Frequently Asked
Questions
Answers to common questions about managed IT, cybersecurity, compliance, and working with Katalism.
General Questions
What does Katalism do?
We provide compliance-first managed IT and cybersecurity for regulated industries including healthcare, financial services, construction, education, and more.
What industries do you serve?
Healthcare, financial services (accounting, RIAs, broker-dealers), construction and government contractors, education, trade compliance consultants, and sports & fitness businesses.
Where is Katalism located?
Our headquarters is in Dallas, Texas, but we serve businesses nationwide with remote managed IT and cybersecurity services.
How long has Katalism been in business?
Katalism was founded in 2017 by Jameson Smallwood.
Compliance Questions
What compliance frameworks do you support?
HIPAA, FTC Safeguards, SOC 2, CMMC, NIST 800-171, ITAR, EAR, FERPA, CIPA, PCI-DSS, FINRA, SEC, and NIST AI RMF.
Do you help with compliance audits?
Yes. We prepare your documentation, evidence, and staff for compliance audits. Our clients consistently pass audits with zero findings.
What is the FTC Safeguards Rule?
The FTC Safeguards Rule requires financial institutions to implement comprehensive information security programs. Updated requirements include designating a Qualified Individual, written security plans, access controls, encryption, and annual penetration testing.
What is CMMC 2.0?
The Cybersecurity Maturity Model Certification is a DoD requirement for defense contractors handling Controlled Unclassified Information. CMMC 2.0 has three levels aligned with NIST standards.
Services Questions
What is managed IT?
Managed IT is outsourced day-to-day IT operations including helpdesk support, maintenance, monitoring, vendor management, and strategic planning — all for a predictable monthly fee.
Do you offer 24/7 monitoring?
Yes. We provide 24/7 threat monitoring, detection, and response across endpoints, networks, and cloud infrastructure.
Can you manage our Microsoft 365?
Yes. We configure, secure, and optimize Microsoft 365 for compliance including DLP policies, conditional access, MFA enforcement, and email security.
Do you provide on-site support?
Yes for the Dallas/Fort Worth area. For clients nationwide, we provide comprehensive remote support with average response times under 15 minutes.
Working With Us
What service-level agreements (SLAs) do you guarantee for response times and incident resolution?
Every Katalism client receives documented SLAs as part of their service agreement. For critical issues — such as a system outage or active security incident — our guaranteed response time is 15 minutes or less during business hours, with after-hours emergency support available 24/7. Non-critical issues are acknowledged within one business hour and resolved according to priority tier. All SLA performance is tracked and reviewed in your quarterly business reviews so you always know exactly how we're performing.
Can you supplement our existing IT team with a co-managed model?
Yes. Many of our clients have internal IT staff and engage Katalism for specialized security, compliance, and escalation support. In a co-managed arrangement, we define clear responsibilities — your team handles day-to-day operations while we manage security monitoring, compliance documentation, vulnerability management, and vCISO or vCIO functions. We integrate directly with your internal team's workflows and ticketing systems so there's no confusion about ownership.
How scalable are your services? Can you support a firm growing from 5 to 100 employees?
Absolutely — rapid growth is one of the scenarios we're built for. You can add users, offices, devices, and services without penalties or re-platforming. We adjust your plan monthly as your headcount changes, and your compliance posture scales with you — new employees get compliant workstations, MFA, and proper access controls from day one. We have supported clients through rapid headcount growth, multi-office expansion, and PE-backed acquisitions without service interruption. We offer both month-to-month and annual agreements, with most clients choosing annual terms for rate stability.
What is your onboarding process, and how long does it take?
Onboarding typically takes 2–4 weeks depending on the size and complexity of your environment. The process includes a technical discovery audit, documentation of your current systems and compliance posture, migration of management tools, deployment of security agents, and configuration of monitoring and alerting. We assign a dedicated onboarding project manager and provide your team with a clear timeline and checklist. A one-time onboarding fee covers the technical assessment, documentation, and system migration — this is detailed in your proposal before you sign.
Trust & Security
What certifications and qualifications does your team hold?
Our team holds industry-recognized certifications including CompTIA Security+, CompTIA Network+, and Microsoft 365 certifications. Our vCISO practitioners bring deep expertise in HIPAA, FTC Safeguards, SOC 2, CMMC, and NIST frameworks gained through years of hands-on compliance implementation across regulated industries. We invest in continuous training to stay current with evolving regulations and emerging threats. A detailed list of team certifications is available upon request during the evaluation process.
Do you carry cyber-liability insurance, and can you help with our insurance requirements?
Yes, Katalism maintains professional liability and cyber-liability insurance coverage, and we can provide certificates of insurance upon request. Beyond our own coverage, we regularly assist clients with their cyber-insurance applications and renewals — including completing security questionnaires, providing documentation of your security controls, and ensuring your environment meets the technical requirements that insurers increasingly demand. A strong security posture often leads to lower premiums, and our compliance documentation helps demonstrate that posture to underwriters.
Do you provide dashboards or reports that demonstrate our security posture and ROI?
Yes. Every client receives reporting that covers key security and compliance metrics — including threat detection and response activity, endpoint protection status, patch compliance rates, user security training completion, and compliance readiness scores. We review these metrics in quarterly business reviews (QBRs) with your leadership team to demonstrate measurable risk reduction and return on investment. For firms that need audit-ready evidence, we maintain continuous compliance documentation that can be produced on demand.
Where is our data stored, and do you use U.S.-based data centers?
All client data is stored in U.S.-based data centers. We use enterprise-grade cloud infrastructure from Microsoft Azure and other Tier 1 providers with SOC 2 Type II certified facilities located within the United States. For clients with specific data residency requirements — such as financial services firms subject to SEC or FINRA regulations — we can configure environments to ensure data remains within designated geographic boundaries. Data sovereignty and residency requirements are addressed during onboarding and documented in your service agreement.
Getting Started
How do I get started?
Schedule a free 30-minute compliance assessment. We'll discuss your compliance obligations, review your security posture, and outline a path forward.
Is the assessment really free?
Yes. No cost, no obligation. You'll receive expert guidance on your biggest gaps and priorities.
How much does it cost?
Pricing depends on the number of users, compliance requirements, and services needed. Schedule a meeting for a customized quote.
Still Have Questions?
Schedule a free compliance assessment and we'll answer every question you have.
Schedule a Free Assessment