IT Compliance Delivered To Ensure Confidence
Compliance is not a checkbox. It is an ongoing program that requires the right documentation, the right controls, and a partner who understands what auditors, regulators, and insurers are actually looking for. ComplyIT is DivergeIT’s dedicated IT compliance offering, structured in three tiers to meet your organization wherever it is in its compliance journey.
Whether you are preparing for your first audit, working toward HIPAA, CMMC, or ISO 27001 alignment, or looking to maintain and mature a compliance program already in place, ComplyIT gives you the documentation, visibility, and expert guidance to get there and stay there.
Why IT Compliance Is
Critical To Your Organization
IT Compliance Designed For Your Organization
ComplyIT
Core
Included with all ManageIT plans
ComplyIT Core is ideal for organizations meeting the minimum necessary standards to operate safely and responsibly in their environment.
Your devices, email, backups, and patches are documented with the evidence auditors look for
A complete inventory of all hardware and software in your environment is maintained and kept current
Your onboarding and offboarding processes are documented so access is always accounted for
Starter policy templates are customized for your organization covering acceptable use, passwords, and security
Your cybersecurity insurance questionnaire is supported with documentation that demonstrates your controls
Devices that fall out of compliance are identified and reported so gaps do not go unnoticed
ComplyIT
Plus
ComplyIT Core is ideal for organizations with structured security policies and active steps to meet industry or contractual compliance requirements.
Everything In ComplyIT Core +
Your compliance posture is evaluated annually against CIS Controls or the NIST Cybersecurity Framework with a clear gap report and remediation plan
Multi-factor authentication is verified, documented, and tracked across your key systems
Your backups are tested quarterly and recovery capabilities are formally documented against defined recovery time objectives
Vulnerabilities across your environment are scanned monthly and tracked through to remediation
Your core policies are formally deployed and staff awareness is documented
An annual risk assessment is produced with an executive summary suitable for board and leadership reporting
Infrastructure health including servers, storage, and uptime is continuously monitored and documented
Changes to your IT environment are tracked and approved through a formal process with rollback plans in place
ComplyIT
Pro
Per Month
ComplyIT Pro is ideal for organizations with high regulatory exposure or strategic compliance goals, requiring full assurance, documentation, and readiness for audit or certification.
Your controls are formally mapped to HIPAA, CMMC, ISO 27001, or your applicable framework with audit-ready evidence packages
Everything In ComplyIT Plus +
Quarterly disaster recovery exercises are conducted and documented to prove your recovery capabilities hold up under pressure
Security awareness training is assigned, tracked, and documented for every user in your organization
Third-party vendors are assessed for security risk and those assessments are maintained and updated regularly
When an audit comes, our team supports evidence gathering, auditor communication, and gap remediation from start to finish
Policies are custom-built for your organization and kept current as your operations and requirements evolve
Your complete asset lifecycle from procurement through secure retirement is tracked and documented in a centralized system
Custom detection rules and incident response playbooks are documented and validated to demonstrate your response capabilities to auditors
Not sure about the level of IT Compliance support you need? We can help you determine the right solution.
What Is Included at Each ComplyIT Tier
ComplyIT
Core
Plus
Pro
Antivirus and Endpoint Protection Documentation
Verification and documentation of endpoint protection deployment across all devices, providing audit evidence that your environment is protected and monitored in accordance with applicable controls.
Core
Plus
Pro
Email Filtering Configuration Records
Documentation of Exchange Online Protection configuration including spam filter tuning, malware scanning, and quarantine management to demonstrate compliant email security practices.
Core
Plus
Pro
Backup Scheduling and Monitoring Documentation
Ongoing validation and documentation of backup operations including schedule records, daily monitoring logs, and retention policy implementation to provide audit evidence of business continuity controls.
Core
Plus
Pro
OS and Application Patching Records
Tracking and reporting of systematic patching activity including compliance monitoring reports and patch status documentation to provide evidence that systems are maintained in accordance with written policy.
Core
Plus
Pro
Asset Inventory Documentation
Maintenance of comprehensive hardware and software inventory records providing audit evidence that your asset inventory is current and complete in accordance with applicable controls.
Core
Plus
Pro
Onboarding and Offboarding Process Documentation
Records of consistent user lifecycle management including access provisioning and revocation checklists, providing audit evidence that user access is managed in compliance with applicable requirements.
