CMMC Level 2 Assessment: Next Steps

You’ll get all documentation, a clear roadmap, and ongoing access to our support team.

Anyone responsible for IT, HR, security, or compliance. We’ll clarify session-by-session.

Most organizations complete the process in 4–6 weeks, depending on document readiness and meeting schedules.

Our FTC Safeguards Kickoff Meeting is a 90-minute, focused session with your dedicated Office Heroes compliance team. This gives us enough time to walk through the FTC Safeguards Rule requirements, review your current information security practices, answer your questions, and set a clear path to compliance and audit-readiness.

Before your kickoff, please gather any existing documentation related to your information security program, such as written policies, risk assessments, incident response plans, and vendor management agreements. We recommend that your IT lead, business owner, or designated compliance manager attend, so we can address technical, legal, and operational aspects of the FTC Safeguards Rule. A checklist of recommended documents will be provided once you schedule.

You’ll have ongoing access to your assigned compliance specialist at Office Heroes for any follow-up questions or guidance. We also provide a secure client portal where you can submit questions, request additional support, and access compliance resources tailored to the FTC Safeguards Rule and GLBA (Gramm-Leach-Bliley Act).

Absolutely. Office Heroes follows strict data security and confidentiality protocols, including data encryption, secure storage, and multi-factor authentication. All information you provide is protected under our privacy policy and handled in accordance with FTC, GLBA, and industry-standard cybersecurity practices.

After your kickoff meeting, your Office Heroes compliance team will deliver a step-by-step roadmap tailored to your organization. This includes a compliance checklist, risk assessment action items, policy templates, and clear milestones. We’ll schedule ongoing check-ins, help you implement security controls, and ensure you’re fully prepared for any FTC audit or review.

DNS filtering is a cybersecurity technology that blocks users from accessing malicious or inappropriate websites by screening web traffic at the Domain Name System (DNS) level. When a user tries to visit a website, DNS filtering checks the site’s address against a list of known threats and policy rules. If the site is unsafe or not allowed by your organization’s policy, access is denied—protecting your network from phishing attacks, malware, and data leaks.

For regulated businesses, DNS filtering adds a proactive layer of security, reduces the risk of compliance violations, and helps enforce acceptable use policies for staff working in-office or remotely. As part of Office Heroes’ managed security services, DNS filtering is integrated into our Guardian and Titan service tiers to ensure safe, compliant, and productive online activity across your organization.

Go to https://portal.office-heroes.com/app/usage/internet and log in with your Office Heroes credentials. If you have trouble, contact your company admin or clientcare@office-heroes.com.

No, DNS filtering does not block everything. It’s a highly customizable solution that allows your organization to decide what is allowed or restricted. You can set policies based on website categories (such as social media, gambling, or adult content), specific domains, or even individual URLs. This means essential business resources and trusted websites remain accessible, while harmful or non-compliant sites are blocked.

With Office Heroes’ managed DNS filtering, our team helps you tailor these settings to fit your business needs—balancing strong protection with productivity and regulatory requirements.

After logging in, navigate to the Internet Usage dashboard. You’ll see real-time reports of sites accessed, including those blocked or allowed by your company’s DNS policy. You can filter by date, user, or device for detailed insights.

Typically, only company admins or designated Office Heroes portal users have permission to manage filtering settings. If you need access, contact your Office Heroes admin or support.

Changes are applied immediately after you save them in the portal. Users may need to refresh their browser or reconnect to the network to see updates.

In the portal, use the filtering management options to add any site to your Allow List (always allowed) or Block List (always blocked). Remember to click “Save” after making changes.

Reach out to your company admin first. For technical support, email clientcare@office-heroes.com or use the support options in your Office Heroes portal.

No, DNS filtering does not noticeably slow down your internet. Modern DNS filtering solutions are designed to operate in real-time, adding only milliseconds to the process of loading websites—typically so quickly that users don’t notice any difference. In fact, by blocking access to malicious or high-risk sites, DNS filtering can actually improve your network’s performance and security by preventing unwanted downloads and reducing exposure to cyber threats.

At Office Heroes, we deploy DNS filtering tools that are optimized for speed and reliability, ensuring your business stays protected without sacrificing productivity.

Yes, the portal lets you filter activity logs by user, device, or date range for detailed monitoring.

DNS filtering and content filtering are both security tools, but they work at different layers and provide different levels of control:

• DNS Filtering controls which websites users can access by blocking or allowing connections based on the website’s domain name. When someone tries to visit a site, DNS filtering checks if the domain is safe and allowed—blocking access to dangerous or non-compliant sites before any data is loaded.
• Content Filtering goes deeper, inspecting the actual content on websites or within emails, applications, and files. It can block or restrict access to specific web pages, file types, keywords, or categories—even on sites that are otherwise allowed by DNS rules.

