56 safeguards. Every client.
We implement CIS Controls v8 Implementation Group 1, all 56 safeguards, for every managed client. Documented evidence, quarterly assessments, and cyber insurance preparation included.
Compliance that’s implemented, not aspirational.
Most MSPs list compliance as a service. We implement it as a standard. Every managed client gets the full CIS Controls v8 IG1 framework. No add-ons, no premium tier.
CIS Controls v8 Implementation Group 1 defines 56 specific safeguards designed for small and medium businesses. They cover asset inventory, data protection, access management, vulnerability management, audit logging, email security, malware defence, data recovery, network monitoring, security awareness, and incident response. We implement all of them, backed by continuous monitoring and threat detection to track control effectiveness in real time.
Implementation without evidence is just a claim. For every safeguard we implement, we maintain documented evidence: configuration screenshots, policy documents, test results, and audit trails. When your cyber insurance provider asks if you enforce MFA on all accounts, we don’t say “yes.” We show them the conditional access policy, the compliance report, and the exceptions log.
Quarterly risk assessments track your posture over time. We review control effectiveness, identify gaps introduced by environment changes, and update remediation priorities. Each assessment builds on the last, creating a documented security improvement trajectory that insurance underwriters and auditors value.
Cyber insurance questionnaires have become the de facto compliance audit for SMBs. We prepare your applications with verified, evidence-backed answers. No guessing, no aspirational responses. When you check “yes” on that form, it’s because we can prove it.
What’s included in compliance management.
Full implementation of all 56 safeguards with documented evidence for each control.
Quarterly reviews tracking control effectiveness, gap identification, and remediation priorities.
Evidence-backed questionnaire responses prepared from your actual security posture, not aspirational answers.
Acceptable use, incident response, data handling, and access management policies documented and maintained.
Monthly and quarterly reports showing safeguard implementation status, posture trends, and remediation progress.
Privacy controls aligned to PIPEDA and BC PIPA requirements for Canadian businesses handling personal information.
How compliant are you, really?
Book a free discovery call. We’ll assess your current posture against CIS Controls and show you exactly where the gaps are.