Not Ready to Book Yet? That's Completely Fine.
Get practical IT security tips for long-term care operators delivered straight to your inbox - no jargon, no alarm bells, just useful information you can act on.
✓ Monthly tips on protecting resident data and staying ahead of common vulnerabilities
✓ Plain-language updates on PIPEDA and cyber insurance requirements relevant to LTC
✓ Occasional insights from Brock IT's assessments — what we're seeing in networks like yours
No spam. Unsubscribe any time. We treat your inbox the way
we treat your network - with care.
Call NOW (613) 499-9960
When Was the Last Time Anyone Actually Looked Inside Your IT Environment?
Brock IT's Vulnerability Assessment gives your long-term care organization a complete, expert picture of your environment - what's exposed, what's solid, and a clear prioritized plan for what to fix first. Written report included, accepted for cyber insurance purposes, completely independent of your current IT setup.
Report accepted for cyber insurance purposes
Serving businesses in Ontario since 2017
Expert analysis, not just a scan
Free call. No obligation. No commitment to switch.
Photo by CIRA/.CA
Photo by CIRA/.CA
Protecting YOUR Residents Starts With Knowing
Where You Stand
Long-term care organizations handle some of the most sensitive personal information that exists - health records, care histories, financial details, family contacts. The people in your care have placed extraordinary trust in your organization.
While most LTC operators ensure IT is being handled and someone is responsible for the technology, there's a critical difference between having IT covered and actually knowing your environment's security posture.
PHIPA and applicable privacy regulations increasingly expect organizations to demonstrate they understand and actively manage their information security risks. Cyber insurers want documented evidence of professional assessments. And the people in your care deserve to have their data in an organization that can say, with confidence, that it knows what it's working with.
A vulnerability assessment doesn't assume something is wrong.
It simply answers this question:
Do we know, with clarity, what our security posture is right now?
You're here because that question matters to you and because the people in your care deserve more
than an assumption that everything is protected.
We'll explain exactly what we look at, how the process works, and what you'll know by the end of it.
Photo by CIRA/.CA
This is NOT just a Scan.
It's An Assessment.
There are automated tools that will scan your network and produce a list of flags. You can buy one for a fraction of the cost of a proper assessment.
The problem with scan data is that data without interpretation isn't insight.
You get a report full of technical findings and no guidance on what's critical, what's acceptable, and what to do first.
Brock IT's assessment is different. Every finding is reviewed by a security professional who understands your environment. We compile a written report with an executive summary — the most important issues called out clearly, in plain language, with context. Then we sit down with you and walk through it.
You leave the review meeting knowing exactly where you stand, what matters, and what to do next. And the report carries Brock IT's stamp - accepted by insurance providers as documented evidence of a professional vulnerability assessment.
The result is a clear roadmap you and your current provider can act on
- a prioritized, expert picture of exactly what to address and where to focus next.
Who is Brock IT?
Specialists in What Matters
to Long-Term Care.
We understand the environment you operate in - shared workstations, remote access pressures, PHIPA obligations, cyber insurance requirements, and the responsibility you carry for the people in your care. This assessment was built for organizations like yours.
A Family Business.
Over Four Decades of IT Security Experience.
Jonathan Bullock, founder of Brock IT, brings over a decade of specialized expertise in IT security and compliance. He works closely with his father, whose 30+ year career in the field has built a depth of institutional knowledge that most IT providers simply can't match.
For long-term care operators, that continuity matters. You're not working with a recently-launched startup or a provider that rotates staff. You're working with a team that has watched IT security evolve over decades and knows the difference between what actually protects organizations and what just looks good on paper.
We're not a large faceless provider and we don't operate like one.
When you work with Brock IT, you're talking to the people actually doing the work.
Already Working With an IT Provider? No Worries,
This Is Independent of Your Current Setup.
This is the most common question we get from LTC organizations considering an assessment:
does this mean we have to change IT providers?
The answer is NO — and we want to be completely direct about that.
