Policy & Minimum Controls Pack – practical, right-sized guardrails for your business.
Book Intro Call
Executive Add-On • “Reasonable Steps” • Policy & Controls

Policy & Minimum Controls Pack

Insurers, customers and staff increasingly expect some basic guardrails: acceptable use, remote work rules, password and MFA expectations, and backup / incident basics. This pack tunes core policies and minimum controls so you can demonstrate “reasonable steps” without turning into a bureaucracy.

Talk About a Policy & Controls Pack Back to Executive IT Strategy Club
Often paired with the Executive IT Strategy Club or IT Spend Baseline, but can also be delivered as a standalone engagement.
At a glance
  • Light customization of key policies (not a giant manual)
  • Minimum technical controls baseline (MFA, backup, passwords)
  • Simple staff communication notes you can reuse

Typical investment: From $1,950 USD one-time
Depending on complexity and number of locations.

What’s included in the Policy & Minimum Controls Pack

Policy tuning (plain-English)
  • Acceptable use policy tuned to your reality (office, remote, mobile)
  • Remote work / home office expectations (devices, networks, data handling)
  • Password and MFA expectations (what’s mandatory vs. recommended)
  • Basic incident and reporting expectations for staff (“If you see something, do this”)
Minimum controls baseline
  • Baseline for MFA deployment (where it absolutely must be on)
  • Backup expectations for key systems and data
  • Minimum endpoint protections (AV/EDR, patching rhythm)
  • Simple checklist you can use with your MSP or IT team

From $1,950 USD one-time, depending on scope and complexity. You keep editable versions of all documents for future updates.

Explore a Policy & Controls Pack for Our Company

Good fit if...

  • You lack clear, written expectations for staff around IT and security.
  • You’re being asked for policies by customers, partners or insurers.
  • You want something practical and usable, not a 100-page binder.

Probably not a fit if...

  • You need a full ISO/NIST compliance framework and detailed control mapping.
  • You already have mature, regularly reviewed policies in place.

Common questions

Are these legal documents?

They are practical, plain-English policies and baselines aligned with common insurer and industry expectations. They are not a substitute for legal advice; we’re happy to work with your counsel if required.

Can we roll this out in phases?

Yes. We’ll identify which expectations and controls should be mandatory now and which can be phased in as your environment matures.

Will staff actually read these?

We aim for concise, readable documents and provide simple talking points or email templates you can use to introduce them without overwhelming people.

Show that you’re taking reasonable, documented steps on IT risk.

A tuned policy and minimum controls pack gives you something concrete to point to when stakeholders ask, “What are we doing about cyber risk?”.

Book Intro Call