HIPAA, PCI-DSS and SOC 2 are not a once-a-year scramble. AiVigil bakes the controls, documentation and evidence into your everyday IT — so regulated SMBs stay audit-ready, every day.
Each guide explains the framework in plain English, shows where SMBs slip up, and how we close the gaps.
For clinics, dental and behavioral health handling protected health information (PHI).
For any business that stores, processes or transmits payment card data.
For finance, accounting and SaaS firms that handle sensitive client data and need to prove it.
Cyber Essentials (UK) — coming soon as we expand into the UK market.
The acronyms differ, but the technical expectations overlap heavily. Get these right once and you're most of the way to any of them.
A current inventory of the systems, devices and people that touch regulated data — PHI, cardholder data or client records. You can't protect or prove what you haven't mapped.
Multi-factor authentication, least-privilege access, and a clear record of who has access to what — and why. Access reviews that actually happen on a schedule.
EDR on every device, encryption at rest and in transit, patching, and email/phishing defense on the #1 breach vector.
Tested, ransomware-resilient backups and a documented recovery plan — so an incident doesn't become a reportable breach or a shutdown.
Written policies, risk assessments, vendor agreements (BAAs / contracts), and the logs and reports that prove the controls are running — kept current, not reconstructed the week before an audit.
It's rarely a sophisticated attack. It's the basics that quietly drift out of date.
The one document almost every framework requires — missing, or years out of date.
Logs, policies and vendor agreements spread across inboxes and drives that no one can find under pressure.
One unprotected admin account or shared login undoes the rest of your controls.
Backups that exist on paper but have never been restored — discovered at the worst possible moment.
An IT provider treating a regulated practice like any other office, with no framework-specific evidence.
Template policies downloaded once and never enforced — auditors notice the gap between paper and practice.
We map your obligations to your actual environment and surface every gap, in plain language, with a prioritized plan.
EDR, MFA, encryption, email defense and tested backups — set up, monitored and maintained for you, not handed over as a to-do list.
Risk assessments, policies and vendor agreements kept current — with the evidence organized year-round, not the week before.
When the auditor or assessor arrives, we sit with you and hand over evidence that's already organized.
Compliance drifts. We review controls and documentation every quarter so you don't slip out of readiness.
HIPAA, PCI and SOC 2 overlap. We maintain a single audit-ready control set that satisfies each obligation that applies to you.
A plain-English self-assessment covering the controls, documentation and evidence HIPAA, PCI and SOC 2 expect — so you can see your gaps before an auditor does.
Our vertical Shield products bundle the right controls and evidence for your regulations — so compliance isn't bolted on, it's how your IT runs.
Our role
No. We're your managed IT and security provider. We put the technical controls, documentation and evidence in place so your auditor or assessor finds you ready — and we sit with you through the audit.
Frameworks
Today we focus on HIPAA for healthcare, PCI-DSS for businesses that take card payments, and SOC 2 for firms that handle client data. Cyber Essentials for UK clients is coming soon as we expand.
Yes. Many of our finance clients need SOC 2 and PCI-DSS, and the underlying controls overlap heavily. We map your obligations once and maintain a single, audit-ready control set across frameworks.
Timeline
Most clients are fully monitored and secured about 10 days after the risk assessment. Closing every documentation gap for a specific framework depends on your starting point — the assessment gives you a clear timeline.
Book a free IT & security risk assessment and get a clear picture of your gaps, risks and quick wins across HIPAA, PCI and SOC 2.
Book a free risk assessment