Compliance

Security & Compliance

Effective Date: 6/30/2025

Last Updated: 2/22/2026

Crosby Technology Services, LLC (“CTECH,” “we,” “us,” or “our”) is committed to maintaining strong security controls, structured governance practices, and responsible data protection standards across our organization.

Security and compliance are not marketing claims – they are the result of documented processes, defined accountability, and continuous operational oversight.

Governance & Internal Controls

CTECH maintains internal policies and procedures designed to support secure service delivery and operational integrity.

Our governance model emphasizes:

• Role-based access control and least-privilege principles
• Multi-factor authentication enforcement
• Secure configuration standards
• Encryption of data in transit where applicable
• Incident response preparedness
• Vendor evaluation and oversight
• Ongoing review of operational controls

These measures are intended to reduce risk and support secure, reliable service operations.

Regulatory & Framework Awareness

CTECH does not issue compliance certifications or provide legal compliance determinations. However, our technical and operational practices are structured to support organizations operating in regulated or risk-sensitive environments.

Where applicable, our service delivery model aligns with security principles commonly associated with:

• HIPAA security standards
• NIST-based cybersecurity frameworks
• SOC 2 security categories
• PCI-DSS security considerations
• State and federal data protection requirements

Organizations remain responsible for their own regulatory filings, audit obligations, and formal certifications.

Vendor & Third-Party Oversight

CTECH utilizes select third-party vendors to support infrastructure, communication, monitoring, and security tooling.

Vendor relationships are evaluated based on:

• Security posture
• Data protection practices
• Contractual safeguards
• Operational reliability
• Long-term viability

Client data is never sold. Information is shared only as necessary to deliver contracted services and is subject to appropriate safeguards.

Related Policies

Additional governance documentation is available at:

• Privacy Policy
• Data Retention Policy
• Terms & Conditions
• Accessibility Statement

These policies outline how we collect, protect, retain, and manage information within our Website operations.

Continuous Improvement

Security and compliance are ongoing processes. CTECH continuously evaluates operational practices, technical controls, and vendor relationships to strengthen our overall security posture.

Updates to this page will be reflected in the “Last Updated” date above.