Which Compliance Framework Does Your Central Illinois Business Actually Need?

by Brian Ford | Oct 9, 2025 | Informational Articles

A straight answer to PCI, HIPAA, CMMC, and FEDRAMP requirements for Peoria-area companies

You process credit cards. Does that trigger PCI requirements? Your facility handles patient records. Does HIPAA apply? You bid on government contracts. Is CMMC mandatory?

These aren’t academic questions. The wrong answer costs six figures in fines, halts operations, and terminates contracts.

The Compliance Reality in Central Illinois

Manufacturing plants in Peoria handle sensitive supplier data. Medical offices throughout Bloomington-Normal store protected health information. Agriculture businesses in the Tri-County area process payment transactions. Government contractors across Central Illinois submit bids requiring security certifications.

Each scenario demands different compliance protocols. Miss the requirements, and your business faces consequences that extend far beyond penalties.

PCI DSS: When Card Processing Becomes Your Problem

Accept credit cards? You fall under Payment Card Industry Data Security Standards.

The framework isn’t optional. It applies whether you process five transactions monthly or five thousand. Requirements include network security, encrypted transmission, restricted data access, vulnerability management, and security monitoring.

Most Central Illinois businesses handle PCI through their payment processor. That’s insufficient. Your internal systems, employee devices, and network architecture require specific configurations. A breach on your watch means liability lands on you—not the processor.

HIPAA: Healthcare’s Non-Negotiable Standard

Medical practices, hospitals, dental offices, and their business associates must comply with Health Insurance Portability and Accountability Act regulations.

“Business associate” catches companies off guard. You’re not a healthcare provider, but you handle their data? HIPAA applies. This includes IT service providers, billing companies, and software vendors serving medical clients.

Requirements span technical safeguards (encryption, access controls, audit trails), physical safeguards (facility security, device management), and administrative safeguards (risk assessments, training programs, incident response plans).

Illinois healthcare organizations face state-level regulations alongside federal HIPAA requirements. That compounds complexity.

CMMC: The New Gatekeeper for Defense Contractors

Cybersecurity Maturity Model Certification changed government contracting in 2024. You can’t bid on Department of Defense contracts without the appropriate CMMC level.

The framework has three levels. Level 1 covers basic cyber hygiene—seventeen practices protecting Federal Contract Information. Level 2 addresses moderate security—110 practices protecting Controlled Unclassified Information. Level 3 handles advanced threats—requires dedicated security personnel and sophisticated defenses.

Central Illinois manufacturers supplying defense contractors discovered CMMC blocks contract awards. Achieving certification requires months of preparation, documentation, remediation, and third-party assessment.

Starting compliance work after winning a bid? Too late.

FEDRAMP: Cloud Services for Federal Agencies

Your company provides cloud services to federal agencies? Federal Risk and Authorization Management Program governs you.

FEDRAMP authorization takes 6-18 months. Budget runs $250,000-$500,000 for initial authorization. The process demands security controls documentation, independent assessment, continuous monitoring, and annual reviews.

Few Central Illinois businesses pursue FEDRAMP unless federal cloud services represent their business model. When required, half-measures don’t work.

How to Determine Your Actual Requirements

Start with your business operations:

Do you accept credit cards? PCI applies. Level depends on transaction volume.

Do you handle patient information? HIPAA applies if you’re a covered entity or business associate.

Do you bid on DoD contracts or supply defense contractors? CMMC certification becomes mandatory.

Do you provide cloud services to federal agencies? FEDRAMP authorization is required.

Many Peoria-area businesses face multiple frameworks simultaneously. A medical device manufacturer might need HIPAA for patient data, PCI for payment processing, and CMMC for government contracts.

What Compliance Actually Costs

Non-compliance costs more than compliance. HIPAA violations run $100-$50,000 per violation, capped at $1.5 million annually per requirement. PCI breaches trigger card brand fines starting at $5,000 monthly until resolution. CMMC non-compliance means disqualification from contracts worth millions.

