Security & Compliance

Your Insurer and Your GC Are Starting to Ask Questions You Can't Answer

Cyber insurance renewals and GC security questionnaires are showing up more often — and they're asking for specifics. We get your IT to a place where you have real answers.

What's Changing

The bar for getting on a job or renewing your insurance just got higher

Cyber insurance carriers are tightening requirements. More GCs are including cybersecurity language in subcontract agreements. Some are asking for documented security controls before they'll award the work. This isn't happening to defense contractors — it's happening to HVAC companies, electrical subs, and general contractors working on commercial and municipal projects.

The questions coming through are things like: Do you have multi-factor authentication on your accounts? Are your devices encrypted? Do you have a backup plan? What happens if you get ransomware?

Most contractors don't have clean answers to any of those. We fix that.

Built For

If any of these sound familiar, this is for you

Your cyber insurance renewal came with a questionnaire you couldn't fully answer We implement the controls insurers look for and document everything so you can answer accurately and completely.
A GC sent a vendor security form or compliance addendum with your subcontract We review what's being asked, close the gaps in your IT, and give you documentation you can hand back with confidence.
Your insurance premium went up and you don't know why security controls would change that Documented controls — MFA, backup, endpoint protection, incident response — directly affect what carriers will offer and at what cost.
You've never had to think about this before but someone is now making you think about it The assessment is where we start. We identify what's actually required for your specific situation before we recommend anything.
You want to be ready before the question comes, not scrambling when it does Proactive is always cheaper than reactive. We build this into how your IT is managed from day one.

What We Implement

The controls your insurer and GC are actually asking about

Multi-Factor Authentication

MFA on every account and system. A stolen password alone isn't enough to get in. This is the single most common requirement on every insurer checklist.

Endpoint Protection & Monitoring

Next-gen antivirus and EDR on every device. Continuous monitoring that catches threats before they spread. Documents that your devices are actively protected.

Tested Backup & Recovery Plan

A documented, tested backup strategy with defined recovery objectives. Insurers want to know you have a plan and that it works — not that you "think you have backups."

Patch Management

Systems kept current with security patches on a documented schedule. Unpatched systems are the most commonly exploited vulnerability and a flag on every audit.

Security Policy Documentation

Written policies for acceptable use, incident response, and access control. These turn your IT practices into something you can hand to a GC or insurer as proof.

Employee Security Awareness

Your crew is the last line of defense. Training your team to recognize phishing and report suspicious activity is a documented control that carries real weight.

A Note on CMMC

If you're doing federal or defense work, we can help with that too

Most of our clients are local contractors with no federal contracts — and CMMC doesn't apply to them. But if you're a subcontractor on DoD or government-adjacent work where CMMC Level 1 is required, we handle that as well. The controls overlap significantly with what we implement for all clients anyway.

Not sure whether it applies to your contracts? Start with the assessment. That's the right place to figure it out before spending money on something you may not need.

No cost. No commitment.

Let's see what your insurer or GC is actually asking for

The assessment looks at your current security posture and identifies the gaps. You'll know exactly what needs to change — before the renewal or the questionnaire forces the issue.

Start Your Free Assessment ›

No sales pressure. Takes about an hour. 100% free.