Security & Compliance
Protect Your Organization
Meet Your Compliance Goals
Specialized security assessments, compliance support, and strategic advisory services for Bay Area nonprofits navigating complex security and regulatory landscapes.
Security Expertise
Security & Compliance
Beyond Day-to-Day IT
Security & Compliance services address needs beyond day-to-day IT support—vulnerability identification, penetration testing, compliance gap analysis, policy development, and ongoing security leadership through our vCISO program.
PCI, SOX & SOC 2
Real compliance experience
Grant Compliance
Federal & foundation
Cyber Insurance
Application support
Board Reporting
Clear, actionable
Who Needs Security Services?
- Organizations handling sensitive constituent or health data
- Organizations applying for or managing grants with security requirements
- Boards and leadership seeking cyber insurance coverage
- Organizations that have experienced a security incident
- Teams preparing for third-party audits or assessments
Security Assessments
Assessment Packages
Three levels of security assessment to match your risk profile, regulatory requirements, and budget.
Entry-Level Assessment
Vulnerability Scan
Typical duration: 1-2 days
Automated assessment to identify known security weaknesses across your network and applications.
What's Included
- External network perimeter scanning
- Internal network vulnerability scanning
- Web application surface scanning
- Cloud configuration review (M365/Google)
- SSL/TLS certificate validation
- Prioritized vulnerability report with CVSS scores
- Executive summary (2-3 pages)
- Remediation guidance for each finding
- 30-day re-scan to verify remediation
Ideal For
- • Annual security checkups
- • Pre-cyber insurance baseline
- • Board compliance verification
- • Quick identification of vulnerabilities
Active Security Testing
Penetration Test
Typical duration: 3-5 days
Active security testing simulating real-world attacks to identify exploitable vulnerabilities.
What's Included
- Everything in Vulnerability Scan
- Manual verification and exploitation
- Authentication & authorization testing
- Business logic vulnerability assessment
- Password strength testing
- Privilege escalation attempts
- Lateral movement testing
- Detailed technical report with attack narratives
- Proof-of-concept documentation
- Strategic remediation roadmap
- One re-test engagement (90 days)
Ideal For
- • Cyber insurance requirements
- • Grant compliance (federal, foundations)
- • Post-incident security validation
- • Organizations handling sensitive data
Comprehensive Assessment
Full Security Audit
Typical duration: 2-3 weeks
Comprehensive assessment of security posture across technology, people, and processes.
What's Included
- Everything in Penetration Test
- Security policy and procedure review
- Access control and identity management audit
- Data classification and handling assessment
- Third-party/vendor security review
- Physical security walkthrough
- Employee security awareness assessment
- Incident response plan review
- Regulatory compliance gap analysis
- Comprehensive audit report (50-100 pages)
- Board presentation materials
- Two re-test engagements (12 months)
Ideal For
- • Compliance validation (SOC 2, PCI, NIST)
- • Pre-acquisition due diligence
- • Major grant applications
- • Board-mandated security review
All pricing shown is standard rates. 501(c)(3) nonprofits receive 15% discount.
Nonprofit-Focused
Compliance Bundles
Pre-packaged compliance offerings designed for common Bay Area nonprofit needs. Assessment, documentation, and advisory combined into cost-effective packages.
Security Foundations
15% nonprofit discount available
Timeline: 3-4 weeks
Essential security foundation aligned to frameworks like SOC 2, PCI, and NIST for nonprofits handling sensitive data.
Included
- Security Risk Assessment (NIST-aligned)
- Administrative, physical, and technical safeguards evaluation
- Vendor / third-party security agreement review
- Security policy & procedure templates (10-15 policies)
- Security awareness training (1 session)
- 4 hours vCISO advisory
- Remediation priority matrix
- Compliance documentation package
Designed for: Nonprofits handling sensitive constituent or health data, whether you're working toward SOC 2, PCI, or other compliance requirements
Get StartedCyber Insurance Ready
15% nonprofit discount available
Timeline: 2-3 weeks
Prepare your organization for cyber insurance applications and renewals.
Included
- External penetration test
- Internal & external vulnerability scan
- Security controls assessment
- MFA implementation verification
- Backup and recovery validation
- Incident response plan template
- 4 hours vCISO advisory
- Insurance application assistance
- Letter of attestation
Designed for: Organizations applying for cyber insurance or facing premium increases
Get StartedGrant Compliance
15% nonprofit discount available
Timeline: 4-6 weeks
Security and compliance documentation for federal grants and foundation requirements.
Included
- Risk assessment (NIST CSF aligned)
- Vulnerability scan & remediation verification
- System Security Plan (SSP) development
- Security policies (framework-aligned)
- Security awareness training program
- 6 hours vCISO advisory
- Compliance tracking dashboard
- Annual review (first year included)
Designed for: Federal grant recipients (HHS, DOJ, ED), large foundation grantees
Get StartedStrategic Leadership
vCISO Retainer Program
Strategic security leadership without the cost of a full-time executive. Our Virtual Chief Information Security Officer (vCISO) program provides ongoing security guidance, compliance oversight, and board-level advisory services.
Strategic Advisory
Security program development, risk management, vendor evaluation, budget planning
Governance & Compliance
Board reporting, policy development, regulatory guidance, audit support
Operational Oversight
Incident escalation, vulnerability management, security metrics
vCISO vs. Full-Time CISO
vCISO (Standard)
Contact for a quote
Full-Time CISO
Six-figure annual salary
Retainer Tiers
Advisory
4 hours/month
Contact for a quote
15% nonprofit discount
Periodic guidance, board prep, incident support
Standard
8 hours/month
Contact for a quote
15% nonprofit discount
Active security program oversight
Strategic
16 hours/month
Contact for a quote
15% nonprofit discount
Comprehensive security leadership
Executive
24 hours/month
Contact for a quote
15% nonprofit discount
Near-full-time security executive
Additional hours beyond retainer available (contact for a quote). Minimum 6-month commitment.
Discuss vCISO ProgramWhy DVRK Group
Security Expertise for Nonprofits
Nonprofit-Focused
We understand limited budgets, volunteer environments, and vulnerable population data protection.
Right-Sized Assessments
Thorough enough for auditors and insurers, practical enough to actually implement.
Actionable Results
Clear remediation guidance prioritized by risk and effort. We help you understand what matters most.
Integrated Support
Assessment findings feed directly into managed services for continuous protection.
Ready to Strengthen Your Security?
Schedule a free scoping conversation to discuss your security needs, regulatory requirements, and timeline. We'll recommend the appropriate assessment level or bundle.
Discovery Call
Free 30-minute consultation to discuss your challenges and goals.
Environment Assessment
Complimentary review of your current IT setup to understand scope.
Custom Proposal
Detailed proposal with pricing tailored to your organization.
Or email directly: hello@dvrkgroup.com
Typically responds within one business day · Bay Area / Pacific time