Every Partner Client is required to have an updated Technology Plan.
|
Our Technology Plan provides comprehensive solutions to help small businesses protect their assets, comply with regulatory requirements and prevent potential security threats.
The pricing structure for our plans is based on the level of customization required, which is determined by the size of your business and the complexity of your technology needs. For instance, for a small business with five or fewer employees, the estimated cost is $100, while a medium-sized business with an office building of 5 to 25 employees can expect an estimated cost of $500. This is a one-time expense and there are no further on boarding fees.
Existing Partner Clients before March 2023 will receive this service free of charge.
|
|
You own your documentation!We believe that creating and maintaining documentation is a service that we provide to our Partner Clients, and they can use these documents however they want.
We provide access to these documents and other services through the RepairShopr customer portal. You will receive backup and other reports through email as well. |
|
What's in the plan?
This comprehensive document presents a detailed overview of essential categories related to IT security and management in organizations. It covers crucial aspects such as asset summary, endpoint security, Windows account configuration, password management and MFA, email and communication policies, backup and disaster recovery, incident response plan, disk encryption, network and firewall configuration, user awareness programs, vendor agreements, cyber insurance policies, website and online resource management, and regulatory compliance procedures. The primary aim of this document is to facilitate effective IT asset management, safeguard sensitive data from cyber threats, and ensure compliance with regulatory requirements. By following the guidelines provided in this document, organizations can enhance their cybersecurity posture and prevent potential security threats.
Asset Summary: This section outlines all the hardware and software assets of the organization. It provides a comprehensive list of devices, software applications, and their versions. This information is critical for effective IT asset management, which ensures that all assets are accounted for, and the organization can identify potential security threats.
Endpoint Security: This category focuses on protecting endpoints such as desktops, laptops, and mobile devices from cyber threats. It includes the installation of anti-virus software, firewalls, and intrusion detection systems. It also involves the regular update of security patches and the implementation of security policies to prevent unauthorized access.
Windows Account Configuration: This section defines the configuration of Windows accounts used by employees. It covers user permissions, password policies, and account lockout policies. The configuration of Windows accounts ensures that only authorized personnel can access sensitive information and data.
Password Management and MFA: This category covers the management of passwords, including password creation guidelines and the use of multi-factor authentication (MFA) to add an extra layer of security. Password management ensures that passwords are strong, unique, and frequently updated. MFA requires users to provide two or more forms of identification before accessing sensitive data.
Email and communication: This section outlines the email and communication policies, including email encryption, email archiving, and the acceptable use of email. It also covers the use of messaging platforms, such as instant messaging and video conferencing.
Backup/ Disaster recovery: This category defines the backup and disaster recovery procedures. It includes the frequency of backups, the backup storage location, and the procedures for restoring data. The goal is to ensure that in the event of a disaster, the organization can recover critical data and resume operations as quickly as possible.
Incident Response Plan: This category outlines the organization's incident response plan (IRP). It covers the procedures for detecting, analyzing, containing, and eradicating security incidents. The plan also defines the roles and responsibilities of the incident response team and outlines the communication procedures during a security incident. The IRP ensures that the organization can respond promptly and efficiently to potential security threats, minimizing the impact on the organization and its assets.
Disk Encryption: This section outlines the encryption of hard disks, USB drives, and other storage devices. Disk encryption ensures that data is protected even if the device is lost or stolen.
Network and Firewall: This category covers the configuration of network devices, including routers and switches, and the installation of firewalls to protect the network from cyber threats.
User Awareness: This section outlines the user training and awareness programs. It covers cybersecurity best practices, phishing awareness, and the importance of password management. User awareness programs ensure that employees understand the potential risks and how to avoid them.
Vendor Agreements: This category outlines the agreements with vendors, including cloud providers and third-party software providers. It includes service level agreements (SLAs) and the handling of sensitive data by vendors.
Cyber Insurance: This section defines the cyber insurance policies and coverage. Cyber insurance protects the organization from financial losses due to cyber attacks and data breaches.
Website and other online resources: This category covers the configuration and maintenance of the organization's website and other online resources. It includes the installation of SSL certificates, website backup procedures, and the acceptable use of online resources.
Compliance: This section covers regulatory compliance, including GDPR, HIPAA, and PCI-DSS. It outlines the procedures for compliance and the handling of sensitive data.
Reporting: This category defines the reporting procedures for security incidents, data breaches, and vulnerabilities. Reporting ensures that the organization can respond quickly and effectively to potential security threats.
Endpoint Security: This category focuses on protecting endpoints such as desktops, laptops, and mobile devices from cyber threats. It includes the installation of anti-virus software, firewalls, and intrusion detection systems. It also involves the regular update of security patches and the implementation of security policies to prevent unauthorized access.
Windows Account Configuration: This section defines the configuration of Windows accounts used by employees. It covers user permissions, password policies, and account lockout policies. The configuration of Windows accounts ensures that only authorized personnel can access sensitive information and data.
Password Management and MFA: This category covers the management of passwords, including password creation guidelines and the use of multi-factor authentication (MFA) to add an extra layer of security. Password management ensures that passwords are strong, unique, and frequently updated. MFA requires users to provide two or more forms of identification before accessing sensitive data.
Email and communication: This section outlines the email and communication policies, including email encryption, email archiving, and the acceptable use of email. It also covers the use of messaging platforms, such as instant messaging and video conferencing.
