS) Access Log
π€² Non-Profits & Charities
- Donor Data Privacy & Protection Standard
- Volunteer Access & Acceptable Use Policy
- Grant Funding Compliance Protocols
- Payment Processor (PCI) Donation Security
π Manufacturing & Industrial
- Operational Technology (OT) Security Standard
- Intellectual Property (IP) Data Theft Protection
- Supply Chain Risk Management (SCRM) Framework
- NIST 800-171 / CMMC Readiness Module
