H1 Lorem Ipsum

Download Guide

H2 Lorem Ipsum Dolar

Subtitle Keep Short Here Ok Thanks

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

Domain
Control Requirement
Artifact to Maintain
Internal Owner
Identity & Access
Enforce MFA, least privilege, off-boarding.
Access control policy, quarterly access review, IdP logs.
IT / Security Lead
Devices & MDM
All laptops enrolled in MDM, encryption on, patching enforced.
MDM compliance reports, encryption proof, baseline config, patch history.
IT
Security Monitoring
Log collection and monitoring of critical systems
SIEM or log exports, alert workflow, incident tickets.
IT
Change Management
Document and review changes to production systems.
Change management policy, approval records, Git commit logs.
Eng / IT
Vendor Management
Review vendors before use, track risk ratings.
Vendor risk policy, vendor list, SOC 2 reports, signed DPAs.
Security / Legal
Incident Response
Documented IR plan, test at least annually.
IR policy, tabletop exercise report, incident tickets.
Security / IT
Backups & Recovery
Regular, tested backups with immutability.
Backup logs, recovery test evidence, RPO/RTO defined for critical apps.
IT / Ops
Business Continuity
Define continuity plan, test periodically.
BCP document, test evidence, comms plan.
Exec / Ops
Training & Awareness
Annual security training for all employees.
Training logs, completion reports, Phish test results.
People Ops / IT
Risk Assessment
Conduct risk assessment at least annually.
Risk register, assessment report, mitigation plan.
Security / ExecSponsor
Physical Security
Secure office access controls (badges, locks).
Visitor logs, badge system reports, physical security policy.
Ops
Data Governance
Define data retention, classification, and ownership.
Data retention policy, SaaS inventory, data map.
IT / Legal
Policies
Formal, approved policies reviewed annually.
AUP, InfoSec Policy, Change Mgmt Policy, Vendor Policy, IR Plan.
Leadership / IT

H2 Lorem Ipsum Dolar

Subtitle Keep Short Here Ok Thanks

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

Domain
Requirement
Identity & Access
Control: Enforce MFA, least privilege, off-boarding.

Artifact: Access control policy, quarterly access review, IdP logs.

Owner: IT / Security Lead
Devices & MDM
Control: All laptops enrolled in MDM, encryption on, patching enforced.

Artifact: MDM compliance reports, encryption proof, baseline config, patch history.

Owner: IT
Security Monitoring
Control: Log collection and monitoring of critical systems.

Artifact: SIEM or log exports, alert workflow, incident tickets.

Owner: IT
Change Management
Control: Document and review changes to production systems.

Artifact: Change management policy, approval records, Git commit logs.

Owner: Eng / IT
Vendor Management
Control: Review vendors before use, track risk ratings.

Artifact: Vendor risk policy, vendor list, SOC 2 reports, signed DPAs.

Owner: Security / Legal
Incident Response
Control: Documented IR plan, test at least annually.

Artifact: IR policy, tabletop exercise report, incident tickets.

Owner: Security / IT
Backups & Recovery
Control: Regular, tested backups with immutability.

Artifact: Backup logs, recovery test evidence, RPO/RTO defined for critical apps.

Owner: IT / Ops
Business Continuity
Control: Define continuity plan, test periodically.

Artifact: BCP document, test evidence, comms plan.

Owner: Exec / Ops
Training & Awareness
Control: Annual security training for all employees.

Artifact: Training logs, completion reports, Phish test results.

Owner: People Ops / IT
Risk Assessment
Control: Conduct risk assessment at least annually.

Artifact: Risk register, assessment report, mitigation plan.

Owner: Security / ExecSponsor
Physical Security
Control: Secure office access controls (badges, locks).

Artifact: Visitor logs, badge system reports, physical security policy.

Owner: Ops
Data Governance
Control: Define data retention, classification, and ownership.

Artifact: Data retention policy, SaaS inventory, data map.

Owner: IT / Legal
Policies
Control: Formal, approved policies reviewed annually.

Artifact: AUP, InfoSec Policy, Change Mgmt Policy, Vendor Policy, IR Plan.

Owner: Leadership / IT

Place your Heading Here

Jump on a no-commitment call to discover exactly how offshoring could benefit you and your business. We're here to answer all your questions and ensure you leave with a clear understanding of the potential impacts and advantages.
Schedule a Consultation

Quick Links

HomeAbout UsOur ClientsGet in touchPrivacy PolicyLegal

Solutions

Apple Device Services
Onsite & Virtual IT Help Desk
Surveillance
Procurement
Application Management
Access Control
Low Voltage Wiring
Phone System & VOIP
Business Continuity & Disaster Response
Cloud Computing Compliance
Managed Detection & Response
Networking
Proactively Managed IT

Contact Us

646-688-4914
contact@lernersolutions.com
Lerner Solutions Logo
© Lerner Solutions all rights reserved