// breach.cyber.essentials
Your cyber insurance renewal asks for these. Generic templates fail underwriter review. We build policies around how your business actually runs — reviewed and signed by Jeff O'Connor, Principal at Breach Security LLC.
// why.breach
Cyber insurers are tightening underwriting. They're rejecting generic templates and asking for evidence that your policies reflect how your business actually operates. We built the system to answer that.
Our compliance team drafts each policy using a regulatory documentation framework. Jeff O'Connor personally reviews and signs every delivery. Your policies are not AI-generated and we do not pretend otherwise.
Every policy cites the specific controls it satisfies: NIST CSF 2.0, CIS Controls v8, and ISO 27001:2022. Each document maps content to primary-source citations so your auditor or underwriter can verify compliance without guesswork.
Written to satisfy the questions your cyber insurer asks at renewal and the vendor questionnaires your enterprise clients send before onboarding you. Not written to sit in a drawer.
// how.to.buy
Three ways in. Pick the option that matches how many policies your business needs.
All three options deliver the same quality: custom-built, human-reviewed, Jeff-signed policies. The difference is scope and how we handle your intake questionnaire.
Any one of the 12 policies, custom-built for your business. Use our policy picker to choose which one you need. PDF + DOCX. One revision included.
Buy Now →Pick any 5 of the 12 policies. Use our bundle picker to select the five that fit your business, then check out. Single intake covers all 5.
Build Your Bundle →All 12 policies, one intake, one delivery. Complete cybersecurity policy library for any SMB. Covers every topic your cyber insurer and enterprise clients will ask about.
Get the Full Pack →// what's.in.the.catalog
12 modular security policies, each custom-built for your business. Browse the catalog below. Buy any one, pick a bundle of 5, or get the full pack — use the purchasing options above.
What employees may and may not do on company systems and networks. Monitoring, personal use limits, and sanctions.
Rules for employee-owned devices accessing company data. Eligible devices, required controls, wipe rights, and offboarding.
Security expectations for off-premises work. Home network requirements, VPN access, public WiFi rules, and physical workspace standards.
Account credential and authentication standards. Password complexity, MFA scope, privileged-account rules, recovery flows, and shared-account ban.
How long data lives and how it ends. Retention schedules, legal hold exceptions, NIST 800-88 destruction standards, and backup expiry.
Vetting and ongoing oversight of third-party software and service providers. Due diligence, required vendor controls, SOC 2/ISO requirements by tier, and annual review cadence.
What you do when something breaks or gets breached. Roles and call tree, severity tiers, containment steps, external notification procedures, and post-incident review.
Keeping the business running through data loss and system failure. Backup scope, 3-2-1 rule, RPO/RTO targets, restore-test cadence, and DR process.
Company-owned mobile device governance (distinct from BYOD). Issued-device inventory, MDM enrollment, OS update policy, lost/stolen reporting, and return at offboarding.
Phishing defense and sensitive-data handling in email and messaging. Approved channels by data type, phishing reporting flow, encryption requirements, and auto-forwarding ban.
Office, server room, and paper records. Access control, visitor policy, clean-desk standard, locked storage for sensitive paper, and camera policy.
Provisioning and deprovisioning checklist. New-hire access grant, training acknowledgements, departure access revocation (same-day), asset return, and knowledge handoff.
Not sure which policy fits your business? Email support@breachsecurity.io with your industry and team size — we'll send a recommendation within 1 business day.
// how.it.works
Four steps from purchase to delivery.
Select the policies your business needs and complete checkout via Stripe. Secure payment, no account required.
You receive an intake questionnaire link by email. Answer questions about your business: size, industry, existing tools, and specific needs. Takes 10-30 minutes depending on what you purchased.
Our compliance team drafts each policy using your intake answers and our regulatory documentation framework. Cites the specific NIST, CIS, and ISO controls that apply to your situation.
Jeff O'Connor, Principal at Breach Security LLC, personally reviews and signs every document before delivery. You receive PDF and editable DOCX. One revision pass is included.
// pricing
One-time per-policy purchase or bundle options. Annual refresh subscription available at $199/yr — covers all purchased policies.
Any one of the 12 policies, custom-built for your business. Use our policy picker to choose which one you need. PDF + DOCX. One revision included. Delivered within 5 business days of intake completion.
