GLBA Safeguards Rule compliance for colleges and universities — practical, affordable, and built by someone who has done this work from the inside.
Most university IT teams are navigating GLBA compliance, vendor risk, and federal audit requirements with limited staff and no dedicated GRC function. I know that environment because I worked in it — as a GRC analyst at Liberty University, building their GLBA, HIPAA, and FERPA compliance programs from the ground up.
Shepherd Cybersecurity exists to bring practical, affordable compliance support to institutions that need expert guidance without the enterprise price tag. No junior staff handoffs, no bloated proposals, no tools you have to learn to use.
Just a knowledgeable person who understands your regulatory obligations, your budget constraints, and what auditors actually look for.
A structured review of your institution's compliance posture against all applicable FTC Safeguards Rule elements. You receive a written gap analysis, risk register, prioritized remediation roadmap, and a board-ready executive summary.
Build or mature your third-party risk management program — vendor inventory, risk tiering, HECVAT workflow setup, and policy documentation that satisfies both auditors and your IT team.
Ongoing monthly advisory support — governance check-ins, vendor contract reviews, regulatory update briefings, and on-call guidance for incidents and audit prep. Expert coverage without a full-time hire.
I've worked inside a university GRC program. I understand decentralized IT environments, shared governance, and what federal auditors look for in higher ed specifically.
Every deliverable is designed to satisfy auditors and actually help your team. You get a report you can take to your board and a roadmap you can actually follow.
Direct access to Seth Patterson on every engagement. No junior staff, no bloated contracts, no tools you have to license. Straightforward pricing designed for university budgets.
Download the Shepherd Cybersecurity capability brief for a full overview of services, deliverables, and what to expect from working with us.
Request capability briefIf your institution is managing GLBA obligations, working through a recent audit finding, or simply not sure where your program stands — I'd welcome a conversation. No pitch, just 20 minutes to see if there's a fit.