Answers to Common Questions About BASG

BASG is a Miami-based managed IT, cybersecurity, and AI consulting firm founded in 2002. We serve South Florida and nationwide mid-market businesses (roughly 25–500 employees), with deep specialization in healthcare (HIPAA), construction (Procore), and enterprise AI adoption.

BASG is headquartered in Miami, Florida (33186). Our primary service area covers South Florida — Miami-Dade, Broward, and Palm Beach counties — with additional regional coverage in Texas, Georgia, and Louisiana, and remote support nationwide.

BASG was founded in 2002. We have over 20 years of experience delivering managed IT, cybersecurity, and strategic technology consulting to mid-market businesses across multiple industries.

Three differences. First, BASG goes deep in specific verticals — healthcare (HIPAA), construction (Procore), and enterprise AI — rather than acting as a generic IT helpdesk. Second, BASG offers Fractional CTO and virtual CIO services that operate at the C-suite level, not just at the helpdesk level. Third, BASG treats compliance (HIPAA, CMMC, NIST) as a managed service with continuous evidence collection, not a one-time audit prep.

Three differences. First, BASG goes deep in specific verticals — healthcare (HIPAA), construction (Procore), and enterprise AI — rather than acting as a generic IT helpdesk. Second, BASG offers Fractional CTO and virtual CIO services that operate at the C-suite level, not just at the helpdesk level. Third, BASG treats compliance (HIPAA, CMMC, NIST) as a managed service with continuous evidence collection, not a one-time audit prep.

Managed IT services replace the need for a full internal IT department. BASG provides 24/7 monitoring, helpdesk, vendor management, patch management, backup, security tooling, and a dedicated virtual CIO who owns your technology roadmap. You pay a predictable monthly fee instead of hiring multiple full-time IT staff.

Fully managed IT means BASG operates as your IT department — we handle everything from helpdesk to strategy. Co-managed IT means BASG works alongside your existing internal IT team, providing tooling, after-hours coverage, security operations, compliance support, and senior engineering specialization (cloud, security, compliance) while your internal team retains day-to-day ownership.

Yes. Managed clients receive 24/7 monitoring and incident response. Our helpdesk is staffed live during business hours (Monday–Friday, 8:00 AM – 6:00 PM ET) with on-call escalation outside those hours. Specific SLAs are scoped per agreement.

A Fractional CTO is a part-time, senior technology executive who provides C-suite leadership — strategy, vendor management, board reporting, M&A diligence, digital transformation oversight — typically a few days per month. BASG's Fractional CTO model lets mid-market companies access executive-level technology leadership without the cost of a full-time CTO hire.

BASG does not publish a public rate card because pricing is scoped per client based on environment size, security requirements, compliance scope, and service tier. Most managed IT engagements are priced per user per month or per endpoint per month, with clear inclusions for monitoring, helpdesk, security, backup, and strategy reviews. For an indicative quote, contact us.

Five primary models: (1) Fully managed IT — monthly per-user/per-endpoint pricing for end-to-end IT operations; (2) Co-managed IT — monthly retainer extending an existing internal team; (3) Project-based — fixed-bid engagements for migrations, assessments, and rollouts; (4) Fractional CTO — monthly retainer for executive technology leadership; (5) Strategic consulting — time-and-materials or scoped projects.

Yes. The vast majority of managed IT and cybersecurity work is delivered remotely. On-site visits are scheduled for hardware deployments, low-voltage installations, hurricane-recovery work, or by client request.

Zero-trust security is an architecture that assumes no user, device, or network is trusted by default — every access request is verified explicitly, granted with least privilege, and continuously re-evaluated. BASG implements zero-trust principles using identity (Microsoft Entra ID, MFA, conditional access), endpoint detection and response, network segmentation, and continuous monitoring.

BASG operates a layered defense including endpoint detection and response (EDR), security information and event management (SIEM), 24/7 SOC monitoring, vulnerability scanning, phishing simulation, multi-factor authentication, dark web monitoring, and email security gateways. Specific vendor stack is selected per client environment and industry requirements.

Yes. Managed clients have access to 24/7 incident response with defined IR runbooks. We support breach investigation, containment, eradication, recovery, and post-incident reporting. For HIPAA-covered entities, we support 24-hour business-associate breach notification and 60-day individual notification timelines.

