Stood up a full security program for a ~100-person healthcare company — device compliance, policies, risk and vulnerability assessments — and reached a SOC 2 posture.
A ~100-person healthcare company wanted to secure its infrastructure but had no formal security program. Device posture was inconsistent, policies were informal or missing, and no one had run a structured risk or vulnerability assessment. They needed SOC 2 to satisfy customers and partners, starting from close to zero.
Took the company from no formal security program to a SOC 2 posture: devices compliant, policies in place, and risk and vulnerability assessments completed. A separate ~100-user healthcare client engaged the same way is kept on ongoing SOC 2 maintenance.