AnchorOne doesn't produce compliance as a separate project. The standard itself is the compliance posture — continuously active, continuously documented, continuously verifiable. Organizations operating inside AnchorOne inherit compliance. It is not assembled on request. It is the state the environment is always in.
When your carrier asks for documentation of your security controls — what do you hand them?
The AnchorOne standard addresses the technical requirements found in the frameworks and regulations your insurers, auditors, and regulators rely on.
Addresses identify, protect, detect, respond, and recover functions across the full environment.
Prioritized security best practices from the Center for Internet Security — addressed at the baseline configuration level.
Technical controls aligned with availability, confidentiality, and security criteria for SOC 2 audit readiness.
Controls addressing cybersecurity expectations for registered investment advisers and broker-dealers.
American Bar Association cybersecurity guidance for law firms — addressed through identity, device, and data controls.
Every mandatory control required by leading cyber insurance carriers is documented and continuously active.
These controls maintain the integrity of the AnchorOne environment and ensure the standard remains continuously verifiable — not assembled on request, but active at all times.
| Control | Platform | Scope |
|---|---|---|
| Multi-Factor Authentication | Entra ID | All users — no exceptions |
| Conditional Access | Entra ID | Compliant device and MFA minimum |
| Privileged Access Management | Entra ID / PIM | All admin roles |
| Endpoint Detection & Response | Defender | All enrolled devices — block mode |
| Device Encryption | Intune / Defender | BitLocker, Secure Boot, TPM 2.0 |
| Immutable Backups | M365 Backup | Daily, tested quarterly |
| Unified Audit Logging | Microsoft 365 | All workloads, retained per compliance |
| Data Loss Prevention | Microsoft 365 | Exchange, SharePoint, Teams |
| Incident Response Plan | Operations | Documented, reviewed annually |
The AnchorOne Score measures your current environment against the standard across all five domains — including the controls your insurer will ask about.