DNS filtering is fast and effective for blocking broad categories of risky sites at the network level, while content filtering provides more granular control over what users see or can do online. For regulated businesses, Office Heroes often recommends using both together for layered, comprehensive protection.

DNS filtering is a core part of the Guardian Computer Protection package and higher tiers. Contact your Office Heroes account manager for details about your specific plan.

Patch management is important because unpatched devices are one of the most common and easiest ways for cybercriminals to compromise your systems. When software vendors discover security vulnerabilities, they release patches to fix those gaps. If these patches are not applied promptly, attackers can exploit those weaknesses—sometimes within days of a vulnerability becoming public.

Effective patch management closes these security gaps before criminals have a chance to get in. By keeping all devices and applications up to date, you significantly reduce your risk of ransomware, data breaches, and other cyber threats. Regular patching helps you maintain compliance with industry regulations and avoid costly fines or penalties for security lapses.

In short, patch management is a proactive defense that protects your business, your data, and your reputation by making it much harder for hackers to succeed.

Skipping patches exposes your organization risks that can impact both your security and your business operations.

Ransomware and malware attacks often target known vulnerabilities in unpatched systems. Missing even a single patch can create a critical entry point for cybercriminals, leading to data loss and expensive recovery efforts. Hackers routinely scan for unpatched devices, so a single vulnerable endpoint can open the door to data breaches, theft of sensitive information, and wider network compromises.

Regulatory frameworks such as HIPAA, PCI DSS, GLBA, and the FTC Safeguards Rule all require regular system updates as a fundamental security measure. Skipping patches can result in failed audits, fines, and potential legal liability.

Operationally, attacks that exploit unpatched systems can cause significant downtime, disrupt day-to-day productivity, and damage your reputation with clients and partners.

Skipping patches is a high-stakes gamble. It increases your risk of ransomware, data breaches, compliance fines, downtime, and lasting damage to your reputation. Automated patch management from Office Heroes helps reduce these risks by keeping your systems continuously protected and compliant.

Automation is at the heart of our patch management process. With Office Heroes, there’s no need for manual checks or chasing updates Our system takes care of everything, from start to finish:

Continuous Device Monitoring: Our platform constantly monitors all managed devices, servers, workstations, and remote endpoints, to detect missing patches or outdated software.

Automatic Patch Deployment: As soon as new security updates are available, the system schedules and deploys them across your environment. Updates are installed silently, often outside business hours, minimizing user disruption.

Centralized Management: All patching activity is controlled and tracked from a single dashboard, giving our support team and your IT administrators real-time visibility into update status across every device.

Self-Healing Automation: If an update fails or a device is offline, the system automatically retries deployment until the patch is successfully installed. No manual follow-up needed.

Compliance & Documentation: Every action is logged automatically. The system generates reports showing which patches were applied, when, and on which devices; providing audit-ready documentation without extra effort.

In short: Our automated solution checks all your devices, deploys the right updates, and creates the compliance documentation you need. Removing guesswork and ensuring every device stays protected with zero manual hassle.

If a patch fails, you’re not left in the dark. Our automated patch management system is designed with reliability and visibility at its core:

• Immediate Alerting: When a patch doesn’t install correctly, the system generates an alert for our support team and updates your management dashboard. This ensures no failure goes unnoticed.
• Automatic Remediation: In most cases, failed patches are retried automatically on the next scheduled run—often resolving the issue without any manual intervention.
• Expert Support: If the issue persists, our Office Heroes support team steps in to investigate and resolve the problem directly. This may involve troubleshooting conflicts, applying fixes, or escalating to advanced support if needed.
• No Device Left Behind: We continuously monitor patch compliance across all managed devices. Any system that remains unpatched is flagged until the issue is fully resolved, ensuring your environment doesn’t develop security gaps.
• Audit-Ready Documentation: All patch activity—including failures and remediations—is logged for compliance and reporting purposes. This gives you a clear record for audits and peace of mind that every device is protected.

In short: If a patch fails, your dedicated support team is notified automatically and our automated systems or support team work to fix it, no device is ever left vulnerable or forgotten. Our goal is zero missed patches, maximum security, and complete transparency for your IT environment.

Automated patch management is the backbone of modern cybersecurity. It works silently in the background, ensuring your systems are always up to date with the latest security patches—closing the door on vulnerabilities before attackers can exploit them. But patch management is most effective when it’s part of a layered security approach, working together with other defenses:

• Antivirus & Endpoint Detection: Antivirus and EDR tools identify and block known malware or suspicious behavior. However, many threats exploit outdated software. Automated patching removes these “open doors,” making it harder for attackers to succeed, even if antivirus misses something.
• Backups: Reliable backups are your last line of defense if ransomware or other attacks succeed. Automated patching reduces the risk of needing to recover from backup by preventing many common attacks in the first place.
• Security Awareness Training: Many attacks start with phishing or user mistakes. Training helps users recognize threats, while automated patching ensures that if a mistake is made (like clicking a bad link), the system is less likely to be compromised due to an unpatched vulnerability.
• Vulnerability Scanning & Monitoring: Regular scans identify missing patches or insecure software. Automated patch management works in tandem, fixing those gaps quickly and maintaining compliance with frameworks like HIPAA, PCI DSS, and NIST.
• Compliance Alignment: Patch management is required by nearly every major security and privacy regulation. Automated patching delivers the audit trails and evidence needed for compliance reporting and reduces manual workload for your IT team.

