Quick Offer

IT On Demand — The Signed & Defended Program
The Signed & Defended Program

You signed the
certification. Can you defend it?

Every April, your name goes on a DFS certification that constitutes a personal legal representation. Your IT provider said the systems are fine. Your compliance officer confirmed the filings are current. What neither of them told you: when the examiner arrives, they don't ask about systems or filings. They ask for evidence.

Book Your Certification Exposure Assessment 30 minutes. No pitch. No obligation.
20 Years in Regulated Financial Services Former CIO/CISO — Allianz Risk Transfer ($2B AUM) DFS Examinations — Both Sides of the Table ISO 27001 Implementation 38+ Compliance Frameworks AICPA-Reviewed Methodology
The Governance Gap

Your firm has two people
who should own this.
Neither of them does.

Your IT provider manages your systems. Your compliance officer manages your filings. Both are doing exactly the job they were hired to do.

But there is a layer between those two jobs that neither of them was built to own — the governance documentation that a DFS examiner will ask for by name when they arrive at your firm. The penetration test report. The vendor risk assessments. The tested incident response plan. The written information security program, tied to your actual controls, updated and maintained year-round.

That layer belongs to no one in your organization right now.

And your name is on the document that says it does.

The NY DFS annual certification is not a formality. It is a personal legal representation. If an examiner finds a gap in the documentation you attested to, the liability is yours — not your IT provider's, not your compliance officer's. Yours.

What the examiner asks for — by name
Written Information Security ProgramTied to your actual controls. Updated year-round.
Penetration Test ReportCurrent. Remediated. Documented.
Vendor Risk AssessmentsThird-party evidence, not just your word.
Tested Incident Response PlanExercised. Not just filed.
Employee Training ConfirmationsIndividual records, not a checkbox.
Annual Risk AssessmentCurrent year. With your threat landscape.
The Program

Three steps to signing knowing —
not hoping.

01
The Certification Exposure Assessment
A structured 30-minute diagnostic built around the exact questions a DFS examiner asks by name. You answer. We score. By the end of the session, you know precisely where your program is defensible and where it isn't.
Free — verbal score in session
02
Day 30 Governance Gap Baseline
Within 30 days of enrollment, ITOD produces a documented assessment of exactly where your firm stands. Your personal liability — quantified, visible, and addressed — for the first time.
Named deliverable with Howard's signature
03
Continuous Evidence Production
ITOD builds and maintains the governance documentation your program requires — and confirms in writing, before every annual DFS certification, what is defensible. The Pre-Certification Sign-Off.
Year-round. Before every filing.
Written Information Security Plan (WISP)
Tested Incident Response Plan
Quarterly penetration testing
Monthly external vulnerability scanning
Dark web credential monitoring
Employee training confirmations
Vendor risk assessments
Compliance control mapping — 38+ frameworks
Annual risk assessment engine
Pre-Certification Sign-Off — before every filing
MSP Interface Protocol
Examination Day Protocol
Why Howard
Howard Globus
Security Evangelist & Owner, IT On Demand
Financial services since 1994 — First Boston
CIO & CISO — Allianz Risk Transfer, $2B AUM
Managed DFS examinations from inside the firm
ISO 27001 Implementation
38+ compliance frameworks mapped
AICPA-reviewed methodology
IT On Demand — 20+ years in operation

The only person in this market who has signed what you sign.

Howard Globus entered financial services in 1994 at First Boston. He served as CIO and functionally as CISO at Allianz Risk Transfer — $2 billion under management.

He has managed DFS examinations from inside the firm. He has carried the personal liability that comes with being the named executive responsible for a governance program under active regulatory scrutiny.

He is not a vendor explaining your situation from the outside. He has been exactly where you are standing.

"Most firms in this market have an IT provider for their systems and a compliance officer for their filings. What almost none of them have is anyone responsible for the space in between."

— Howard Globus, Security Evangelist & Owner, IT On Demand

Investment

The Signed & Defended Program.
Built for the executive whose name is on the document.

Program Component Standalone Value
Core Program: Signed & Defended (CLM)$26,148/yr
Governance Gap Baseline Report$3,500
Pre-Certification Sign-Off (annual)$5,000/yr
MSP Interface Protocol$2,400/yr
Peer Enforcement Intelligence Briefing$1,164/yr
Examination Day Protocol$7,500
90-Day Defensibility GuaranteeRisk elimination
Total Stacked Value $45,712/year
Your Investment $2,179/month
90-Day Defensibility Guarantee
If ITOD cannot demonstrate at least 3 red or yellow items converted to green with supporting documentation within 90 days, full refund of all fees paid in the first 90 days.
Pre-Certification Stand-Behind
If ITOD issues a Pre-Certification Sign-Off and a DFS examination finds a gap ITOD was responsible for, ITOD remediates at no cost and provides representation support through the examination.
Founding Rate Lock
First 10 firms lock their monthly rate for 36 months. ITOD onboards 2–3 new clients per month. Firms enrolling by October 1 receive a Pre-Certification Sign-Off before the February 15 DFS deadline.
Common Questions

Objections we've heard.
Answered honestly.

My IT provider already handles our cybersecurity. Why do I need this?
Your IT provider manages your systems. What they were never built to do is produce governance documentation a DFS examiner asks for by name. The MSP Interface Protocol means ITOD coordinates directly with your existing IT provider — you don't manage two vendors or fire anyone.
We already have a compliance program.
The question a DFS examiner asks isn't whether you have a program. It's whether you have evidence that the program is implemented. Policies are not evidence. The Certification Exposure Assessment will tell you specifically where your program has evidence and where it has paper.
This seems expensive for what it is.
The comparison is $26,148 per year versus a DFS consent order — $400,000 to $2,000,000 for a firm your size, before legal fees, remediation costs, and the insurance claim that gets denied. The average mid-market financial services breach in 2025 cost $6.08 million.
Can our CPA firm or auditor handle this instead?
Your CPA firm audits your controls. If they also helped implement them, that is a conflict of interest regulators and insurers examine carefully. ITOD does one thing — governance — with no other relationship that creates a conflict.
How is ITOD different from other MSSPs or compliance firms?
Every MSSP manages tools and produces dashboards. Every compliance firm produces policies. Neither has ever put their name on a DFS certification or carried the personal liability that comes with it. Howard Globus has.
Book Your Assessment

Before you sign again —
find out if your program
is defensible.

The Certification Exposure Assessment takes 30 minutes. You answer 10 questions. We score your exposure. You leave with an honest picture of where your governance program stands.

No pitch. No obligation. No vendor theater.

Book Your Certification Exposure Assessment
📍 The Graybar Building, 420 Lexington Avenue, Suite 1402, New York, NY 10170
📞 646-759-2938
✉️ [email protected]
🌐 it-on-demand.com
© 2026 IT On Demand. All rights reserved.
IT Solutions that Work at the Speed of Your Business