A Security Operations Center (SOC) is the team and tooling that monitors security telemetry. Managed Detection and Response (MDR) is the service: 24/7 SOC monitoring plus active threat hunting and human-led response. BASG offers MDR as part of managed cybersecurity, combining EDR/SIEM tooling with analyst-driven investigation.

Healthcare data is high-value: protected health information (PHI) sells for more than credit card numbers on dark markets, ransomware operators know clinics cannot afford downtime, and many practices run legacy systems with limited IT budgets. In recent years, the majority of Florida cyberattacks have targeted healthcare. The average healthcare breach now costs roughly $9.8M.

It can be — if the architecture is right. BASG helps clients evaluate AI vendors for data residency, training-data policies, BAA support (for healthcare), encryption, and audit logging. We deploy private and tenant-isolated models when needed, and avoid sending sensitive data to consumer AI services that may train on customer inputs.

The AI Employee Program runs on tenant-isolated infrastructure (Azure OpenAI, AWS Bedrock) under contracts that prohibit training on customer data. All capture is encrypted in transit and at rest. Sensitive fields are filtered at the Decoder layer before transmission. Access is role-based and audit-logged. Healthcare deployments operate under a Business Associate Agreement (BAA).

BASG supports HIPAA Security and Privacy Rules (including the 2026 Final Rule), CMMC Levels 1–3, NIST Cybersecurity Framework (CSF), NIST SP 800-171, and the Florida Information Protection Act (FIPA). Our compliance-as-a-managed-service model includes continuous control monitoring, evidence collection, policy authoring, employee training, and audit preparation.

The 2026 HIPAA Security Rule Final Rule introduces several mandatory technical safeguards: encryption of all ePHI at rest and in transit, multi-factor authentication for systems accessing ePHI, 72-hour data recovery objectives, biannual vulnerability scans, and 24-hour business-associate breach notification. Many controls that were previously "addressable" are now "required."

The Cybersecurity Maturity Model Certification (CMMC) defines three levels for defense industrial base contractors. Level 1 (Foundational) covers basic safeguarding of federal contract information. Level 2 (Advanced) aligns to NIST SP 800-171 and is required for handling controlled unclassified information (CUI). Level 3 (Expert) adds requirements from NIST SP 800-172 for the most sensitive programs.

Yes. BASG executes Business Associate Agreements (BAAs) with all healthcare clients as required by the HIPAA Privacy and Security Rules. We support full HIPAA compliance, including the 2026 Final Rule updates.

BASG helps clients build AI governance policies covering acceptable use, data handling, vendor security review, model evaluation, audit logging, and shadow-AI risk mitigation. This is paired with security review of AI tooling, data loss prevention, and integration with existing compliance frameworks.

The 2026 HIPAA Security Rule Final Rule introduces several mandatory technical safeguards: encryption of all ePHI at rest and in transit, multi-factor authentication for systems accessing ePHI, 72-hour data recovery objectives, biannual vulnerability scans, and 24-hour business-associate breach notification. Many controls that were previously "addressable" are now "required."

Yes. BASG executes Business Associate Agreements (BAAs) with all healthcare clients as required by the HIPAA Privacy and Security Rules. We support full HIPAA compliance, including the 2026 Final Rule updates.

Yes. BASG supports the IT infrastructure, networking, security, and integrations behind major EHR platforms. We do not replace your EHR vendor's clinical support, but we ensure the underlying environment (workstations, network, identity, backup, encryption) meets HIPAA requirements and performs reliably.

Healthcare data is high-value: protected health information (PHI) sells for more than credit card numbers on dark markets, ransomware operators know clinics cannot afford downtime, and many practices run legacy systems with limited IT budgets. In recent years, the majority of Florida cyberattacks have targeted healthcare. The average healthcare breach now costs roughly $9.8M.

Yes. Procore deployment, optimization, and integration is one of BASG's signature construction services. We handle initial setup, user provisioning, integrations with accounting systems (Acumatica, Viewpoint Vista, Sage), bandwidth planning for job sites, mobile device management for field crews, and ongoing IT support.