A vulnerability assessment is a standalone, independent service. It doesn't require changing providers, disrupting your existing IT relationship, or committing to anything beyond the assessment itself. Think of it as an INDEPENDENT SECOND OPINION - an expert view of your network security that exists alongside whatever you currently have in place.
Switching IT providers is a significant undertaking, and shouldn't be taken lightly. This assessment is not a step toward that conversation. It's a service in its own right. The report you receive belongs to your organization, regardless of what you decide to do with it.
Free call. No obligation. No commitment to switch.
Let Me Tell You About A Myth We Often Hear...
We work with a number of organizations in the long-term care sector, and one misconception comes up regularly:
The belief that LTC homes in Ontario are required to use IT services
provided by their local municipality or county.
This is not the case. Organizations in Ontario have full freedom to engage whichever IT provider they choose. You are not locked in and a vulnerability assessment with Brock IT is an excellent, low-commitment way to get an independent picture of the security of your current setup, whoever is managing it.
This gives you and your current provider shared confidence in exactly where things stand.
The result is a clear roadmap they can act on
- a prioritized, expert picture of exactly what to address and where to focus next.
WHAT DO WE REVIEW?
The assessment covers eight areas of your environment, reviewed by a Brock IT security professional - not automated software:
Disk encryption status
Antivirus and endpoint protection
Operating system and hardware review
Operating system updates and outstanding patches
Application vulnerabilities
Azure / Microsoft 365 MFA configuration
External attack surface - open ports, exposed services, external vulnerabilities
Internal network vulnerabilities
Every finding is interpreted by a Brock IT security professional and compiled into a written report with an executive summary
- highlighting the most important issues and concerns in plain language.
This is not a data dump. It's an expert analysis you can actually act on.
Typical turnaround from kickoff to your review meeting is 2 weeks.
What We Typically Find...And Why It Matters
In the networks we assess, a handful of issues come up consistently. We're not raising this to alarm you - we're raising it because recognizing these patterns is exactly what makes our assessment different from a generic scan.
The most common findings include:
Outstanding patches - operating system or application updates that have been pending for months, often without anyone realizing the exposure they create
MFA gaps - Microsoft 365 and Azure environments where multi-factor authentication is either misconfigured or not fully enforced across all users
Open ports with unreviewed services - entry points that were opened for a specific purpose and never closed or reviewed when that purpose changed
Endpoint protection inconsistencies - devices on the network where antivirus coverage has lapsed, been misconfigured, or was never properly deployed
Encryption blind spots - drives or devices where encryption is assumed to be active but hasn't been verified
Shared login credentials - common in care environments where staff share workstation access, creating accountability gaps and unmanaged entry points
Remote access configuration gaps - particularly relevant where staff connect from home or personal devices, often bypassing the security controls that exist inside the network
None of these are catastrophic on their own. But each one represents a gap between what your network is assumed
to be doing and what it's actually doing. That's exactly the gap this assessment closes.
It's simply a conversation, not a commitment.
Here is How it Works
STEP 1
The Consultation Call
We discuss scope, walk through what access we need to your internal systems, and answer any questions. Nothing begins until you're comfortable with exactly what's involved.
STEP 2
The Assessment
We set up internal and external scanning and get our agents looking at your infrastructure. We collect everything we need: outstanding patches, open ports, services running on those ports, and across all eight review areas. You keep running your operation - we work in the background.
STEP 3
The Report
Once the assessment is complete, we compile your written report complete with executive summary. An invoice for $1,000 is sent at this stage. The report covers all eight areas with expert interpretation - not just data, but a clear picture of what matters and what to address first.
STEP 4
The Review Meeting
Once payment is received, we schedule your final meeting to walk through the report together. Every area of concern gets explained in plain language. You leave with clarity on exactly where you stand and a prioritized path forward.
YOUR FINAL RESULTS
When your assessment is complete, you'll have...
A complete written report - eight areas reviewed and interpreted by a Brock IT security professional
An executive summary - the most important issues and concerns called out in plain language
A Brock IT-stamped document - accepted for cyber insurance purposes
A clear, prioritized path forward - not a list of flags, a set of recommendations you can act on
A review meeting - every finding walked through together, nothing left to interpret alone
What you won't get: raw scan data with no context, a generic report designed to alarm rather than inform, or recommendations engineered to create dependency.