Backup/ Disaster recovery: This category defines the backup and disaster recovery procedures. It includes the frequency of backups, the backup storage location, and the procedures for restoring data. The goal is to ensure that in the event of a disaster, the organization can recover critical data and resume operations as quickly as possible.
Incident Response Plan: This category outlines the organization's incident response plan (IRP). It covers the procedures for detecting, analyzing, containing, and eradicating security incidents. The plan also defines the roles and responsibilities of the incident response team and outlines the communication procedures during a security incident. The IRP ensures that the organization can respond promptly and efficiently to potential security threats, minimizing the impact on the organization and its assets.
Disk Encryption: This section outlines the encryption of hard disks, USB drives, and other storage devices. Disk encryption ensures that data is protected even if the device is lost or stolen.
Network and Firewall: This category covers the configuration of network devices, including routers and switches, and the installation of firewalls to protect the network from cyber threats.
User Awareness: This section outlines the user training and awareness programs. It covers cybersecurity best practices, phishing awareness, and the importance of password management. User awareness programs ensure that employees understand the potential risks and how to avoid them.
Vendor Agreements: This category outlines the agreements with vendors, including cloud providers and third-party software providers. It includes service level agreements (SLAs) and the handling of sensitive data by vendors.
Cyber Insurance: This section defines the cyber insurance policies and coverage. Cyber insurance protects the organization from financial losses due to cyber attacks and data breaches.
Website and other online resources: This category covers the configuration and maintenance of the organization's website and other online resources. It includes the installation of SSL certificates, website backup procedures, and the acceptable use of online resources.
Compliance: This section covers regulatory compliance, including GDPR, HIPAA, and PCI-DSS. It outlines the procedures for compliance and the handling of sensitive data.
Reporting: This category defines the reporting procedures for security incidents, data breaches, and vulnerabilities. Reporting ensures that the organization can respond quickly and effectively to potential security threats.
Common Industry Standards
IT is important for every business to follow the technology standards that regulate their business and protect their business and customer data. Each technology plan lays out the regulations that are specific business and a plan to get you to compliance as quickly and hassle free as possible.
HIPAA: The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. law that sets guidelines for protecting sensitive health information. It applies to healthcare providers, health plans, and healthcare clearinghouses that handle protected health information (PHI). Industries: Healthcare, insurance.
SOC 2: Service Organization Control 2 (SOC 2) is a standard developed by the American Institute of Certified Public Accountants (AICPA) for data security, availability, processing integrity, confidentiality, and privacy. It is intended for service providers that store, process, or transmit sensitive customer data. Industries: Technology, software as a service (SaaS), cloud computing, data centers, and other service providers that handle sensitive customer data.
ISO 27001: The ISO 27001 standard is an international standard for information security management systems (ISMS). It provides a framework for managing and protecting sensitive information and is recognized as a best practice for cybersecurity. Industries: Any industry that handles sensitive information, including financial services, healthcare, government, and technology.
PCI DSS: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements for businesses that process, store, or transmit credit card information. It is intended to prevent data breaches and ensure that customer payment card data is handled securely. Industries: Retail, hospitality, financial services, and other businesses that process credit card payments.
FISMA: The Federal Information Security Management Act (FISMA) is a U.S. law that requires federal agencies and contractors to implement information security programs to protect government information and systems. Industries: Government agencies and contractors that handle sensitive government information.
NIST: The National Institute of Standards and Technology (NIST) is a U.S. government agency that provides guidelines and best practices for information security. Its publications, such as the NIST Cybersecurity Framework, are widely adopted by businesses and organizations as a standard for cybersecurity. Industries: Any industry that handles sensitive information and wants to implement best practices for cybersecurity.
IT is important for every business to follow the technology standards that regulate their business and protect their business and customer data. Each technology plan lays out the regulations that are specific business and a plan to get you to compliance as quickly and hassle free as possible.
HIPAA: The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. law that sets guidelines for protecting sensitive health information. It applies to healthcare providers, health plans, and healthcare clearinghouses that handle protected health information (PHI). Industries: Healthcare, insurance.
SOC 2: Service Organization Control 2 (SOC 2) is a standard developed by the American Institute of Certified Public Accountants (AICPA) for data security, availability, processing integrity, confidentiality, and privacy. It is intended for service providers that store, process, or transmit sensitive customer data. Industries: Technology, software as a service (SaaS), cloud computing, data centers, and other service providers that handle sensitive customer data.
ISO 27001: The ISO 27001 standard is an international standard for information security management systems (ISMS). It provides a framework for managing and protecting sensitive information and is recognized as a best practice for cybersecurity. Industries: Any industry that handles sensitive information, including financial services, healthcare, government, and technology.
PCI DSS: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements for businesses that process, store, or transmit credit card information. It is intended to prevent data breaches and ensure that customer payment card data is handled securely. Industries: Retail, hospitality, financial services, and other businesses that process credit card payments.
FISMA: The Federal Information Security Management Act (FISMA) is a U.S. law that requires federal agencies and contractors to implement information security programs to protect government information and systems. Industries: Government agencies and contractors that handle sensitive government information.
NIST: The National Institute of Standards and Technology (NIST) is a U.S. government agency that provides guidelines and best practices for information security. Its publications, such as the NIST Cybersecurity Framework, are widely adopted by businesses and organizations as a standard for cybersecurity. Industries: Any industry that handles sensitive information and wants to implement best practices for cybersecurity.
