Cyber governance for regulated teams

Questions? Call (907) 600-0222 Client Login (Aurora Command)

Borealis Security

Book a 30‑minute Program Review

GOVERNANCE PROGRAMS

Turn governance into proof

WISP, risk, evidence, exports. Built for firms that need defensible governance.

See the Full Program →

Independent Insurance Agencies NAIC-aligned governance for carrier renewals, DOI exams, and M&A diligence. Tax & Accounting Firms FTC Safeguards-aligned governance for client due diligence and IRS/FTC scrutiny. Accounting & Advisory Firms Dual-framework governance for firms with tax and insurance or annuity activity.

Aurora Command Your compliance dashboard with evidence, exports, and audit-ready reports in one place. Audit Co-Pilot Get help answering carrier questionnaires and preparing for exams. Continuous Compliance Year-round tracking so you're always ready when regulators call.

RESOURCES

Everything you need in one place

State-based requirements, compliance tools, and ways to connect with our team.

Browse State-based Requirements →

What to Do After a Breach Who you notify, how fast, and what records to keep for each state. Insurance Agency Rules Security requirements your state expects from licensed agencies. Federal Rules That Apply FTC and banking rules that affect agencies handling financial data.

About Us Who we are and how we build evidence-first governance programs. Contact Us Schedule a call or send us a message. Aurora Command See the dashboard that keeps policies, evidence, and exports current.

STATE CYBER & BREACH REQUIREMENTS

State-based requirements, translated into proof.

Select a state to see:

Breach notification basics (applies to everyone)
Insurance cybersecurity overlays (where adopted)
Federal overlays (FTC Safeguards / GLBA)
The evidence you should be able to produce on demand

Built for "show me" moments - renewals, audits, DOI exams, and diligence.

Book a 30‑minute Program Review Browse all states

Free • confidential • takes ~2 minutes to schedule • based on real regulator and auditor questions

Select your state

Most requirements share the same fundamentals: a written program, risk decisions, vendor oversight, incident readiness, and an evidence trail. What differs by state is timing, who must be notified, and how you're expected to present proof.

Operate in multiple states? Select each state you care about - your program should meet the strictest applicable requirements.

This filter only changes what's shown below. It doesn't change what you're obligated to do.