Free Network Assessment

Sign Me Up For The Free Assessment

What You'll Get (At No Cost)

A complete cybersecurity and IT risk review
Backup and disaster recovery check
Honest insights into your compliance posture
A fast, clear summary of what's working - and what's not

What We'll Look At

Are you protected?
We'll check for vulnerabilities that could expose your systems to hackers or ransomware.
Would your backups actually work?
We test whether your data is recoverable, not just if it exists.
Are you at risk of compliance fines?
We'll identify gaps that could lead to violations under HIPAA, PCI, CMMC, and more.
Are you overspending on outdated tools?
We'll flag areas where smarter cloud tools or licensing changes could lower costs.
Is your system slowing you down?
We'll check for performance issues that waste time and drain productivity.

How It Works

Step One

Schedule a Call

We'll talk briefly about your current setup and make sure this is a good fit.

Schedule Now

Step Two

Get Your Cyber Risk Assessment

We'll review your environment, identify risks, and answer your questions with no jargon or pressure.

Step Three

Receive Your Custom Action Plan

You'll get a clear plan to improve security, boost performance, and reduce costs whether you work with us or not.

What Happens Next

You take the plan and run with it. That's a win. Let us know how it goes.
You ask us to help implement it. We'll knock it out of the park.
If you feel it wasn't valuable, we'll send you or your nonprofit of choice $100 for your time. Seriously.

🟢 No one's taken the refund yet, but the offer still stands.

See Our Work in Action

Assessment Examples:

🔒 Compliance & Risk Management

Area	Details / Notes
Regulatory Standards Applicable	HIPAA, PCI-DSS, State Privacy Laws, IRS Requirements, [others if applicable]
PCI-DSS Compliance	- Cardholder data flow documented. (Y/N) - SAQ type completed (e.g., SAQ A, SAQ D)? (Y/N) - Tokenization in use? (Y/N) - Quarterly ASV scans conducted? (Y/N) - PCI Firewall and Change Control rules followed? (Y/N)
HIPAA Compliance	- BAA agreements in place? (Y/N) - ePHI encryption at rest/in transit? (Y/N) - Role-based access control enforced? (Y/N) - Audit logging & review processes in place? (Y/N) - Contingency and breach notification plan documented. (Y/N)
Security Framework Alignment	e.g., NIST CSF, CIS18 Controls, HITRUST, ISO27001
Risk Assessments	- Date of most recent assessment: ___ - Gaps identified: ___ - Remediation plan has been documented and is under ongoing review. (Y/N)
Security Policies & Procedures	- Acceptable Use Policy (Y/N) - Data Classification Policy (Y/N) - Incident Response Plan (Y/N) - Password & Access Policy (Y/N) - Backup & DR Policy (Y/N) - Remote Work Policy (Y/N)
Training & Awareness	- HIPAA Security Awareness Training completed annually? (Y/N) - PCI DSS Training conducted? (Y/N) - Phishing simulations tested? (Y/N) - Insider threat and social engineering education? (Y/N)
Third-Party Vendor Risk	- Vendor list with risk scores maintained. (Y/N) - Vendor security questionnaires reviewed. (Y/N) - BAAs current and documented? (Y/N)
Audit Readiness	- Internal audit checklist maintained and reviewed? (Y/N) - External audit partner or support: ___ - Last audit outcome: ___ - Is the evidence collection repository in place (e.g., SharePoint, GRC)? (Y/N)
Data Retention & Destruction Policies	- Defined retention periods for ePHI, financial data, and PII? (Y/N) - Secure disposal methods implemented (e.g., shredding, destruction)?
Policy Review Cadence	- Is the annual review of all security and compliance policies completed? (Y/N) - Board or executive sign-off documented? (Y/N)

🔁 Backup & Disaster Recovery (BCDR)

Primary Data Storage Solution:
Cloud Storage in Use? (Y/N):
Backup Tool(s):
Disaster Recovery Plan in Place? (Y/N):

Best Practice Area	Compliant (Y/N)	Details / Notes
MFA on All Admin Accounts		Ensure all administrative access to backup systems is protected with MFA. (including portals, management consoles, RMM tools)
Immutable Backups		Backups cannot be altered or deleted for a specified retention period. Supports ransomware resilience.
Backup System Segmentation		Backup infrastructure (storage, servers) is logically and physically segmented from production systems and domain authentication.
3-2-1 Rule Compliance		Maintain at least three copies of data, on two different media types (Snapshot, Backup Appliance), with one off-site/cloud.
Air-Gapped / Offline / Cloud Copy		Backups stored completely offline or with write-once access (e.g., tape, cloud cold storage)
Automated Backup Testing		Backups are automatically tested for integrity and restorable usability (daily/weekly)
Documented Restore Procedures		Clear, tested recovery playbooks are maintained and reviewed periodically.
Backup Monitoring and Alerts		Monitoring tools are in place to alert on failures, missed jobs, or unusual behavior.
Backup Retention Policy		Policies defined by data criticality and compliance (e.g., HIPAA 6 years, IRS 7 years)
Role-Based Access Controls (RBAC)		Access to backup systems is granted based on the least privilege and audit-logged evidence.
Encryption at Rest and In Transit		All backup data is encrypted using current industry-standard protocols. (AES, TLS)
Cloud Backup Vendor Compliance		Third-party backup vendors align with HIPAA/PCI and provide BAAs if applicable.
Disaster Recovery Integration		Backups are integrated into DR plans, and RTO/RPO thresholds are defined in policy and tested.