Implementation costs vary. Basic PCI compliance for small businesses: $3,000-$10,000 initially, ongoing maintenance included in managed IT services. HIPAA compliance for medical practices: between $5,000-$15,000 for risk assessments and remediation, plus continuous monitoring. CMMC Level 2 certification: often between $50,000-$150,000 including remediation, documentation, and assessment.

These numbers assume competent guidance. DIY compliance attempts usually cost more after fixing mistakes.

Why Central Illinois Businesses Fail Compliance Audits

Three patterns repeat:

Incomplete documentation. You implemented security controls but can’t prove it. Auditors require written policies, training records, and evidence of consistent application.

Scope misunderstanding. You secured your servers but ignored employee devices, cloud services, or vendor access. Compliance covers your entire environment.

Point-in-time thinking. You achieved compliance for the audit, then stopped maintaining controls. Regulations require continuous adherence.

The Right Approach for Illinois Businesses

Compliance isn’t a checkbox. It’s a security posture that protects your operations while meeting regulatory requirements.

Assessment comes first. What data do you handle? Where does it live? Who accesses it? Which regulations apply? What gaps exist between current state and required controls?

Remediation follows assessment. Implement missing controls, document existing practices, train personnel, establish monitoring systems, and create incident response procedures.

Maintenance sustains compliance. Regular reviews, updated documentation, ongoing training, vulnerability management, and audit readiness.

When to Bring in Compliance Specialists

Internal IT staff rarely have compliance expertise. Regulations change. Interpretation requires experience. Implementation demands specialized knowledge. Assessment needs objectivity.

Compliance consulting provides:

• Accurate scope determination
• Gap analysis against requirements
• Remediation roadmaps
• Documentation templates
• Implementation guidance
• Pre-audit assessments
• Ongoing support

For Illinois businesses, local expertise matters. Compliance consultants familiar with regional industries, state regulations, and Central Illinois business environments deliver relevant guidance.

Your Next Step

Determine which frameworks govern your operations. Document your current security posture. Identify gaps. Build a remediation plan.

Or call specialists who’ve guided Central Illinois businesses through hundreds of compliance projects.

Facet Technologies has helped Peoria-area manufacturers achieve CMMC certification, brought medical practices into HIPAA compliance, and secured payment systems under PCI requirements for three decades.

We assess. We remediate. We document. We maintain.

Contact Facet Technologies:
(309) 689-3900
info@facettech.com
3024 W. Lake Ave., Peoria, IL 61615

Or fill out the form below to request your consultation and compliance checklist for your industry:

5 HIPAA Violations Costing Medical Practices Millions (And How to Stop Them)

by Brian Ford | Oct 2, 2025 | Informational Articles

Federal regulators collected nearly $145 million in HIPAA fines since enforcement began. In 2024 alone, 22 investigations ended in penalties—one of the busiest years on record.

For medical practices across Central Illinois, the question isn’t whether you’ll be audited. It’s whether you’re ready when it happens.

The Office for Civil Rights closed 22 HIPAA investigations with financial penalties in 2024, making it among the busiest enforcement years to date. Small practices now face the same scrutiny as large health systems. In 2022, 55% of OCR’s financial penalties targeted small medical practices.

Here’s what’s putting Peoria-area practices at risk—and how to fix it.

Violation #1: Missing or Incomplete Risk Analysis

The Problem: Your practice has never conducted a thorough HIPAA risk analysis, or the last one happened years ago.

Risk analysis failures rank among the most commonly identified HIPAA violations. In OCR’s 2016-2017 audit round, most audited entities failed to comply with this Security Rule provision.

OCR launched a new enforcement initiative in 2024 specifically targeting risk analysis violations. More than half of the 22 enforcement actions in 2024 involved risk analysis failures.

Real Case: Vision Upright MRI, a small California imaging provider, paid $5,000 after OCR discovered they’d never conducted a HIPAA-compliant risk analysis. Their unsecured server exposed 21,778 patient records.

The Fix: Annual risk assessments identify where patient data lives, who can access it, and what protections exist. Facet’s compliance team conducts comprehensive assessments for medical practices throughout Central Illinois, mapping your specific vulnerabilities and creating actionable remediation plans.