Core
Plus
Pro
SLA Tracking and Performance Reporting
Monitoring and documentation of service level achievement with trend analysis and monthly summaries providing accountability evidence for auditors and leadership.
Core
Plus
Pro
System and Vendor Documentation
Foundational documentation covering system configurations, vendor contacts, network diagrams, and runbooks providing audit evidence that IT systems and vendor relationships are properly documented.
Core
Plus
Pro
Starter IT Policy Templates
Customizable policy framework including acceptable use, password, and security policy templates tailored to your compliance framework requirements, providing evidence that governance policies are established and in place.
Core
Plus
Pro
Cybersecurity Insurance Evaluation Support
Documentation supporting cybersecurity insurance requirements including completed questionnaires, security control evidence, and gap identification to demonstrate the controls insurers require.
Core
Plus
Pro
Non-Compliant Device Reporting
Ongoing scanning and reporting of devices not meeting security baselines with remediation request submissions and compliance trending, providing audit evidence of visibility and active remediation efforts.
Core
Plus
Pro
Immutable Backup Testing and Documentation
Quarterly validation records of immutable backup integrity and recoverability using Datto, providing auditors with evidence that backups will work when needed most.
Core
Plus
Pro
Annual CIS and NIST Compliance Assessment
Annual evaluation against CIS Controls or the NIST Cybersecurity Framework with gap identification, prioritized remediation recommendations, and compliance status documentation demonstrating security maturity.
Core
Plus
Pro
MFA Enforcement Documentation
Verification and documentation of multi-factor authentication enforcement across Microsoft 365 and key applications including conditional access policy records and user enrollment tracking.
Core
Plus
Pro
Monthly Vulnerability Scan Reports
Ongoing external vulnerability monitoring with risk-based prioritization records and remediation tracking providing audit evidence of a proactive vulnerability management program.
Core
Plus
Pro
Core Policy Deployment and Tracking
Deployment and documentation of Acceptable Use, Access Control, and Incident Response policies with communication records demonstrating that governance requirements are established and staff-aware.
Core
Plus
Pro
Annual Advanced Risk Assessment
Annual risk assessment documentation including identified threats, risk analysis, prioritized remediation recommendations, and an executive summary suitable for leadership and board reporting.
Core
Plus
Pro
Asset Lifecycle and License Compliance Tracking
Ongoing documentation of device age, warranty status, refresh planning, and software license compliance providing audit evidence that asset lifecycle and licensing are actively managed.
Core
Plus
Pro
Quarterly Backup Validation and RTO/RPO Documentation
Quarterly recovery testing records with RTO and RPO documentation confirming recovery objectives are being met, providing compliance evidence of tested recovery capabilities.
Core
Plus
Pro
Infrastructure Monitoring Documentation
Ongoing monitoring and alerting records covering CPU, memory, disk utilization, and uptime providing audit evidence that infrastructure health is actively tracked and reviewed.
Core
Plus
Pro
Change Management Process Documentation
Change request records, approval documentation, maintenance window scheduling, and rollback planning records providing audit evidence that a change management process is implemented and followed.
Core
Plus
Pro
Compliance Policy Enforcement and Remediation Tracking
Automated compliance scan results, policy enforcement logs, and remediation workflow documentation providing ongoing evidence of active compliance management and exception handling.
Core
Plus
Pro
Compliance Trend Analysis and Risk Scoring
Historical compliance trending reports with risk score calculations and executive reporting helping leadership focus security investments based on data and demonstrate improvement over time to auditors.
Core
Plus
Pro
Framework-Specific Control Mapping and Evidence Packages
Control mapping documentation and evidence packages aligned to HIPAA, CMMC, ISO 27001, or other applicable frameworks providing auditors and regulators with the specific compliance evidence they require.
Core
Plus
Pro
Quarterly Disaster Recovery Testing and Documentation
Comprehensive quarterly DR exercises with Datto backup validation, recovery time testing, and documented evidence demonstrating disaster recovery capabilities for compliance purposes.
Core
Plus
Pro
Security Awareness Training Tracking
Training assignment and completion records for all users with periodic refresher documentation providing audit evidence that security awareness training is assigned, tracked, and completed organization-wide.
Core
Plus
Pro
What Our Clients Say About Us
Find out why so many companies prefer us over others!
Suzanne L.
Our IT partner for over 15 years!
