Skip to content

Vantus Care

Security Baseline Minimums

What we enforce across every Care engagement, regardless of tier.

Talk to us about Care

Care signal board

Three promises that stay visible on every Care page.

Client-owned by default

No hardware subscriptions, no hidden equipment financing, no ownership confusion later.

Documented handoff

Tooling, runbooks, and configuration work are structured so your team can retain control.

Evidence every cycle

Monthly artifacts are written for audits, executive review, and calm change control.

Security baseline

The following standards apply across every Care engagement, regardless of tier. They are non-negotiable minimums—additional controls are layered per scope.

Baseline chamber

Access Governance

  • Least-privilege principle applied to all service and admin accounts
  • No shared admin credentials; individual accounts with role-based access
  • MFA enforced for all privileged accounts
  • Access reviews on any personnel change

Baseline chamber

Credential Handling

  • Secrets stored in a secrets manager—never in plaintext files, code, or email
  • Rotation schedules defined per credential class
  • Break-glass accounts documented, sealed, and audited

Baseline chamber

Patch & Drift Management

  • OS and application patches applied on a defined cadence (not ad hoc)
  • Baseline configuration drift checks run monthly or per trigger
  • Critical patches are evaluated and applied within SLA window

Baseline chamber

Endpoint & Network

  • Endpoint detection and response (EDR) deployed to all managed devices
  • Network segmentation reviewed and documented
  • Inbound attack surface reduced to authorized services only

Baseline chamber

Backup & Recovery

  • Backup coverage scoped per engagement; no assumed defaults
  • Recovery point objectives (RPO) and recovery time objectives (RTO) documented
  • Restore tests run on a defined schedule—not just backup verification

Baseline chamber

Documentation

  • Runbooks for all managed systems delivered to client
  • Change log maintained and retained per engagement tier
  • Incident response contacts and escalation paths documented

Note on scope

"Managed" means within the contracted Care scope. Security baselines do not apply to systems explicitly excluded from the engagement. Scope boundaries are defined in the master services agreement and reviewed at onboarding.

Vantus Care

Ready to talk about your environment?

We start with a fit assessment, then shape the care cadence around what your team actually needs—not around a template.

No hardware subscriptionsClient-owned outputsDocumented cadence
Talk to us about CareView Care Plans