Trust & Security

Trust Center

How we protect your systems and data during every engagement.

Last updated March 2026

Security Commitments

Built into every engagement

Credential Security

Client credentials are never stored locally. All access uses client-provisioned accounts with time-bound access. Credentials transmitted only via client-approved secure methods.

Scoped Access

Consultant access is limited to systems necessary for the engagement. No standing access. All access is requested, justified, and time-bound.

Activity Logging

Every system accessed, action taken, and change made is logged. Activity logs are included in engagement deliverables for your records.

Data Purge

All client data, working documents, and access artifacts are purged within 14 days of engagement completion. Written confirmation provided.

Device Security

Full-disk encryption, OS-level firewall, automatic screen lock. No client work on shared or public devices. Ever.

Access Revocation

All client-provisioned access is revoked within 24 hours of engagement completion. No lingering accounts, no exceptions.

Controls

Every Engagement, Every Time

Non-negotiable controls that apply to every engagement regardless of size.

MFA Required

Multi-factor authentication on all client-provisioned accounts. Password-only access is never acceptable.

Encrypted Channels

All work over encrypted connections (TLS 1.2+). Enterprise-grade platforms only: Google Meet, Zoom, and Teams.

Change Management

No production changes without documented client approval. Emergency changes follow pre-agreed break-glass procedures.

Incident Response

Security incidents discovered during engagement reported within 2 hours with assessment and containment recommendations.

Downloads

Compliance Package

Everything your security team needs for vendor review. Click to open, Ctrl+P to save as PDF.

HTML

Security Practices Statement

How we secure communications, credentials, and devices

Policy

HTML

Data Handling & Retention

Data access scope, storage, 14-day purge, breach notification

Policy

HTML

Engagement Security Controls

MFA, scoped access, change management, incident response

Controls

HTML

Vendor Risk Questionnaire

Pre-completed answers to standard vendor assessment questions

Questionnaire

HTML

Mutual NDA Template

Standard mutual NDA for legal review before engagement

Template

HTML

Responsible Disclosure

Vulnerability reporting process and safe harbor terms

Policy

Engagement Documents

Ready to Engage

Standard engagement documents. Review with your legal team before signing.

HTML

Consulting Agreement (MSA)

Master services agreement covering all engagements

Agreement

HTML

Proposal Template

Client-facing engagement proposal with package options

Template

HTML

SOW: Assessment

Identity Infrastructure Assessment statement of work ($3,500)

SOW

HTML

SOW: Buildout

Identity Governance Buildout statement of work ($8,500)

SOW

HTML

SOW: Hardening Sprint

Infrastructure Hardening Sprint statement of work ($5,000)

SOW

HTML

SOW: Advisory Retainer

Identity Advisory Retainer statement of work ($1,500/mo)

SOW

HTML

Change Order Form

Scope, timeline, and cost amendment for active engagements

Template

Get in Touch

Questions about our security practices?

Schedule a call. We're happy to walk through any of this in detail.

Book a Call