Violation #2: Unencrypted Devices and Lost Data

The Problem: Laptops, tablets, and smartphones containing patient information lack encryption or password protection.

Children’s Medical Center of Dallas lost 3,800 patient records when a stolen Blackberry had no password protection or encryption. The center paid the full fine.

Theft happens. Equipment failures occur. The difference between a minor incident and a reportable breach often comes down to encryption.

The Fix: Device encryption isn’t optional anymore. Facet’s managed IT services include:

• Mandatory encryption on all devices accessing patient data
• Multi-factor authentication for network access
• Remote wipe capabilities for lost or stolen devices
• Mobile device management for staff smartphones and tablets

Our 24/7/365 monitoring catches unauthorized access attempts in real-time, with threat containment averaging under nine minutes.

Violation #3: Employees Accessing Records Without Authorization

The Problem: Staff members view patient records out of curiosity, not medical necessity.

Accessing health records for unauthorized reasons represents one of the most common HIPAA violations committed by employees. UCLA Health System paid $865,000 after a physician accessed celebrity patient records without authorization.

Most violations stem from momentary lapses by staff with limited education and understanding, particularly during routine tasks.

Real Case: Thirteen UCLA Medical Center employees were fired and six physicians suspended for accessing Britney Spears’s medical records without consent in 2008.

The Fix: Technology alone can’t solve human behavior. Facet provides:

• Regular phishing simulations that test staff awareness
• Security training modules tailored to medical practices
• Access control monitoring that flags unusual record access patterns
• Bi-weekly “Cyber Treats” newsletter with practical security tips

Research shows regular training reduces phishing risk from 60% to 10% over 12 months.

Violation #4: Delayed Patient Access to Medical Records

The Problem: Patients request their records and wait weeks—or months—for complete files.

OCR’s HIPAA Right of Access enforcement initiative, launched in late 2019, has resulted in 51 penalties for failing to provide timely access to medical records.

Real Case: Oregon Health & Science University took 16 months and two OCR interventions to provide complete records to a patient’s personal representative. OCR imposed a $200,000 penalty.

The HIPAA Privacy Rule requires records within 30 days of a request. No exceptions for staffing shortages or “difficult” patients.

The Fix: Efficient records management prevents these violations:

• Cloud-based electronic health records with patient portals
• Automated request tracking systems
• Clear written procedures for records requests
• Regular staff training on compliance timelines

Facet’s managed services include Office 365 backup solutions that ensure records remain accessible even during system failures or ransomware attacks.

Violation #5: Inadequate Firewall Protection

The Problem: Your practice uses outdated firewall equipment or lacks proper network segmentation.

Modern threats demand modern defenses. Legacy firewalls can’t detect sophisticated attacks targeting healthcare data.

The Fix: Facet’s managed firewall service provides:

• Next-generation firewall appliances replaced every two years
• Intrusion prevention and application control
• Real-time threat intelligence updates
• Complete management—no hidden replacement costs

Our hardware-as-a-service model means you never face unexpected expenses when equipment becomes obsolete. We handle configurations, updates, and proactive monitoring 24/7/365.

Why HIPAA Compliance Matters Now More Than Ever

Penalties range from $141 per violation for unknowing mistakes to $2,134,831 per violation for willful neglect, with annual caps reaching $1.5 million per violation category.

But fines tell only part of the story. HIPAA violations damage patient trust, trigger malpractice insurance increases, and create public relations nightmares. Your practice’s name appears permanently on OCR’s “Wall of Shame” breach portal, listing the offense, date, and individuals affected.

For Peoria and Central Illinois medical practices competing for patients, reputation matters.

Building a Compliance Strategy That Works

HIPAA compliance isn’t a one-time project. It requires ongoing attention across three areas:

Technical Controls: Encryption, firewalls, access controls, and monitoring systems that protect patient data 24/7.

Administrative Controls: Written policies, risk assessments, and business associate agreements that document your compliance efforts.

Physical Controls: Locked file rooms, screen privacy filters, and secure disposal procedures that prevent unauthorized access.