Buy Now →Pick any 5 of the 12 policies. Use the bundle picker to choose your five, then check out. Single intake questionnaire covers all 5. One delivery, one revision pass across the bundle.
Build Your Bundle →All 12 policies, one intake, one delivery. Complete cybersecurity policy library for any SMB. Covers every topic your cyber insurer and enterprise clients will ask about.
Get the Full Pack →Optional add-on. Annual policy updates as regulations and threat landscape change. Covers all purchased policies, once a year on your anniversary. Cancel anytime.
Add Annual Refresh →Covers all purchased policies. Cancel anytime.
// not.sure.what.you.need
Email support@breachsecurity.io with a brief description of your business and what you are trying to accomplish. We will tell you honestly which policies apply to your situation, whether our Cyber Essentials service is the right fit, or whether a custom consulting engagement is the better answer. No pressure, no upsell. If consulting is the better fit, we will quote it upfront before you commit to anything.
support@breachsecurity.io// faq
Is this AI-generated?
No. Our compliance team drafts each policy using a regulatory documentation framework built from primary sources (NIST, ISO, CIS). Claude, our AI drafting assistant, is used to polish prose and flag missing required clauses after the human draft is complete. Jeff O'Connor reads every output and edits before signing. We don't ship AI output directly and we don't pretend to.
How do you customize each policy for my business?
After purchase you receive an intake questionnaire link by email. It takes 10-30 minutes to complete depending on which policies you purchased. Your answers drive the content: your legal name, your industry, your employee count, your existing tools, your data types, your remote work model. Every clause that depends on your specific situation is populated from your intake answers. Questions with a fixed regulatory answer (required sub-sections, mandatory language) are pre-filled from the regulatory framework.
What if I need a revision?
One revision pass is included with every purchase, at no additional charge. You will receive a "request revision" link with your draft delivery. Describe what you want changed. We revise and re-deliver within two business days. A second revision is a paid change order at $99 flat per policy revised, quoted via email before any work begins.
Will this satisfy my cyber insurance application?
We build to the specific controls and language that underwriters ask for. Every policy maps to named controls in NIST CSF 2.0, CIS Controls v8, and ISO 27001:2022 and includes the framework citations in the document body. Whether any given underwriter accepts any given policy is ultimately their call. We cannot guarantee insurer acceptance, but we build to what insurers ask for, and Jeff personally reviews every document against current underwriting expectations before signing.
What if I'm in a regulated industry (HIPAA, PCI-DSS, SOC 2)?
Cyber Essentials policies are designed for any SMB and are not vertical-specific. For HIPAA-regulated healthcare practices, see our Healthcare Compliance product line. For businesses with significant PCI or SOC 2 obligations, email us at support@breachsecurity.io before purchasing. We will tell you if Cyber Essentials covers your needs or if a custom engagement is more appropriate.
Who is Jeff O'Connor?
Jeff O'Connor is the Principal of Breach Security LLC, a cybersecurity services company registered in Georgetown, Indiana. He has built and operated automated trading systems, compliance documentation frameworks, and security infrastructure across several business domains. He personally reviews and signs every Cyber Essentials policy delivered under this service. His signature on the document means a human read it, not a pipeline.
How does the annual refresh subscription work?
Add the Annual Refresh subscription at $199/yr — it covers all your purchased policies (not per-policy). Each year on your purchase anniversary, we re-render your policies against the latest NIST, CIS, and ISO standards, compare the output to what we delivered originally, and re-deliver updated, signed documents if anything has materially changed. If no material changes are needed, we will notify you that your policies remain current. Your subscription renews either way. Cancel anytime.
What is your refund policy?
If the Cyber Essentials service is not what you needed, email support@breachsecurity.io within 7 days of purchase for a full refund. Include your order ID. Refunds are issued back to your original payment method within 5 business days. See the full refund policy.
// annual.refresh
// optional add-on
Optional add-on. Annual policy updates as regulations and threat landscape change. Cancel anytime. Covers all purchased policies, once a year on your anniversary. When NIST, CIS, or ISO standards materially change, you receive updated, Jeff-signed documents automatically — no additional purchase needed.
Purchase the policies your business needs. You will receive an intake questionnaire link by email within minutes. We get to work the same day.