Tag Archive for: compliance and cybersecurity

Go West IT & True West Consulting: Unified IT and Compliance Solutions for RIAs

Registered Investment Advisers face increasing regulatory scrutiny and cybersecurity risk and managing both separately is no longer sustainable.


Registered Investment Adviser (RIA) firms operate in one of the most highly regulated and security-sensitive sectors in the financial industry. To better support growing advisory organizations, Go West IT has partnered with True West Consulting – a collaboration designed to bring RIAs a powerful combination of compliance expertise, operational governance, and enterprise-grade cybersecurity.

Together, these two firms deliver an integrated approach to helping RIAs reduce risk, streamline operations, and protect sensitive client information.

Who Is True West Consulting?

True West Consulting is a specialized advisory and compliance partner serving RIAs and financial professionals across the United States. Their team, comprised of seasoned industry professionals, brings decades of practical experience in:

  • RIA compliance oversight
  • Regulatory filings, documentation, and audit support
  • Risk assessment and mitigation
  • Operations and workflow optimization
  • Technology governance and vendor management
  • Advisor training and continuing education

True West’s philosophy is simple: give RIAs operational clarity, compliance confidence, and scalable infrastructure so they can focus on serving clients, not navigating paperwork, regulations, or technical complexities.

Their solutions are tailored for firms of all sizes, from emerging advisory practices to established RIAs navigating growth, acquisitions, or expanding regulation.

Why the Partnership with Go West IT Matters


While True West provides the governance and compliance framework, Go West IT delivers hands-on, enterprise-level IT security and support. Together, they offer RIAs a complete ecosystem of operational protection.

Key benefits of the collaboration include:

1. Unified Compliance + Cybersecurity

RIAs no longer need to manage multiple vendors for technology, compliance, cybersecurity, and governance. Instead, they gain a single integrated foundation built on:


2. How This Partnership Protects Client Data


True West ensures that compliance frameworks and governance standards are in place. Go West IT ensures those standards are executed with:

  • Secure cloud infrastructure
  • Endpoint protection and device management
  • MFA, access controls, and identity verification
  • Vulnerability scanning and threat monitoring
  • Backup and disaster recovery systems

3. Streamlined Operations for Firms of Any Size

Small and mid-size RIAs often cannot build an in-house security and compliance department. Through this partnership, they gain the tools normally reserved for much larger organizations.

4. Reduced Risk During Regulatory Scrutiny


SEC and state-level cybersecurity expectations continue to rise. Combined guidance from True West and Go West IT helps firms:

  • Meet new SEC cybersecurity rules
  • Simplify exams and audits
  • Reduce operational risk
  • Implement clean, defensible documentation

The Special Security Needs of Registered Investment Advisers (RIAs)

Unlike many small businesses, RIAs handle some of the most sensitive data possible—client financials, personal information, portfolio details, tax documents, and custodial login access.

RIAs must protect:

  • Personally Identifiable Information (PII)
  • Financial account details
  • Investment transaction history
  • Communications archives
  • Advisory agreements and regulatory documents

With cyberattacks on financial firms increasing every year—and regulators responding with stricter rules—RIAs face unique challenges:

Regulatory Pressures

  • New SEC cybersecurity rules require stronger internal controls.
  • Firms must maintain written security policies, testing procedures, and incident-response plans.
  • Vendor oversight is now a central part of compliance expectations.

Operational Pressures

  • Remote and hybrid work environments create access-control vulnerabilities.
  • Staff need secure communication tools that still comply with record-keeping regulations.
  • Technology changes rapidly, making outdated systems a liability.

Client Expectations

Clients expect RIAs to safeguard their most sensitive information with the same rigor as large financial institutions.

Who Benefits Most from This Integrated Approach?

Bullet ideas (short, scannable):

            •          Registered Investment Advisers (RIAs)

            •          Financial advisory firms under SEC oversight

            •          Growing firms managing increased cyber risk

            •          Compliance teams seeking aligned IT controls

Why This Partnership Works


The partnership between True West Consulting and Go West IT addresses the full security and compliance lifecycle for RIAs:

  • True West: Designs the compliance structure, governance, documentation, and risk management framework.

  • Go West IT: Builds and secures the technology environment that supports those frameworks.

The result: A turnkey, scalable, and fully aligned system that strengthens an RIA’s ability to operate safely, meet regulatory requirements, and protect client data.

Frequently Asked Questions

Q: Why do RIAs need integrated IT and compliance support?

A: Because cybersecurity controls, vendor oversight, and documentation are now core regulatory expectations.

Q: Does this partnership replace in-house compliance or IT staff?

A: No, it strengthens and supplements existing teams.

Q: Is this only for large advisory firms?

A: No, this model is designed to scale from emerging RIAs to established firms.

As cybersecurity threats grow and compliance requirements intensify, the demands on RIA firms are greater than ever. The partnership between True West Consulting and Go West IT provides a clear, comprehensive, and modern approach to meeting those demands.

For RIAs seeking a defensible, scalable approach to compliance and cybersecurity, this partnership offers a unified solution built for today’s regulatory environment.

Why Small Businesses Need a Cybersecurity Framework

The Power of CIS Controls for Regulated Professional Services and Financial Firms

How can small businesses in regulated industries build effective cybersecurity without overcomplicating or overspending?

In today’s digital landscape, small and medium-sized businesses (SMBs) in professional services and financial sectors face an ever-growing wave of cyber threats. From ransomware attacks to phishing schemes targeting client data, a single breach can result in regulatory fines, loss of trust, and costly downtime. For regulated firms handling sensitive financial information or client records, compliance with standards like GLBA, SEC regulations, FDIC, OCC, NCUA, or state privacy laws adds another layer of complexity.

