BridgeMark – Trust Center

Trust Center

How we protect your organization’s data, systems, and people — and what you can expect from BridgeMark

BridgeMark delivers practical, right‑sized security across identity, endpoints, email, network, backup, and operations. This page outlines our standard controls, operating procedures, and how we partner with customers and vendors. For formal security questionnaires, request our latest packet.

Security Posture

Identity

  • MFA & Conditional Access for admin access
  • Least‑privilege roles and break‑glass accounts
  • Quarterly access reviews and joiner/mover/leaver

Endpoints

  • EDR on managed devices; patch compliance tracking
  • Disk encryption and screen‑lock standards
  • Browser extension governance

Email & Collaboration

  • SPF/DKIM/DMARC configured; phishing training
  • Malware/impersonation filtering; safe links/attachments
  • Retention & secure sharing defaults

Network

  • Firewall policy, segmentation (VLAN/ACL)
  • Site‑to‑site VPN and secure remote access
  • Content filtering and logging

Backup & Recovery

  • 3‑2‑1 strategy; immutable/offsite tiers where feasible
  • Quarterly test restores and documentation
  • Recovery objectives agreed per system

People & Process

  • Security awareness & phishing simulations
  • Incident runbooks & tabletop exercises
  • Vendor security reviews as needed

Compliance Mapping

We align pragmatic controls to common frameworks and insurer questionnaires. On request, we provide mapping matrices.

CIS Controls (v8) — core mapping Cyber Insurance Baselines FERPA (K‑12) applicability HIPAA‑lite (small clinics) NIST‑inspired good practices

Vulnerability & Patch Management

AreaStandard
OS & App PatchingMonthly patch cadence (expedited for critical CVEs); reports in QBRs
EDRDeployed on supported endpoints; alerts triaged with documented runbooks
FirewallsChange control with backups; rule hygiene and content filtering reviews
BackupsDaily jobs monitored; quarterly test restores with screenshots and logs

Incident Response

First 72 Hours

  • Containment & isolation; evidence preservation
  • Stakeholder & insurer communications support
  • Forensic‑light review & blast radius assessment

After Containment

  • Corrective actions & control hardening
  • User re‑education and phishing refreshers
  • After‑action report & roadmap updates

IR retainer available for priority response; we coordinate with your legal/insurance requirements.

Data Handling

Customer Data

We access only what’s needed to deliver services; least‑privilege accounts; change logs retained.

Encryption

Data in transit protected with TLS; full‑disk encryption on supported devices.

Retention

Tickets, logs, and backups retained per agreement; disposal follows secure procedures.

Vendor & Tooling

Standards

We prefer reputable vendors with clear support paths, security updates, and admin audit logs.

Access

Admin access scoped and logged; shared credentials avoided; break‑glass accounts documented.

Reviews

Tooling reviewed periodically for performance, cost, and security fitness.

Downloads & Requests

Security Packet

Request our latest security questionnaire responses and policy snapshots (MNDA available).

Request Packet

Policies (Samples)

  • Acceptable Use Policy (AUP)
  • Password/MFA Policy
  • Incident Response Overview

We provide customer‑tailored versions during onboarding.

Contact the Security Team

Questions about security, data handling, or incident coordination?

BridgeMark Inc.
Secure • Explained • Operational IT