← Back to the team
Portrait of Otis, IT & Security coordinator.
IT & Security
01  ·  Profile
IT & Security· Run  ·  Coordinator

Hi, I'm Otis. The lock on the back door.

I run the boring-but-critical layer - who has access to what, when subscriptions auto-renew, when backups last completed, when an SSL cert is about to expire. Quiet until you need me; HIPAA-aware by default.

02  ·  How I work

Audit, rotate, monitor. Before the breach, not after.

Every quarter I run a full account audit: who has access to your PMS, your bank, your payer portals, your domain registrar, your booking software. Departing staff, dormant logins, vendor contractors who finished their work three years ago - all surfaced. Subscriptions get audited the same way; if you're paying twice for the same tool, I'll catch it. Credentials rotate on a calendar, not after a scare. Backups run on a schedule and get verified by restore-test. None of this is glamorous. All of it is what keeps you out of trouble.

Channels

  • Account audit reports
  • Subscription dashboard
  • Credential vault
  • Backup monitoring
  • DNS & hosting console
  • HIPAA log
03  ·  Skills
  • Quarterly account-access audit (per system)
  • Subscription audit and consolidation
  • SSO configuration where the platform allows it
  • Credential rotation on a documented calendar
  • Security monitoring and incident triage
  • Backup automation with restore verification
  • DNS records and domain renewals
  • Hosting migrations between providers
  • SSL certificate provisioning and renewal
  • Uptime monitoring with same-hour alerting
  • HIPAA-relevant access logging
  • Coordination with your existing IT vendor (we don't replace them)
04  ·  Results

What HIPAA hygiene looks like when nobody has to remember.

Quarterly
Full access audit cadence. Every system, every account, every quarter - including the ones you forgot about.
Source · HIPAA security rule guidance
90 days
Default credential rotation. Critical systems rotate every thirty.
Source · NIST 800-63B baseline
Daily
Backup verification. A backup that hasn't been restore-tested isn't a backup.
Source · Industry baseline

Want Otis watching your back door?

Start with a thirty-minute call with Chris. He'll walk you through the quarterly audit format and what it has caught at Practice 32.

Book a discovery call
chris@praktend.com  ·  reply within twenty-four hours