"DivergeIT has been our IT partner for over 15 years. They are exceptional managers of our IT environment, and they’ve been in sync with our business goals every step of the way"
Richard C.
Big enough to be the best, but also small enough to care
"We wanted an IT partner that was big enough to be the best, but also small enough to care about us and make us a priority and I feel very happy with our decision to partner with DivergeIT.
RITIS has been a game changer for my business by aggregating all my data in real-time from my infrastructure, Microsoft 365, and accounts, enabling me to meet audit and compliance requirements and make intelligent business decisions, giving me a big boost in confidence."
Peter G.
Exceed our service level expectations...
“I highly recommend DivergeIT. They’ve been our IT provider for 5 years and continue to exceed our service level expectations by every measure."
David E.
We can maintain complete focus
"We chose DivergeIT to manage our corporate IT so we can maintain complete focus on running our core business."
Eric M.
I’m able to focus solely on growing
"Before DivergeIT, valuable parts of my day were used for IT issues and now I’m able to focus solely on growing & managing my business while leaving all the IT issues to them."
Charles S.
High-quality managed services
“DivergeIT perfectly augments our internal IT team with specialized subject matter experts, high-quality managed services, and well-scoped project consulting."
Greg H.
One of the best decisions we've made
"In this world of specialization, outsourcing to DivergeIT is one of the best decisions we have made, which has freed us up to focus on what we do best."
Alex B.
They have never let me down
"For over 10 years I’ve relied on DivergeIT to completely manage all of our IT systems and they have never let me down, which isn’t easy in our industry."
Darren K.
Outstanding customer service
“One of DivergeIT’s greatest strengths is their ability to provide outstanding customer service while completely supporting our Information Technology Systems."
Linda A.
Never have to stress about any down time.
“Our attorneys and staff don’t ever have to stress about any down time. The team at DivergeIT has us working smoothly and seamlessly every day. No IT loss-time equates to maximum efficiency for our clients!”
Gary R.
They produced an amazing AI tool...
"We had an excellent time working with the DivergeIT Team! The team produced an amazing AI tool that is going to maximize our team's efficiency."
Darrell Schulz
DivergeIT has been an excellent partner
"DivergeIT has been an excellent partner for The Klabin Company. Their team is responsive, knowledgeable, and always goes the extra mile to ensure our systems run smoothly. They provide top-notch IT support and consistently deliver high-quality service. Highly recommend!"
Bijan R.
Highly recommend talking to this team of engineers
"When we sold our nationwide business, DivergeIT was a great IT resource for us. They conducted a complete IT health assessment for us making our buyer feel confident that our IT environment was safe. This was an essential part of our acquisition. Highly recommend talking to this team of engineers. They are also very fairly priced."
Erin A.
The attention to detail and personalized care truly stood out
"I recently had the pleasure of experiencing outstanding service at DivergeIT. From the moment I walked in, I was greeted warmly by the staff, who went above and beyond to ensure my comfort and satisfaction throughout my visit. The attention to detail and personalized care truly stood out. Not only was the service prompt and efficient, but the staff also took the time to anticipate my needs, making me feel valued as a customer."
Bedrock Fiduciaries
We hired DivergeIT to help us really tighten things up
"We take data security very seriously, and though we felt we had a lot of good protocols in place, we hired DivergeIT to help us really tighten things up. They customized their approach to our needs and were able to very surgically and efficiently help us do just that. Many thanks to the team at DivergeIT."
Scotty C.
DivergeIT has been a game changer for us
"DivergeIT has been a game changer for us. Their skilled professionals tailor solutions to meet unique client needs, fostering long-term, trust-based partnerships."
Sahar S.
They were prompt, professional and fair every step of the way.
"When I needed my IT project completed in a timely manner and wanted to make sure it was done properly, DivergeIT came through. They were prompt, professional and fair every step of the way."
WC H.
Stellar service and expertise
"DivergeIT has been a vital partner for our organization for years. Stellar service and expertise!"
Little Trendsetter
Great customer service and a talented team
"DivergeIT was quick to respond to our compliance needs and get us setup to pass our audit quickly! Great customer service and a talented team of engineers!!"
Negar F.
Super insightful
"Super insightful and beneficial to my business decisions!"
Pamela A.
DivergeIT responds quickly
"DivergeIT responds quickly and their technicians jump in and get my issues solved immediately! Highly recommend!"
Richard P.