Facet’s approach addresses all three. We’ve helped medical practices throughout Central Illinois achieve and maintain compliance for over 30 years. Our team understands the specific challenges facing smaller practices—limited IT budgets, small staff sizes, and the need to focus on patient care rather than technology management.

Frequently Asked Questions

Q: How often should my practice conduct a HIPAA risk analysis?

A: At minimum, annually. However, you should also conduct assessments whenever you add new systems, change IT vendors, experience a security incident, or significantly modify how you handle patient data. OCR’s 2024 enforcement initiative specifically targets inadequate or infrequent risk analyses.

Q: Does HIPAA require encryption?

A: Not explicitly. However, HIPAA requires security measures sufficient to reduce risks to a reasonable level. If you don’t use encryption, you must implement equivalent safeguards to protect electronic patient information. Most OCR settlements involving lost or stolen devices cite lack of encryption as a violation.

Q: Can small practices really afford HIPAA-compliant IT?

A: You can’t afford not to. A single violation can cost more than years of proper IT security. Facet structures services specifically for small and mid-size practices, with transparent monthly pricing that includes security tools many providers charge extra for—like multi-factor authentication, managed firewalls, and employee training.

Q: What happens if we discover a potential HIPAA violation?

A: You have 60 days to report breaches affecting 500 or more individuals. Smaller breaches must be reported annually. Failure to report breaches represents a separate HIPAA violation. Facet’s incident response team helps practices assess potential breaches, determine reporting requirements, and implement corrective actions quickly.

Q: How do I know if my current IT provider is keeping me HIPAA compliant?

A: Ask these questions:

• When was our last comprehensive risk analysis?
• Are all devices accessing patient data encrypted?
• Do we have signed business associate agreements with all vendors?
• How quickly can we provide patients with their medical records?
• What monitoring protects our network 24/7?

If your provider can’t answer immediately, you may have gaps.

Your Next Step

HIPAA violations are preventable. The practices paying six-figure penalties didn’t set out to break the rules—they simply didn’t know what they didn’t know.

Facet Technologies has protected medical practices across Central Illinois for three decades. Our team knows the specific challenges you face. We’ve helped practices of all sizes—from solo practitioners to multi-location clinics—achieve HIPAA compliance without breaking their budgets.

Schedule a free HIPAA compliance consultation with our team. We’ll assess your current posture, identify immediate risks, and provide a checklist of action items—even if you choose not to work with us.

Because your patients trust you with their most sensitive information. You should trust your IT partner to protect it.

Contact Facet Technologies:

• Call: (309) 689-3900
• Email: info@facettech.com
• Visit: facettech.com/contact-us

Located in Peoria, serving medical practices throughout Central Illinois.

Sources

1. HIPAA Journal. “HIPAA Violation Fines – Updated for 2025.” https://www.hipaajournal.com/hipaa-violation-fines/
2. U.S. Department of Health and Human Services. “Enforcement Highlights – Current.” https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/data/enforcement-highlights/index.html
3. HIPAA Journal. “Healthcare Data Breach Statistics.” https://www.hipaajournal.com/healthcare-data-breach-statistics/
4. HIPAA Journal. “HIPAA Violation Cases – Updated 2024.” https://www.hipaajournal.com/hipaa-violation-cases/
5. HIPAA Journal. “The Most Common HIPAA Violations You Must Avoid – 2025 Update.” https://www.hipaajournal.com/common-hipaa-violations/
6. National Center for Biotechnology Information. “Health Insurance Portability and Accountability Act (HIPAA) Compliance.” https://www.ncbi.nlm.nih.gov/books/NBK500019/
7. Secureframe. “HIPAA Violation Examples in 2025: 20 Common Violations With Real-World Enforcement Cases.” https://secureframe.com/hub/hipaa/violations

In-House vs. Outsourced IT: Total Cost Analysis for Peoria Businesses

by Ellie Shaw | Jul 17, 2025 | Informational Articles

A comprehensive guide to understanding the true costs of IT staffing decisions for Central Illinois organizations

Executive Summary

Bottom Line: For most Peoria businesses with 25-150 employees, outsourcing IT to a managed service provider costs 40-60% less than maintaining an in-house IT team while providing superior security, expertise, and 24/7 support. Co-managed services offer an excellent hybrid option for organizations with existing IT staff who need specialized support in cybersecurity and compliance.