Many SMB leaders know they need to improve their cybersecurity, but feel overwhelmed:

  • Where do we even start?
  • What controls actually matter?
  • How do we balance security, compliance, and budget?

This is where a structured cybersecurity framework becomes invaluable. Rather than reacting to headlines or vendor noise, a framework provides a clear, prioritized roadmap to assess your current posture, identify real risks, and make informed decisions about where to invest time and resources.

One of the most practical and effective frameworks for SMBs, especially regulated firms is the Center for Internet Security (CIS) Critical Security Controls.


What Is a Cybersecurity Framework, and Why Do SMBs Need One?

Think of a cybersecurity framework as a proven playbook for protecting your organization. It outlines best practices, prioritized actions, and benchmarks refined by thousands of security experts worldwide. Instead of starting from scratch or chasing the latest threat

trend, you follow a structured approach focused on the controls proven to stop the most common attacks.

For SMBs, particularly those in regulated industries, the benefits include:

  • Clarity and direction
    No more guessing whether you’re “doing enough.” A framework defines what good security looks like.

  • Prioritization
    You focus first on the controls that reduce the most risk, rather than spreading resources thin.

  • Measurable progress
    Frameworks provide a way to track cyber maturity over time, which is critical for audits, cyber insurance, and client trust.

  • Cost-effectiveness
    You avoid overspending on tools or controls that don’t materially reduce risk.

The CIS Controls stand out because they are prescriptive, prioritized, and scalable. The current version (CIS Controls v8.1) includes 18 safeguards organized into three Implementation Groups (IGs):

  • IG1: Basic cyber hygiene (ideal for most small businesses)
  • IG2: Foundational protections for moderate-risk environments
  • IG3: Advanced defenses for high-risk organizations

Most small and mid-sized professional firms begin with IG1 and mature upward over time.


How CIS Controls Help You Assess and Manage Risk Without Requiring 100% Compliance

A common misconception is that aligning with a framework means you must implement every control perfectly. That’s not how real-world risk management works and it’s not how CIS Controls are designed to be used.

Instead, CIS Controls serve as a risk-assessment tool that helps you:

  1. Identify risks
    By reviewing each control, you map your current environment against best practices and quickly spot gaps—such as missing multi-factor authentication, unpatched systems, or inadequate backups.
  2. Assess the nature and severity of those risks
    The framework’s built-in prioritization shows which gaps pose the greatest threat based on real-world attack data.

  3. Evaluate mitigation options
    For each gap, you can weigh cost, effort, and effectiveness before implementing a safeguard.

  4. Make informed decisions about accepting risk
    If a control is too disruptive or expensive in the short term, you can formally accept the residual risk as long as the decision is documented and approved. This is a core principle of defensible risk management and is widely accepted in regulated environments.

This approach aligns closely with the philosophy discussed in our earlier post, Why Vulnerability Management Is a Must, Not a Maybe, where unaddressed gaps not zero-day exploits, often become the weakest link.


Real-World Example: A Small Financial Advisory Firm Using CIS Controls

Consider a financial advisory firm with 25 employees managing sensitive client investment data. There’s no internal security team, and leadership is concerned about phishing, ransomware, and regulatory exposure.

A CIS Controls IG1 assessment reveals:

  • No formal inventory of devices or software (Control 1)
  • No MFA on email or client portals (Control 5)
  • Inconsistent patching across endpoints (Control 7)

The firm prioritizes these foundational controls first—dramatically reducing exposure to phishing and ransomware. More complex initiatives, like advanced network segmentation, are documented as future goals.

This phased, risk-based approach mirrors the principles outlined in Managed Detection & Response vs. Antivirus: What’s the Difference?, where layered detection and response outperform reactive tools alone.


Why Frameworks Matter More Than Ever

Independent research continues to reinforce the need for structured security programs:

  • The IBM Cost of a Data Breach Report consistently shows that organizations with formal security frameworks reduce breach costs and detection times.

Source: https://www.ibm.com/reports/data-breach

  • The Cybersecurity and Infrastructure Security Agency (CISA) emphasizes that baseline controls and frameworks remain the most effective defense for small and mid-sized organizations.

Source: https://www.cisa.gov/cyber-guidance-small-businesses

Frameworks don’t eliminate risk, but they dramatically reduce uncertainty.


Partnering with Experts to Accelerate Your Journey

While CIS Controls are free to download, implementing them effectively takes time, context, and experience especially for regulated firms.

At Go West IT, our cybersecurity services are designed specifically for professional services, financial firms, and RIAs. We align directly with CIS Controls and NIST CSF to provide:

  • Gap assessments and prioritized roadmaps
  • Implementation of high-impact safeguards
  • Continuous monitoring and documentation
  • Risk acceptance guidance that stands up to audits and insurance reviews

This complements the strategic planning approach discussed in How Much Should You Spend on Cybersecurity in 2026?, helping firms invest where it matters most.

Ready to Strengthen Your Cyber Posture?

Cybersecurity isn’t about perfection, it’s about making informed, defensible decisions that protect your clients, your reputation, and your business.

CIS Controls provide the roadmap. Go West IT helps you execute it.

FAQs

What is the CIS Cybersecurity Framework?

The CIS Controls are a prioritized set of best practices designed to prevent the most common cyberattacks, especially for small and mid-sized organizations.

Do I need to implement every CIS control?

No. The framework is designed to help you prioritize and manage risk, not force full implementation all at once.

Are CIS Controls accepted by regulators?

Yes. CIS Controls align with many regulatory expectations and are widely recognized as a defensible security baseline.

How long does it take to align with CIS IG1?

Most SMBs can make meaningful progress within 60–90 days with the right guidance.

Can Go West IT help with assessments and documentation?

Absolutely. We specialize in helping regulated firms assess, implement, document, and maintain framework-aligned security programs.