Friendly service
"Excellent, fast, and friendly service."
Remi W.
Extremely helpful
"Extremely helpful and made the process simple."
Graham H.
Couldn't be happier with their service and support!
"DivergeIT helped my office migrate to a cloud system and their team was fantastic. Our project was completed flawlessly, on time, and on budget. They keep our data safe and secure and have been extremely quick to help when we need it. Couldn't be happier with their service and support!"
Lauren P.
They genuinely care about their clients
"I had the pleasure of working with Suren and Ben at DivergeIT. Not only are these guys highly professional and know what they’re doing, they genuinely care about their clients and helping them. If your business is looking for IT expertise and people that care about your company and your success, you cannot go wrong with these guys. Cannot recommend them more!"
Carmen B.
DivergeIT's help desk is always very supportive
"DivergeIT's help desk is always very supportive and responsive, even when I don't know what I am talking about. Making is more difficult to diagnose system's issues. The team is very friendly and often offers alternatives if I am having difficulty finding an application solution. I would recommend the DivergeIT team without reservation."
Star Z.
Incredibly knowledgeable and always available
"I have been thoroughly impressed with the services provided by Diverge IT. Their team is incredibly knowledgeable and always available to assist with any technical issues, no matter the time of day. Their commitment to customer service is unparalleled, and they have consistently gone above and beyond to ensure our IT systems run smoothly. I highly recommend Diverge IT to any organization looking for reliable and cutting-edge IT support. Their expertise and dedication make them a standout in the industry."
Matti R.
DivergeIT was a big part of my success.
"DivergeIT was a big part of my success. Without their IT support we could have never gotten to where are now with out IT infrastructure."
Scott M.
Very happy with the entire process
"Recently made the transition to DivergeIT and very happy with the entire process."
The DivergeIT Difference in Compliance
Compliance documentation is only as valuable as the accuracy and consistency behind it. Most organizations discover gaps in their compliance program when an auditor finds them first.
DivergeIT takes a different approach. We build compliance programs that are accurate by design, continuously maintained, and ready for audit before the auditor calls. Every ComplyIT engagement produces real evidence, not documentation created after the fact.
Whether you are working toward HIPAA, CMMC, ISO 27001, SOC 2, or a cybersecurity insurance requirement, ComplyIT is mapped to the specific controls and evidence standards your framework requires.
ComplyIT works alongside ManageIT and SecureIT to turn the work already being done in your environment into documented, audit-ready compliance evidence.
Compliance is not something you prepare for once a year. ComplyIT maintains your documentation, monitors your controls, and tracks remediation continuously so you are never starting from scratch when an audit comes around
Frequently Asked Questions About ComplyIT
ComplyIT is DivergeIT’s tiered IT compliance offering covering documentation, control implementation, framework alignment, risk assessments, audit support, and ongoing compliance monitoring. It is available in three tiers designed for different levels of compliance maturity and regulatory requirement.
Our Pro compliance tier includes specific control mapping and evidence packages for HIPAA, CMMC, ISO 27001, and other applicable frameworks. Core and Plus tiers align to CIS Controls and the NIST Cybersecurity Framework as foundational compliance baselines.
SecureIT is our cybersecurity offering focused on active protection including threat detection, monitoring, and incident response. ComplyIT is our compliance offering focused on documentation, evidence management, and audit readiness. The two work together. SecureIT does the work, ComplyIT proves it.
ManageIT and SecureIT deliver the operational and security controls that compliance frameworks require. ComplyIT takes that work and turns it into structured, audit-ready documentation and evidence packages. For organizations with active compliance obligations, ComplyIT bridges the gap between doing the right things and being able to prove it to an auditor.
Our compliance offering is designed for any organization with compliance obligations including healthcare organizations subject to HIPAA, defense contractors pursuing CMMC, financial services firms, legal organizations, and any business that carries cybersecurity insurance or operates under contractual security requirements.
Timeline depends on your current compliance posture and the framework you are working toward. Our team conducts an initial assessment to identify where you stand and what is needed to reach your compliance goals. Many organizations see meaningful progress within the first 90 days.
If your organization handles sensitive customer data, operates in a regulated industry, carries cybersecurity insurance, or works with government contracts, the answer is almost certainly yes. Beyond regulatory requirements, a formal compliance program reduces your risk exposure and demonstrates to clients and partners that your organization takes security seriously.
Featured Resources
