Cybersecurity for regulated SMBs in Puerto Rico

Your insurance carrier is asking questions.
We make sure you can answer them.

SecTYCS is a cybersecurity firm led by a CISM and ISACA Authorized Trainer. We work with healthcare providers, CPA firms, financial institutions, and PCI-bound retailers across Puerto Rico who need real compliance — not just a checkbox.

Schedule your security consultation

Certifications CISM · CDPSE · ITIL · MCP

ISACA Designation Authorized Trainer

Sectors served Healthcare · Accounting · Financial · Legal · PCI Retail

Coverage All of Puerto Rico

Who we work with

Regulated businesses in Puerto Rico face federal requirements that were written for large enterprises — HIPAA, FTC Safeguards Rule, PCI-DSS, GLBA. The penalties apply to you the same way they apply to them.

Healthcare providers

Medical offices, behavioral health practices, and administrative business associates subject to HIPAA and OCR audits. We assess technical safeguards, conduct risk analyses, and help you build the documentation the rule actually requires.

CPA & accounting firms

Firms handling client financial records are covered entities under the FTC Safeguards Rule. The rule requires a written information security program — and your carrier will ask for it. We write it with you, then verify the controls are working.

Financial services

Credit unions, mortgage brokers, and insurance agencies under OCIF and GLBA jurisdiction. We align your security program to the requirements that apply to your license and your examiner.

PCI-bound retailers & hospitality

Businesses processing cards under PCI-DSS need a validated security posture to maintain their merchant account. We conduct gap assessments against the applicable SAQ and close the findings.

What we do

IT Security Assessment

A structured evaluation of your technical controls, access policies, network posture, and compliance gaps. You get a prioritized findings report and a remediation roadmap — written for a business owner, not a security engineer.

See how it works →

Monthly Security Maintenance

Ongoing monitoring, patch verification, policy updates, and quarterly reviews. For businesses that need a security function without hiring a full-time security team.

See what's included →

Virtual CISO (vCISO)

Strategic security leadership for organizations that need a CISO-level voice in the room — for board presentations, auditor conversations, and vendor risk decisions — without the executive headcount.

Learn more →

From the blog

Practical guidance on HIPAA, FTC Safeguards, PCI-DSS, and cyber insurance — written for business owners and office managers in Puerto Rico.

Read the blog →

Not sure where your gaps are?

In an initial consultation we listen to your situation — what regulations apply, what your insurance carrier is asking, and what an assessment would actually involve. You leave with clarity on your next step.