Latest News
 

Who do you trust with your company’s data?


We don’t know what we don’t know and when the subject is network and operational security, the impact can be catastrophic. We’ll help you understand how secure your business is. We’ll find your weak spots and help you bring your security stance up to a level that will keep your business safe.

If you are under regulatory guidelines we’ll do the analysis and assessment to make your business more secure and in compliance with security regulations.

What is SOC 2 Type 2

SOC stands for Service Organization Control.  There are a couple of different versions.  SOC 1 is focused on internal controls over financial reporting.  This is important for any company that deals with money.  SOC 2 focuses on controls relevant to the security, availability, processing integrity, confidentiality, and/or privacy of customer data.  You may be wondering what is the difference between Type 1 and Type 2.  Great question.  Type 1 covers just the design of the controls, while Type 2 evaluates the design as well as evaluates the effectiveness of the controls, so it is much more rigorous.

Why is it important

If you are considering outsourcing some or all of your IT you want to make sure the MSP you are considering takes security seriously.  If you ask any MSP if they take security seriously they will say yes.  Then ask them to prove it!  The ones that are serious about security will be able to share their SOC 2 Type 2 report with you.

Every company that outsources IT services should require SOC 2 Type 2 from their MSP.

How is it graded

  1. Security: Systems and data are protected against unauthorized access and disclosure.
  2. Availability: Information and systems can be relied on for operation and use.
  3. Processing integrity: System processing is complete, valid, accurate, and timely.
  4. Confidentiality: Confidential information is protected.
  5. Privacy: Personal information is safeguarded against unauthorized access and use.

Do you have monthly plans

All of our service plans have basic security tools included.  These tools are best in breed tools that help mid-market and enterprise companies stay safe.  We are bringing those powerful tools to the SMB!

If you have a need for more advanced security options for compliance requirements NPI has options for you as well.

Section 2 image

What are the basic tools

MDR– Managed Detection Response
Spam Filter– e-mail filtering
SaaS Backup/Workstation backups– backup of all your data
Patching and monitoring– Patching of system software
Anti-virus and more– Basic software to stop threats
MFA– Multi-factor Authentication
Azure AD– Allows for conditional access
Security awareness training– Training for your users

How about advanced options

Security+ is our suite of advanced security products designed to give businesses of any size the same level of security as the worlds largest companies at an affordable price. It is specifically designed to help companies meet today’s ever evolving security compliance requirements.

SEIM/SOAR- Review logs and then take action
Penetration Testing- Internal and external testing
Advanced XDR- SentinalOne Singularity and Vigilance
Spam filter with AI- anti-spam that learns

Cyber Security NIST

 

For organizations that handle Controlled Unclassified Information or Covered Defence Information, compliance with Defense Federal Acquisition Regulation Supplement based upon NIST 800-171 is required. At NPI, we assess the client’s degree and areas of compliance, which include the following:

Section 1 image
  • Access Control
  • Awareness and Training
  • Audit and Accountability
  • Configuration Management
  • Identification and Authentication
  • Incident Response
  • Maintenance
  • Media Protection
  • Personnel Security
  • Physical Protection
  • Risk Assessment
  • Security Assessment
  • System and Communications Protection
  • System and Information Integrity

MOVE YOUR BUSINESS FORWARD WITH NPI