🛡️ Cyber Insurance Security Posture

Item	Details / Notes
Cyber Liability Insurance Carrier	(Carrier Name, Policy Number)
Policy Coverage	- Data Breach? - Network Interruption? - Ransomware? - Legal Costs? - Business Interruption?
Coverage Limits	(e.g., $1M/$2M/5M aggregate)
Policy Renewal Date	Date:
Insurance Pre-Qualification Checks	- MFA enforced? (Y/N) - EDR/XDR tools in place? - Data encryption in use? - Patch Management in Place? (Y/N)
Microsoft Secure Score	- Current Score: ___ - Industry Benchmark: ___ - Last Reviewed: Date: - Action Plan Created? (Y/N)
Security Assessments for Insurance	- Penetration Test Completed? (Y/N) Date: - External Vulnerability Scan Completed? (Y/N) Date: - Security Risk Assessment Report Submitted? (Y/N) Date:
Policy Exclusions to Note	(e.g., insider threats, social engineering limits)
Incident Response Plan Documented	(Y/N) - Includes contact flow, legal, comms, vendor notification
Security Awareness Training Program	(Y/N) - Frequency: (e.g., annually, quarterly)
Compliance with Frameworks/Standards	- NIST CSF / CIS18 / ISO27001 - PCI-DSS / HIPAA if applicable
Retention of Logs & Forensic Readiness	- Centralized log storage (SIEM) - Retention period: ___ - Alerting configured? (Y/N)
Cyber Insurance Claim History	- Past claims filed: ___ - Resulting changes implemented?

Simply Fill Out The Form On This Page To Get Started!

Sign Me Up

Since having CHR take over our IT, the single biggest benefit has been the ability to call with any issue and receive prompt support, whether it's an application, hardware, or vendor issue. The team's ability to troubleshoot takes the stress away from us and allows us to focus on our day-to-day operations. We feel like we're the only client they have, and they consistently solve any problem that arises. Choosing CHR as your IT firm will be the easiest decision you make, and you'll learn to rely on them to help your company move forward.

Kari B.

CHR Creative's local presence and expertise have allowed us to make informed decisions to enhance our operations, which is a critical pillar for our significant growth. What sets them apart is their quick turnaround times and personable service. If you're on the fence about choosing an IT firm,... CHR Creative's local presence and expertise have allowed us to make informed decisions to enhance our operations, which is a critical pillar for our significant growth. What sets them apart is their quick turnaround times and personable service. If you're on the fence about choosing an IT firm, I highly recommend CHR Creative. They are dedicated to making their clients successful and always prioritize their needs. 

Charles F.

Working with CHR Creative has been a game changer for OMSI. They are prompt and reliable for our IT support and cybersecurity needs, which has been instrumental in reducing downtime and keeping our business running smoothly. CHR Creative's technical expertise and customer service sets them apart from other IT firms we've worked with. Their commitment to understanding our unique needs and tailoring solutions accordingly has made a tremendous difference in the efficiency of our operations. If you're looking for a reliable and effective IT partner, I highly recommend CHR Creative.

Michael A.

Working with CHR Creative is like working with another member of our team. They have an excellent response rate and help manage initiatives that work for the company, including policies and compliance! CHR is big enough to have all the necessary resources, yet you still get that small-town...

Judy J.

Enrolling in CHR Creative's Information Security Management and cybersecurity services has helped us by taking the mystery out of the daunting process, which is cybersecurity and compliance. The expertise they provide has allowed us to fully understand the necessary steps required to become more... Enrolling in CHR Creative's Information Security Management and cybersecurity services has helped us by taking the mystery out of the daunting process, which is cybersecurity and compliance. The expertise they provide has allowed us to fully understand the necessary steps required to become more secure and to apply the best practices for cybersecurity services. They clearly understand the IT requirements needed to create a secure environment and have a game plan for how to get you there. If you're on the fence about choosing an IT firm, I highly recommend CHR Creative. They are easy to work with, and they have the expertise to answer all of your questions about what is required to create a cybersecurity-focused environment.

Mike V.

CMT Surveying and Consulting has been working with CHR for some time now and the biggest benefit we have experienced is the sense of security that they provide. After we suffered from a ransomware attack, CHR was able to get us out of the situation quickly and efficiently. In addition to their exceptional security services, what sets them apart from other IT firms is the relationship we have with our account manager. CHR is knowledgeable about our IT and works closely with us to come up with a plan that meets our needs financially while still providing us with strong security measures. We have enjoyed working with the entire CHR team, from the owner to the techs. We feel they truly care about our company and our success.

Shaun F.

Since having CHR Creative take over our IT and information security management, we have experienced numerous benefits that have positively impacted our organization. Their expertise is unmatched, and they are always easily accessible for troubleshooting and problem-solving. In addition, their...

If you hire CHR, you will have a company with technical expertise that is easily accessible, personable, and works effectively to meet your needs. 

Kay T.

Big Brothers Big Sisters Columbia Northwest has felt fully supported since switching to CHR Creative for our IT support because we know that any tech issues we face will be resolved quickly and efficiently. What sets CHR apart from other IT firms is their exceptional customer service. CHR has custom-built a client-centered culture that exists in everything they do, and that experience hand in hand with high-level specialists isn't something you'll find with another firm. You may be able to find a cheaper IT firm, but you will not find a better IT firm. 

Erin S.

Working with CHR Creative has been monumental to our cybersecurity and IT management. We began working with them after we had a ransomware incident, and within a year they were able to elevate our security profile status and help us get eligible to renew our cyber insurance policy coverage, which we would not have been able to renew without their expertise and direction. Their team has brought a breadth of experience and excellence across various fields of Information Technology, and they made themselves easily accessible and approachable. We appreciate the partnership we have with them and highly recommend them to anyone looking for effective and reliable cybersecurity services.

Lionel R.

Schedule Time With Us Today

Worried About Cybersecurity? Let's Take a Real Look - for Free.