R RSG / LOGIC
Start a conversation
RSG Logic · The offering

One spear.
Three layers.

Two productized audits at the top. One managed compliance retainer underneath. A remediation bench that fills the gaps the audit surfaces. Built once, run end-to-end, and re-audited at the close. Whether you're forced to take cybersecurity seriously this quarter or you just want a senior expert in your corner before something goes wrong, the work is the same.

— The promise

We audit honestly. We educate clearly. We give you options on how it gets fixed. Then we re-audit to prove the risk actually moved.

Layer 01 i.

Cyber Insurance Readiness Audit

Underwriters ask thirty questions on the renewal application. We have the answers — and the evidence pack to prove them. A fixed-scope, fixed-price audit against the ten controls insurers verify, with output cross-mapped to specific carrier questionnaires so your broker can take the result straight to renewal.

  • Audit against ten control domains: MFA, EDR, backups, patching, email security, remote access, privileged access, awareness, incident response, vendor risk
  • Cross-mapped to Chubb, Travelers, Coalition, At-Bay, Cowbell, and CIS Controls IG1
  • Complete evidence pack ready for underwriter submission
  • Prioritized remediation roadmap with effort and impact ratings
  • 2–3 week engagement; deliverable in your hands at the close
Layer 02 ii.

HIPAA Security Rule Readiness Assessment

The proposed 2026 HIPAA Security Rule update would eliminate "addressable" safeguards — making controls like MFA and encryption mandatory. It is a proposed, contested rule, not yet final; we prepare practices for the direction regardless. We deliver the full Security Risk Analysis (required under the rule today), the policy suite, the BAA review, and the evidence to satisfy an OCR audit. BAA executed before any work begins.

  • Full Security Risk Analysis — the mandatory document under 45 CFR §164.308
  • Policy and procedure suite mapped to the 2026 Security Rule
  • BAA inventory, review, and remediation recommendations
  • Workforce access controls, termination procedures, training rollout
  • Evidence binder formatted for OCR auditor expectations
  • 3–4 week engagement; signed BAA precedes all work
Layer 03 iii.

RSG Compliance Care · vCISO retainer

A full-time CISO in Phoenix runs $380K+ in base salary alone; nationally, total compensation averages $415K at midmarket firms and $500K–$700K fully loaded. Compliance Care delivers the same CISSP + MBA + decade-plus credential profile at a fraction of that cost. Quarterly evidence pack refresh. Monthly advisory. Named senior consultant on call. Optional after any audit, never bundled into the audit fee.

  • Quarterly Evidence Pack refresh — the moat that keeps your insurance and HIPAA posture renewable
  • MFA, EDR, backup, and patch monitoring with compliance reporting
  • Annual security awareness training + monthly phishing simulations
  • Incident response runbook maintenance and tabletop exercises
  • Vendor risk reviews and BAA inventory maintenance
  • Board / leadership-ready quarterly reporting
  • Two tiers: Essentials (managed compliance) and Advisory (fractional vCISO leadership)
01 — Remediation

You choose how it gets fixed.
We make sure it gets fixed right.

After the audit, you have three paths and we'll tell you honestly which fits your situation. Whichever you choose, the relationship is the same: we hold the standard, you keep control, and we re-audit at the end to prove the risk actually moved.

i.

We do the work.

Fastest path. The same firm that audited handles the deployment, policy authoring, training, and vendor reviews. One owner, one accountability line, one re-audit at the close.

No internal IT staff, or staff is already running flat. You want speed + accountability under one roof.
ii.

We lead your IT team or MSP.

You already have IT staff or a generalist MSP. We manage the project, write the requirements, hold the standard, and report up to leadership so each control is actually completed correctly — not just closed in a ticket.

You have technical staff already. You want oversight, not duplication.
iii.

We coordinate an outside firm.

Specialized work you'd rather outsource — third-party penetration test, niche compliance tooling, regional construction or low-voltage. We define scope, vet the vendor, set acceptance criteria, and verify the work meets the standard.

The remediation needs specialized expertise outside our or your team's lane.
02 — Remediation add-ons

The work behind the findings.

Most audits surface a predictable set of gaps. Below is what closing each one typically costs as a productized add-on. All fixed-fee. 10% bundle discount when three or more items are bundled with the audit.

01

MFA deployment and enforcement

Identity provider rollout, conditional access policies, MFA enforcement across email, VPN, RDP, admin accounts, and cloud apps. Documentation included for underwriter submission.

$1,500–$3,500
02

EDR deployment (per 25 endpoints)

Endpoint detection and response rollout, policy configuration, SOC integration if applicable, monthly compliance reporting.

$2,000–$3,500 + license
03

Backup architecture rebuild

Immutable backup design, encryption verification, quarterly restore testing built into the program, documentation aligned with insurance carrier expectations.

$3,500–$7,500
04

Incident response plan + tabletop exercise

Written IR plan tailored to your environment, runbook for the top six incident types, facilitated tabletop with leadership and IT, after-action report.

$3,500–$5,500
05

Security awareness program setup

Annual training program, monthly phishing simulation campaign, reporting cadence, completion tracking for compliance evidence.

$1,500–$2,500
06

Policy and procedure suite

Information security policy, acceptable use policy, access control, IR, vendor management, BCP — all authored or refreshed against current carrier and regulatory expectations.

$2,500–$5,000
07

BAA inventory and remediation (HIPAA)

Full BAA inventory across business associates, gap analysis against 2026 Security Rule requirements, remediation language drafted for each agreement.

$2,500–$5,000
08

Penetration test (subcontracted)

External and/or internal penetration test scoped to your environment, executed by a vetted specialist firm, results re-mapped to your audit findings.

$5,500–$12,000

Pricing is illustrative for typical small and mid-size environments. Exact quote is included in the audit deliverable. Custom or out-of-scope work is quoted separately, never blended.

Audit honestly. Fix it right. Verify it works.

A 30-minute conversation with a senior consultant. No sales script, no obligation — and you'll leave with a clearer read on what your insurer or auditor is going to ask. Either way, you walk away smarter.

Call (480) 420-4750 [email protected]