Terms and Conditions

CryptIoMT provides specialized cybersecurity consulting services for healthcare organizations, including but not limited to:

• Medical Device Inventory: Complete discovery and classification of IoMT devices in your network
• Risk Analysis & Assessment: NIST-aligned risk evaluation prioritizing life-critical medical devices
• Cybersecurity Planning: Tailored security strategies that protect patients without disrupting care
• Ongoing Support: Continuous monitoring and security control implementation
• Staff Training: Healthcare-specific cybersecurity education and awareness programs

Our services are provided by Clinical Engineering Professionals with globally recognized security certifications. All assessments and recommendations are:

• NIST Framework Aligned (SP 800-37, Risk Management Framework)
• HIPAA Compliant
• FDA Aligned for medical device security
• Based on industry best practices and clinical engineering expertise

To ensure effective service delivery, clients agree to:

• Provide accurate and complete information about their healthcare environment
• Grant necessary access to systems and personnel for assessments
• Maintain confidentiality of assessment methodologies and proprietary information
• Implement recommended security controls in a timely manner
• Notify CryptIoMT of any significant changes to their IoMT environment

CryptIoMT maintains strict confidentiality standards and HIPAA compliance:

• All client information is treated as confidential and protected under HIPAA regulations
• Data Privacy Impact Assessments (PIA) are conducted for all IoMT devices
• Client data is never shared with third parties without explicit consent
• All personnel sign confidentiality agreements and undergo background checks
• Assessment reports are encrypted and securely transmitted

Our comprehensive risk assessments start at $5,000, with typical ROI of 300%+ in the first year:

• Pricing is based on scope, complexity, and number of devices assessed
• Payment terms are Net 30 days from invoice date
• Typical assessments require 2-3 days on-site with reports delivered within 1 week
• Additional services are billed at agreed-upon rates
• Travel expenses may apply for on-site assessments

While CryptIoMT provides expert guidance based on industry best practices:

• Our assessments are based on information available at the time of evaluation
• Cybersecurity is an ongoing process requiring continuous monitoring and updates
• Implementation of recommendations remains the client's responsibility
• CryptIoMT's liability is limited to the fees paid for services rendered
• We do not guarantee protection against all possible cyber threats

CryptIoMT retains ownership of:

• Assessment methodologies and proprietary frameworks
• Software tools and analysis techniques
• Template documents and reporting formats
• Training materials and educational content

Clients receive a license to use assessment reports and recommendations for their internal cybersecurity purposes only.

Either party may terminate services with 30 days written notice. Upon termination:

• All outstanding fees become immediately due
• Confidentiality obligations continue indefinitely
• Client retains rights to completed assessment reports
• CryptIoMT will securely destroy client data as requested

These Terms are governed by applicable healthcare regulations including HIPAA, and federal cybersecurity frameworks including NIST. Any disputes will be resolved through professional arbitration.