Security & Compliance

Protect Your Organization
Meet Your Compliance Goals

Specialized security assessments, compliance support, and strategic advisory services for Bay Area nonprofits navigating complex security and regulatory landscapes.

Security Expertise

Security & Compliance
Beyond Day-to-Day IT

Security & Compliance services address needs beyond day-to-day IT support—vulnerability identification, penetration testing, compliance gap analysis, policy development, and ongoing security leadership through our vCISO program.

PCI, SOX & SOC 2

Real compliance experience

Grant Compliance

Federal & foundation

Cyber Insurance

Application support

Board Reporting

Clear, actionable

Who Needs Security Services?

  • Organizations handling sensitive constituent or health data
  • Organizations applying for or managing grants with security requirements
  • Boards and leadership seeking cyber insurance coverage
  • Organizations that have experienced a security incident
  • Teams preparing for third-party audits or assessments

Security Assessments

Assessment Packages

Three levels of security assessment to match your risk profile, regulatory requirements, and budget.

Entry-Level Assessment

Vulnerability Scan

Contact for a quote

Typical duration: 1-2 days

Automated assessment to identify known security weaknesses across your network and applications.

What's Included

  • External network perimeter scanning
  • Internal network vulnerability scanning
  • Web application surface scanning
  • Cloud configuration review (M365/Google)
  • SSL/TLS certificate validation
  • Prioritized vulnerability report with CVSS scores
  • Executive summary (2-3 pages)
  • Remediation guidance for each finding
  • 30-day re-scan to verify remediation

Ideal For

  • • Annual security checkups
  • • Pre-cyber insurance baseline
  • • Board compliance verification
  • • Quick identification of vulnerabilities
Request Quote
Most Common

Active Security Testing

Penetration Test

Contact for a quote

Typical duration: 3-5 days

Active security testing simulating real-world attacks to identify exploitable vulnerabilities.

What's Included

  • Everything in Vulnerability Scan
  • Manual verification and exploitation
  • Authentication & authorization testing
  • Business logic vulnerability assessment
  • Password strength testing
  • Privilege escalation attempts
  • Lateral movement testing
  • Detailed technical report with attack narratives
  • Proof-of-concept documentation
  • Strategic remediation roadmap
  • One re-test engagement (90 days)

Ideal For

  • • Cyber insurance requirements
  • • Grant compliance (federal, foundations)
  • • Post-incident security validation
  • • Organizations handling sensitive data
Request Quote

Comprehensive Assessment

Full Security Audit

Contact for a quote

Typical duration: 2-3 weeks

Comprehensive assessment of security posture across technology, people, and processes.

What's Included

  • Everything in Penetration Test
  • Security policy and procedure review
  • Access control and identity management audit
  • Data classification and handling assessment
  • Third-party/vendor security review
  • Physical security walkthrough
  • Employee security awareness assessment
  • Incident response plan review
  • Regulatory compliance gap analysis
  • Comprehensive audit report (50-100 pages)
  • Board presentation materials
  • Two re-test engagements (12 months)

Ideal For

  • • Compliance validation (SOC 2, PCI, NIST)
  • • Pre-acquisition due diligence
  • • Major grant applications
  • • Board-mandated security review
Request Quote

All pricing shown is standard rates. 501(c)(3) nonprofits receive 15% discount.

Nonprofit-Focused

Compliance Bundles

Pre-packaged compliance offerings designed for common Bay Area nonprofit needs. Assessment, documentation, and advisory combined into cost-effective packages.

Security Foundations

Contact for a quote

15% nonprofit discount available

Timeline: 3-4 weeks

Essential security foundation aligned to frameworks like SOC 2, PCI, and NIST for nonprofits handling sensitive data.

Included

  • Security Risk Assessment (NIST-aligned)
  • Administrative, physical, and technical safeguards evaluation
  • Vendor / third-party security agreement review
  • Security policy & procedure templates (10-15 policies)
  • Security awareness training (1 session)
  • 4 hours vCISO advisory
  • Remediation priority matrix
  • Compliance documentation package

Designed for: Nonprofits handling sensitive constituent or health data, whether you're working toward SOC 2, PCI, or other compliance requirements

Get Started

Cyber Insurance Ready

Contact for a quote

15% nonprofit discount available

Timeline: 2-3 weeks

Prepare your organization for cyber insurance applications and renewals.

Included

  • External penetration test
  • Internal & external vulnerability scan
  • Security controls assessment
  • MFA implementation verification
  • Backup and recovery validation
  • Incident response plan template
  • 4 hours vCISO advisory
  • Insurance application assistance
  • Letter of attestation

Designed for: Organizations applying for cyber insurance or facing premium increases

Get Started

Grant Compliance

Contact for a quote

15% nonprofit discount available

Timeline: 4-6 weeks

Security and compliance documentation for federal grants and foundation requirements.

Included

  • Risk assessment (NIST CSF aligned)
  • Vulnerability scan & remediation verification
  • System Security Plan (SSP) development
  • Security policies (framework-aligned)
  • Security awareness training program
  • 6 hours vCISO advisory
  • Compliance tracking dashboard
  • Annual review (first year included)

Designed for: Federal grant recipients (HHS, DOJ, ED), large foundation grantees

Get Started

Strategic Leadership

vCISO Retainer Program

Strategic security leadership without the cost of a full-time executive. Our Virtual Chief Information Security Officer (vCISO) program provides ongoing security guidance, compliance oversight, and board-level advisory services.

Strategic Advisory

Security program development, risk management, vendor evaluation, budget planning

Governance & Compliance

Board reporting, policy development, regulatory guidance, audit support

Operational Oversight

Incident escalation, vulnerability management, security metrics

vCISO vs. Full-Time CISO

vCISO (Standard)

Contact for a quote

Full-Time CISO

Six-figure annual salary

Retainer Tiers

Advisory

4 hours/month

Contact for a quote

15% nonprofit discount

Periodic guidance, board prep, incident support

Standard

8 hours/month

Contact for a quote

15% nonprofit discount

Active security program oversight

Strategic

16 hours/month

Contact for a quote

15% nonprofit discount

Comprehensive security leadership

Executive

24 hours/month

Contact for a quote

15% nonprofit discount

Near-full-time security executive

Additional hours beyond retainer available (contact for a quote). Minimum 6-month commitment.

Discuss vCISO Program

Why DVRK Group

Security Expertise for Nonprofits

Nonprofit-Focused

We understand limited budgets, volunteer environments, and vulnerable population data protection.

Right-Sized Assessments

Thorough enough for auditors and insurers, practical enough to actually implement.

Actionable Results

Clear remediation guidance prioritized by risk and effort. We help you understand what matters most.

Integrated Support

Assessment findings feed directly into managed services for continuous protection.

Ready to Strengthen Your Security?

Schedule a free scoping conversation to discuss your security needs, regulatory requirements, and timeline. We'll recommend the appropriate assessment level or bundle.

1

Discovery Call

Free 30-minute consultation to discuss your challenges and goals.

2

Environment Assessment

Complimentary review of your current IT setup to understand scope.

3

Custom Proposal

Detailed proposal with pricing tailored to your organization.

Or email directly: hello@dvrkgroup.com
Typically responds within one business day · Bay Area / Pacific time