Submission
Hartwell & Cole LLP
Firm metadata
- Lead Partner (Managing Partner)
- managing.partner@hartwell-cole.example
- New Jersey
- 16-30 people
- m365
- renewing · renews 2026-08
- estates, real_estate, corporate
Posture summary
Findings by control
Governance
- PARTIAL C-01 Written Information Security Program (self-reported)
- GAP C-02 Periodic Risk Assessment (self-reported)
- PARTIAL C-03 Leadership Oversight & Accountability (self-reported)
Identity & Email
- PASS C-04 Multi-Factor Authentication on Email and Identity
- PASS C-05 Privileged Access Separation
- PARTIAL C-06 Email Security Filtering
- GAP C-07 Security Awareness Training & Phishing Simulation
Operational & Technical
- PARTIAL C-08 Managed Endpoint Detection & Response (EDR)
- PARTIAL C-09 Patch & Vulnerability Management
- PASS C-10 Endpoint Encryption
- GAP C-11 Personal Device Access Controls
- PASS C-12 Backup Coverage
- PARTIAL C-13 Backup Isolation & Restoration Testing
- PASS C-14 Data-at-Rest Encryption
- PARTIAL C-15 Joiner/Mover/Leaver Process
- GAP C-16 Acceptable Use & Written Security Agreements
- PARTIAL C-17 Documented Onboarding Security Checklist
- GAP C-18 Vendor Security Due Diligence
- PARTIAL C-19 Vendor Contractual Security Requirements
- PASS C-20 Regulatory Scope Awareness
- GAP C-21 Written Incident Response Plan
- PARTIAL C-22 Continuous Security Monitoring
Material gaps
- GAP C-02 Periodic Risk Assessment
- GAP C-07 Security Awareness Training & Phishing Simulation
- GAP C-11 Personal Device Access Controls
- GAP C-16 Acceptable Use & Written Security Agreements
- GAP C-18 Vendor Security Due Diligence
- GAP C-21 Written Incident Response Plan
Open-text answers
Q-23 - Who handles IT and security?
Outside MSP, but rotates frequently.
Q-24 - Top cybersecurity concern
Renewal in 90 days — carrier asked questions we couldn't answer.
Actions
Raw submission JSON
Expand JSON
{
"id": "11111111-1111-4111-8111-111111111111",
"submitted_at": "2026-05-24T18:42:11.000Z",
"schema_version": "1.1.0",
"crosswalk_reference": "framework-system-v2-section-2.md v1.0.2 (content v2.0)",
"email": "managing.partner@hartwell-cole.example",
"firm_name": "Hartwell & Cole LLP",
"contact_name": "Lead Partner",
"contact_role": "Managing Partner",
"firm_size": "medium",
"state": "NJ",
"practice_areas": [
"estates",
"real_estate",
"corporate"
],
"email_platform": "m365",
"insurance_status": "renewing",
"insurance_renewal": "2026-08",
"answers": {
"Q-01": "all",
"Q-02": "app",
"Q-04": "native_only",
"Q-23": "Outside MSP, but rotates frequently.",
"Q-24": "Renewal in 90 days — carrier asked questions we couldn't answer."
},
"scores_by_control": {
"C-01": "PARTIAL",
"C-02": "GAP",
"C-03": "PARTIAL",
"C-04": "PASS",
"C-05": "PASS",
"C-06": "PARTIAL",
"C-07": "GAP",
"C-08": "PARTIAL",
"C-09": "PARTIAL",
"C-10": "PASS",
"C-11": "GAP",
"C-12": "PASS",
"C-13": "PARTIAL",
"C-14": "PASS",
"C-15": "PARTIAL",
"C-16": "GAP",
"C-17": "PARTIAL",
"C-18": "GAP",
"C-19": "PARTIAL",
"C-20": "PASS",
"C-21": "GAP",
"C-22": "PARTIAL"
},
"score_counts": {
"pass": 6,
"partial": 10,
"gap": 6,
"total_scored": 22
},
"visible_questions": [
"P-01",
"P-02",
"P-03",
"P-04",
"P-05",
"P-06",
"P-07",
"P-08",
"P-09",
"P-10",
"Q-01",
"Q-02",
"Q-03",
"Q-04",
"Q-05",
"Q-06",
"Q-07",
"Q-08",
"Q-09",
"Q-10",
"Q-11",
"Q-12",
"Q-13",
"Q-14",
"Q-15",
"Q-16",
"Q-17",
"Q-18",
"Q-19",
"Q-20",
"Q-21",
"Q-22",
"Q-23",
"Q-24",
"Q-25",
"Q-26",
"Q-27",
"Q-28"
],
"status": "new",
"internal_notes": null,
"deleted_at": null
}