In short: Automated patch management is not a standalone solution—it’s a critical piece of your entire security strategy. By continuously updating and hardening your systems, it empowers your antivirus, backup, and user training to work more effectively. With Office Heroes, automated patching is integrated into your broader protection platform, reducing risk, simplifying compliance, and ensuring your organization stays secure with minimal disruption.

Cloud backup is a secure service that automatically copies your business data to encrypted, offsite servers in the cloud. This ensures your critical information is protected from loss due to cyberattacks, hardware failures, accidental deletions, or natural disasters. If something goes wrong, you can quickly restore your data and keep your business running smoothly.

With Office Heroes, cloud backup is managed and monitored for you, so you always have a reliable, up-to-date copy of your data—no manual effort required. This level of protection is essential for meeting regulatory requirements and maintaining business continuity.

With Office Heroes cloud backup, you can recover single files or folders in just minutes, and restore entire systems or servers within a few hours, significantly faster than traditional backup methods. Our automated recovery process minimizes downtime and gets your business back up and running quickly, whether you’re restoring after accidental deletion, hardware failure, or a cyberattack.

Your data is protected with end-to-end encryption—meaning it’s encrypted before it leaves your device, during transfer, and while stored in the cloud. Only authorized users with the correct credentials can access or restore your files. Office Heroes follows industry best practices for cybersecurity and compliance, so your information remains confidential and secure at all times.

You can restore exactly what you need, whether it’s a single document, a folder, or your entire device. Office Heroes’ cloud backup gives you flexible recovery options, so you can quickly retrieve individual files or perform a full system restore, anytime.

For most businesses, we recommend that backups run automatically at least once per day. For critical or frequently changing data, hourly backups provide even greater protection. With Office Heroes, backup schedules are fully automated and can be customized to meet your organization’s needs—ensuring your most important information is always protected and up to date.

If your internet connection goes down, your scheduled cloud backups will pause automatically and resume as soon as your connection is restored—so no data is lost. As soon as you’re back online, you can access and restore your backed-up data from the cloud. Office Heroes’ backup solutions are designed for resilience and reliability, ensuring continuous protection even if there’s a temporary outage.

You’ll receive immediate alerts for critical threats—often within seconds. Our Norfolk-based Security Operations Center (SOC) analysts follow up with guidance and support, so you’re never left in the dark.

Office Heroes detects and responds to a wide range of threats, including malware, ransomware, suspicious logins, insider risks, policy violations, and more, whether you’re in the office or working remotely.

No extra hassle for your team. We handle all setup, providing the endpoint monitoring agents and secure cloud management tools needed for complete protection.

All investigations and remediation steps follow strict confidentiality and compliance protocols. Every action is encrypted, tracked, and fully auditable to safeguard your sensitive data.

Not at all. Our monitoring tools operate silently in the background, designed for minimal impact on system performance while delivering maximum security.

24/7 monitoring and incident response help you meet regulatory requirements by providing detailed audit trails, real-time reporting, and technical controls needed for compliance with HIPAA, PCI, GLBA, FTC Safeguards Rule, and more.

You’ll receive a comprehensive incident report with recommendations for strengthening your defenses. We also assist with compliance documentation and insurance notifications if required.

Absolutely. Many Norfolk-area businesses trust Office Heroes for their cybersecurity needs, just ask us for case studies or testimonials from organizations like yours.

Absolutely. Many Norfolk-area businesses trust Office Heroes for their cybersecurity needs, just ask us for case studies or testimonials from organizations like yours.

Antivirus and firewalls are important, but they’re not enough on their own. Office Heroes provides continuous human monitoring, advanced threat detection, and live incident response—offering protection far beyond traditional tools.

Getting started is fast and easy—most clients are fully onboarded and protected within a few days. We take care of all configuration, initial security scans, and training.

Unlike break/fix IT, Office Heroes delivers proactive protection, rapid response, and expert help before, during, and after any incident—all for predictable monthly pricing.

Call our emergency support line anytime—our local security experts in Norfolk are on call 24/7 to help you contain, investigate, and recover from incidents.

Pricing is flexible and designed for SMBs. Costs depend on the number of devices and the level of coverage you need. Contact us for a quick, no-pressure quote tailored to your business.

