Who are we?
Our founder Sam Iospa came from an IT infrastructure consulting background. His specialty was systems and before it was the buzzword it is today he transitioned to system security with a focus on authentication and defense in depth (aka layered security). While working for a Managed Services Provider (outsourced IT Services) he noticed a gap in the security landscape that left small businesses completely exposed.

Security at the time was divided into 2 basic categories. The first was large enterprises which needed a comprehensive approach and had the resource to purchase many different products to combine them into a solution. This was expensive and cumbersome for all involved, but mostly doable at scale.

The second was small companies who were largely dependent on the Saas offerings. Most of them relied on the idea that they were too small to be a target and didn't want to invest in security.

Once small businesses started being targeted they came to ask their IT providers for help, but there was very little available to offer them. Sure, they could activate 2FA for their cloud services but there was no way for them to easily manage all of those users. Sure they could roll out advanced Anti-Malware solutions but there was no way to ensure all of their devices would get it.

Most importantly there was no way for them to buy a ready, off the rack solution that already combined everything they needed or even one company they can call to troubleshoot it all. That is where we were born. Our mission is to bring affordable, actionable, and user-friendly security to small businesses on a month to month basis ready to scale with your business. No need to purchase hardware or software licenses, no need to combine your own solution, no installation fees, and no tricks. That is our promise to you. You handle your business and we will protect you in the process.
What personal data do we collect and why we collect it?

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor's IP address and browser user agent string to help spam detection.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website. If anything you post has copyrighted content you agree that you have obtained the necessary rights to share this content.


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Who we share your data with?
We will never sell your info. Our 3rd party providers may have access to a part of your data that they need in order to perform data processing. However, we will not share it with anyone for marketing or other purposes.
How long we retain your data?
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

For clients of Iospa Tech LLC we will store their info for as long as they are customers. If a client chooses to terminate their service we will provide them with a copy of any applicable data that they should have to their network and them promptly delete their data from our systems.
What rights do you have over your data?
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data?
Visitor comments may be checked through an automated spam detection service.
Your contact information
We respect your right to privacy and offer an opt-out on all of our communications to clients and prospects. If you would like to be removed from our contact list please use the unsubscribe link at the bottom of the email you receive from us. Please note that emails regarding tickets, account alerts, billing, emergency maintenance, and other critical emails are not something you can unsubscribe from while you are a client of Iospa Tech LLC.
How we protect your data
All of our client data is encrypted at rest and in transit. When we transmit any sensitive information our staff will utilize secure email. The transfer of any credentials which are not required to be immediately reset can be transferred via onetimesecret.com or saltify.io. Both services provide the ability to provide secure data one time and ensure that the data is no longer accessible after that.

We utilize numerous protective measures and implement a secure in-depth approach to security.
Our authentication strategy is divided into 3 main categories. Systems that support SAML based authentication use that and tie back to our centralized IAM platform where they are protected and monitored by 2FA and log monitoring solutions. Systems that support centralized 2 Factor Authentication utilize that. Other systems employ all of the available security measures provided by the vendor and are reviewed quarterly for risk and possible system hardening.
Each system is only utilized for the purpose for which it was intended and all systems meet current and future recommendations for best practices. For example, our documentation and password management systems are separated to ensure that configurations are not stored together with passwords.
Employee education
As a provider of IT security services, our employees pride themselves on staying up to date on the latest threats and countermeasures. We provide educational information and newsletters as well as emergency alerts when something new is detected. Employees are provided with advanced education in phishing, data integrity, secure transfers, and fraud detection.
Separation of Duty and Least Privilege
Only the staff and/or contractors that need to access particular systems or data have access. Our business involves a high level of trust and cooperation between various teams including interfacing with other vendors that service the same client. We take the utmost care to ensure that everyone who needs to access privileged information or systems is able to do so securely and that all of their activity is logged.

Financial information is only accessible to the company founders and any requested changes are reviewed by 2 people.
Risk Assessments
Risk Assessments and assessments of security controls are carried out quarterly as are mitigation steps and system hardening.
What data breach procedures we have in place?
We monitor our systems around the clock to ensure that each of them is secure and that our client information is safe. We utilize all the services which we have on offer and take the utmost care to protect ourselves and our clients. However, should the worst come to pass, we have internal policies and controls ready. We will immediately notify our clients of any incidents so they are aware that we have had a breach and provide information continuously as we gather it.
Made on