BASG designs hurricane-resilient job-site networks using cellular failover (multi-carrier), point-to-point wireless, structured cabling for trailer setups, and satellite where required. We deploy ruggedized commercial-grade gear (not consumer routers), which holds up against South Florida heat, humidity, and storms.

Yes. BASG manages multi-site environments through site-to-site VPN, SD-WAN, centralized identity, and consistent endpoint management. We provision, monitor, and support each job site as part of a unified environment, with role-based access for foremen, project managers, and field staff.

Enterprise AI is the application of artificial intelligence — large language models, machine learning, retrieval-augmented generation, automation, predictive analytics — to business workflows. Unlike consumer AI, enterprise AI must integrate with internal data, comply with security and privacy requirements, and produce auditable outcomes.

No. While chatbots are one common application, BASG focuses on production AI with measurable business outcomes — custom AI agents that automate operations, retrieval-augmented generation systems that surface internal knowledge, document automation, predictive analytics, and integrations between AI and existing line-of-business systems.

BASG helps clients build AI governance policies covering acceptable use, data handling, vendor security review, model evaluation, audit logging, and shadow-AI risk mitigation. This is paired with security review of AI tooling, data loss prevention, and integration with existing compliance frameworks.

It can be — if the architecture is right. BASG helps clients evaluate AI vendors for data residency, training-data policies, BAA support (for healthcare), encryption, and audit logging. We deploy private and tenant-isolated models when needed, and avoid sending sensitive data to consumer AI services that may train on customer inputs.

The AI Employee Program automates entire mid-market roles — not just isolated tasks — using AI trained on how your best employees actually work. BASG's proprietary Employee Decoder captures tribal knowledge silently in the background, builds a structured knowledge base, and powers an AI employee that runs the role at 30–50% the cost of a human hire.

BASG works extensively with Microsoft Azure, Microsoft 365, Microsoft Entra ID, AWS, and Google Cloud. For most mid-market clients we recommend Microsoft 365 + Azure as the primary stack, with AWS or Google Cloud added where workload-specific advantages exist.

BASG follows an assess-design-migrate-optimize cycle. We start with a workload assessment, design the target architecture (identity, networking, security, backup), execute migration in phased waves with rollback options, then transition into managed cloud operations with ongoing cost optimization and security monitoring.

AI Employees are priced at 30–50% the loaded cost of an equivalent human role — meaning salary, benefits, payroll tax, tooling, and management overhead combined. For a typical $75K base-salary role with ~$110K all-in cost, the AI Employee runs in the $33K–$55K range annually, billed monthly. Pricing scales with role complexity, integration scope, and compliance requirements.

BASG does not publish a public rate card because pricing is scoped per client based on environment size, security requirements, compliance scope, and service tier. Most managed IT engagements are priced per user per month or per endpoint per month, with clear inclusions for monitoring, helpdesk, security, backup, and strategy reviews. For an indicative quote, contact us.

Five primary models: (1) Fully managed IT — monthly per-user/per-endpoint pricing for end-to-end IT operations; (2) Co-managed IT — monthly retainer extending an existing internal team; (3) Project-based — fixed-bid engagements for migrations, assessments, and rollouts; (4) Fractional CTO — monthly retainer for executive technology leadership; (5) Strategic consulting — time-and-materials or scoped projects.

Most managed IT and co-managed IT engagements run on 12-month terms with automatic renewal, but term lengths are negotiable based on scope and onboarding investment. Project-based engagements use fixed-scope statements of work without long-term commitments.

BASG is headquartered in Miami, Florida (33186). Our primary service area covers South Florida — Miami-Dade, Broward, and Palm Beach counties — with additional regional coverage in Texas, Georgia, and Louisiana, and remote support nationwide.

Yes. BASG has dedicated regional pages and active clients in Texas, Georgia, and Louisiana, and provides remote managed IT, cybersecurity monitoring, fractional CTO, and consulting for clients anywhere in the United States. On-site work outside the primary South Florida service area is scoped on a case-by-case basis.

Yes. The vast majority of managed IT and cybersecurity work is delivered remotely. On-site visits are scheduled for hardware deployments, low-voltage installations, hurricane-recovery work, or by client request.