And Beyond the Report
~ What This Really Gives You...
The report is what we deliver. But here's what it actually gives you:
Peace of mind - knowing the people in your care have an organization behind them that has looked closely at how their data is protected, not just assumed it's fine
Confidence with your board - when cybersecurity comes up in a governance conversation, you'll have a professional, stamped, expert-reviewed document to point to
A roadmap for your current provider - confirmation of what's working well and a clear, prioritized technical roadmap for anything that needs attention. Brock IT can work directly with your provider to ensure every identified gap gets closed.
Insurance readiness - your cyber insurer asks for evidence of a professional vulnerability assessment. This satisfies that requirement, with Brock IT's name on it
The confidence of a proactive leader - there's a meaningful difference between organizations that know their security posture and those that hope it's okay. This puts you firmly in the first group
No more guessing - every year your network changes. This gives you a current, accurate baseline - not an assumption based on what was true two years ago
Free call. No obligation. No commitment to switch.
What Our Clients Have to Say...
Nothing is more important to us than the trust our clients place in us to safeguard their sensitive financial data. Having the right IT partner is critical and BrockIT fits the bill for us.
Brock IT recently completed a comprehensive vulnerability assessment across our organization, and the value they brought was immediate and tangible. They identified several vulnerabilities we were not aware of, including application-level risks and patching gaps, and had them remediated within 12 hours. Our team had no down time at all during the entire process other than a couple restart requests.
The proactive approach, technical depth, and responsiveness give us real confidence in our security posture.
Riley P, CPA
Frequently Asked Questions
Yes. We will discuss exactly what access is required during the initial consultation call before anything begins. Nothing happens without your explicit authorization, and we walk through every step of the process upfront.
Yes, and this is one of the most common situations we work in. The assessment is completely standalone and independent of your existing provider. We're not here to disrupt a relationship that's working. Many of our assessment clients continue with their existing provider afterward - they simply have a clearer picture of their network than they did before. Switching IT providers is a significant undertaking, and we'd only ever suggest it if it were genuinely in your best interest.
No. We set up scanning in the background and work around your operations. We agree on timing before we start.
A scan produces data. Our assessment produces understanding. Every finding is reviewed and interpreted by a Brock IT technician, compiled into a written report with an executive summary, and then walked through with you in a meeting. You're not left to decode a list of flags on your own.
Yes. Brock IT puts our name and stamp on the report, and it is accepted for cyber insurance purposes. If your insurer requires documented evidence of a vulnerability assessment, this satisfies that requirement.
At minimum, annually. Your network changes over time - new devices, software updates, staff changes, new remote access requirements. An assessment that's more than a year old is a picture of a network that no longer exists. We'll set you up with a reminder when it's time.
The total cost of the basic vulnerability assessment is $1,000, invoiced once the assessment is complete and your report is ready. The initial consultation call is FREE.
You receive your written report and we walk through it together in your review meeting. From there, you decide what to act on and when. We're available to help with any remediation, and some clients also move to a Continuous Engagement plan for ongoing monthly monitoring - but that's a conversation for the review meeting, not before.
There's No Better Time Than Now
Your network isn't static. Every month that passes means new devices, software changes, staff turnover, and configuration drift. An assessment done today gives you a current, accurate baseline - not a picture of a network that's already moved on.
If your insurer, your board, or your own sense of responsibility has been nudging you toward this - the right time is before something changes that makes the picture harder to read.
The first step is a free conversation. Nothing begins until you're comfortable with exactly what's involved.
The Brock IT Vulnerability Assessment
Here's everything included:
Eight-area technical review of your network
Expert interpretation of findings - not raw scan data
Written report with executive summary - highlights the most important issues
Brock IT's stamp on the report - accepted for cyber insurance purposes
Final meeting to walk through the report and every area of concern together
Total Investment ~ $1,000
The first step is a free, no-obligation consultation call to discuss scope and review the access required to complete the assessment. Nothing begins until you're comfortable with exactly what's involved.
