For Houston financial offices and medical practices
Could your office prove it is protected, right now?
Most offices feel covered, right up until a breach hits or someone asks for proof they cannot produce.
How exposed is your email?
See where your domain is open to spoofing and wire fraud, in seconds.
Hammad Arain, founder
CompTIA Security+ certified
I spent six years in regulated IT, including a provider serving banks, where the documentation mattered as much as the wiring. I started Arain Systems so a small office gets that same rigor, handled start to finish by the person you hire.
From assessment to a documented, defensible program
Week 1
Assessment
Your business is reviewed against the FTC Safeguards requirements, and you get written findings.
Weeks 1 to 2
Prioritized fix plan
The findings become a fix list ordered by risk, so you can see what gets addressed first and why.
First 30 days
Stabilize
The highest-risk gaps close first, e.g. MFA, EDR, encrypted backup, email security, etc.
Ongoing
Management
Monitoring, after-hours patching, and the written program kept current, with an annual program review.
Two programs, one provider
Ongoing program
Your IT and compliance, run as one
The ongoing program for an office that cannot absorb downtime or a compliance gap. The everyday IT and the written security program run together.
- Written Information Security Program (WISP), maintained and updated as the business changes
- Qualified Individual support and annual governance documentation
- FTC Safeguards gap report: written findings and prioritized fix list
- A second login step (MFA) on every account and device
- Always-on threat monitoring (EDR) on every computer and server
- Email protection that blocks spoofed senders (SPF, DKIM, DMARC), plus staff awareness
- Encrypted offsite backup and tested recovery
- Software and security updates installed on schedule, after hours
- Vendor agreement review
The assessment that opens every engagement is a gap analysis and a plan. It is not a certification and not a guarantee of compliance.
Continuity
Back open the same day, even after ransomware
Encrypted backup, tested recovery, and business continuity built on Microsoft 365 and cloud storage. Your office keeps operating if hardware fails or ransomware hits.
- Encrypted offsite backup of all business data
- Microsoft 365 mailbox and file data protection
- Recovery tested on a regular schedule
- Ransomware recovery: restore from a clean offsite copy
- Hardware failure recovery without extended downtime
- Retention configured for your record-keeping requirements
Cloud-based backup and recovery, not a physical data center or colocation service. I manage and verify it. There is no staffed NOC or support portal.
Managed IT with compliance typically runs $200 to $400 per user per month in the Houston market, so a four-person office is roughly $800 to $1,600 a month. A small office with a tight device footprint sits near the low end.
Whatever your office, a rule already applies.
| Office type | GLBA written security program | IRS WISP | Texas breach notification law | Enforced or audited by |
|---|---|---|---|---|
| CPA and tax firms | Applies | Applies | Applies | FTC · IRS PTIN attestation |
| Insurance agencies | Applies | Does not apply | Applies | State insurance regulator · carrier questionnaires |
| Title and settlement | Applies | Does not apply | Applies | FTC · ALTA Pillar 3 underwriter audits |
| Investment advisors | Applies | Does not apply | Applies | SEC Reg S-P or FTC, by registration · TSSB exams |
CPA and tax firms
GLBA written security program · IRS WISP · Texas breach notification law
Enforced or audited by: FTC · IRS PTIN attestation
Insurance agencies
GLBA written security program · Texas breach notification law
Enforced or audited by: State insurance regulator · carrier questionnaires
Title and settlement
GLBA written security program · Texas breach notification law
Enforced or audited by: FTC · ALTA Pillar 3 underwriter audits
Investment advisors
GLBA written security program · Texas breach notification law
Enforced or audited by: SEC Reg S-P or FTC, by registration · TSSB exams
Already have an IT person?
Your IT person keeps the computers and network running. That is a different job from the written security plan, risk assessment, and controls the FTC now holds your office responsible for, and most IT people do not do those. I handle both, so you are not adding a separate compliance service on top. I can work alongside your current IT person, or take it all over. Either way, the free gap report shows where you stand right now.
Serving the Houston metro
Greater Houston is covered on-site, with remote support anywhere.
Get your free 14-Point Safeguards Gap Report
The free scan at the top of the page checks one of the 14 points instantly. This is the full version: all 14, reviewed by hand, with a written findings list and a prioritized fix plan mapped to the FTC Safeguards Rule. No commitment, and you keep it whether or not we ever work together.