Office Heroes’ unified security compliance reports provide a clear, organized summary of your compliance status across multiple frameworks—including HIPAA, PCI DSS, NIST, SOC 2, CMMC, GLBA, and more. Each report maps the specific controls required by each standard, links directly to your supporting evidence (like policies, logs, or training records), and includes risk scores and recommended remediation actions. All content is auditor-ready and structured to make compliance reviews fast and painless.

Yes. Our platform is designed for regulated businesses and supports multiple frameworks simultaneously—including HIPAA, PCI DSS, and others. Reports are automatically mapped to the exact controls required by each regulation, so you can be confident your coverage is complete and up-to-date, whether you’re preparing for a healthcare, financial, or cybersecurity audit.

bsolutely. Office Heroes’ compliance platform includes vendor and third-party risk management. You can send automated questionnaires, score vendor responses, and generate real-time reports to monitor the compliance status of your supply chain—making it easy to document and enforce third-party requirements for your industry.

Reports can be updated in real time or on a schedule that matches your business needs—daily, weekly, monthly, or before key audits. This means you’re always audit-ready, with up-to-date information and clear visibility into your current compliance posture, not just at year-end or during assessment season.

Yes. All unified compliance reports are fully exportable in popular formats (PDF, Excel), complete with all supporting evidence and documentation. This makes it simple to share your reports with auditors, insurance providers, or executive leadership—streamlining reviews and insurance applications.

Unified reporting automates the evidence collection process, continuously logs all security activities, and maps each action to the relevant compliance control. This saves time and eliminates manual documentation, making it much faster and less stressful to prepare for any audit or examination.

Our solution supports a broad range of industry frameworks and regulations, including HIPAA, PCI DSS, SOC 2, NIST, CMMC, ISO 27001, GLBA, and GDPR. This allows you to manage, monitor, and report on multiple compliance standards from a single, centralized dashboard—no more juggling spreadsheets or separate tools.

Yes. Security awareness training participation, completion rates, and user attestations are automatically tracked and included in your compliance reports. This ensures you can easily demonstrate training compliance for your staff and meet regulatory and audit requirements.

endor and third-party compliance is managed through built-in risk assessments, automated questionnaires, and scoring tools. You’ll have a full view of your vendor landscape, with documentation of all compliance evidence and risk levels, helping you stay ahead of regulatory requirements and supply chain risks.

Yes. Office Heroes’ compliance platform integrates seamlessly with Microsoft 365, and many other IT and security systems. This makes it easy to aggregate compliance data and evidence without disrupting your current technology stack.

Absolutely. The platform’s dashboard provides historical analysis, trend tracking, and real-time gap detection. This allows you to monitor your compliance progress, quickly spot emerging issues, and take proactive steps to close any gaps before your next audit.

You’ll receive immediate alerts for any compliance issue or gap, prioritized by risk level. The platform guides you through clear remediation steps to resolve the issue quickly and provides documentation for audit or insurance follow-up. Our team is available to support your response as needed.

Office Heroes’ unified reporting and compliance platform is designed for small and medium-sized businesses but scales easily for larger organizations. It features easy onboarding, intuitive dashboards, and role-based access co

All compliance data is encrypted both in transit and at rest. The platform uses granular, role-based access controls and maintains full audit logs for every action, ensuring only authorized users can access or modify sensitive compliance information.

Yes! Office Heroes offers expert compliance consulting, risk assessments, and strategic planning to help you build a robust security and compliance program tailored to your industry and regulatory needs. We’re more than just a technology provider—we’re your trusted compliance partner.

With Office Heroes’ 24/7 monitoring and Mobile Device Management (MDM), we can detect threats on remote devices in real time. If a device is compromised, we can remotely isolate it from your network or wipe all business data, often within minutes. This rapid response helps prevent data breaches and ensures your workforce stays protected, wherever they’re working.

Absolutely. Any device connected to your network, including printers, smart TVs, and Internet of Things (IoT) devices, can be a potential entry point for cyber threats. Office Heroes treats these as endpoints: we recommend regular patching and firmware updates, restricting network access to only what’s necessary, and continuously monitoring for unusual or unauthorized activity. This layered approach reduces your risk and protects your organization.

We fully support secure Bring Your Own Device (BYOD) environments. Employees are required to enroll their personal devices in our MDM platform and agree to compliance policies. Business data is kept separate from personal apps and files, and if the device is lost, stolen, or an employee leaves, we can remotely wipe only the business data—leaving personal information untouched. This keeps your organization secure while respecting employee privacy.

If a device is lost or stolen, Office Heroes can respond immediately using remote management tools. We remotely lock or wipe the device through Mobile Device Management (MDM) to prevent unauthorized access to sensitive data. All business data is encrypted by default, and with automatic cloud backups, you can quickly restore your information to a new device and maintain business continuity.