Key Findings:

• In-house IT: $120,000-$450,000+ annually (including benefits, training, and equipment)
• Managed IT Services: $30,000-$360,000 annually (typically $150-$200 per user/month)
• Co-managed Services: $15,000-$180,000 annually (ideal for existing IT teams needing specialized support)
• Break-even point: Organizations with 100+ employees may benefit from hybrid co-managed models

Understanding the True Cost of In-House IT

Direct Salary Costs in Central Illinois

Based on 2025 market data for the Peoria area and Illinois:

IT Support Technician:

• Entry-level: $40,000-$48,000 annually
• Experienced: $48,000-$58,000 annually
• Average hourly: $22.08 per hour in Peoria area

IT Specialist/Systems Administrator:

• Average salary: $54,874 annually for IT specialists in Illinois
• Mid-level: $55,000-$70,000 annually
• Senior level: $70,000-$85,000 annually

IT Manager:

• Average salary: $141,785 annually for IT managers in Peoria
• Range: $115,700-$167,278 annually
• Senior leadership: $150,000-$180,000 annually

Cybersecurity Specialist:

• Entry-level: $70,000-$85,000 annually
• Experienced: $85,000-$110,000 annually
• Senior specialist: $110,000-$140,000 annually

Compliance Specialist:

• Healthcare/HIPAA: $65,000-$90,000 annually
• Multi-standard (PCI, CMMC): $75,000-$110,000 annually
• Senior compliance: $95,000-$125,000 annually

Hidden Costs of In-House IT Staff

Benefits and Payroll Taxes (29.7-31.2% of salary for private industry):

• Health insurance: $7,034 annually for single coverage (employer portion), with total costs expected to surpass $16,000 per employee in 2025
• FICA (Social Security and Medicare): 7.65% of salary up to $176,100 for Social Security (6.2%) plus 1.45% Medicare on all wages
• Unemployment insurance: 0.1-0.4% of salary (FUTA) plus state rates varying by experience
• Workers’ compensation: Approximately 1% of total compensation package
• Paid time off: 15-25 days annually (equivalent to 6-10% of salary)
• Professional development: $3,000-$8,000 per employee annually

Equipment and Infrastructure:

• Workstation setup: $2,500-$4,500 per IT employee
• Specialized software licenses: $2,000-$15,000 annually per employee
• Security tools and monitoring: $5,000-$20,000 annually per team
• Training and certifications: $3,000-$8,000 per employee annually
• Conference attendance: $2,500-$6,000 annually per employee

Management Overhead:

• HR administration costs: $1,800-$3,500 per employee
• Performance management: 8-12% of manager’s time
• Recruitment and onboarding: $8,000-$20,000 per position
• Knowledge management and documentation: 5-10% of team time

Skills Gap Challenges

Cybersecurity Expertise Gap:

• High demand for qualified professionals
• Salary premium: 20-40% above general IT roles
• Continuous training required due to evolving threats
• Difficulty finding experienced candidates in Central Illinois market

Compliance Knowledge Requirements:

• Healthcare (HIPAA): Specialized training and ongoing education
• Payment processing (PCI DSS): Complex technical and procedural requirements
• Government contracting (CMMC): Emerging standards with limited expertise
• Multi-standard environments: Rare skill set commanding premium salaries

Total In-House IT Cost Examples

Small Business (25 employees) – Basic IT Support:

• 1 IT Technician: $52,000 salary + $15,800 benefits (30.4% of salary) = $67,800
• Equipment and training: $6,000 annually
• Management overhead: $3,500
• Total: $77,300 annually
• Limitations: No cybersecurity expertise, no 24/7 coverage, limited compliance knowledge

Medium Business (50 employees) – Comprehensive IT:

• 1 IT Manager: $142,000 + $43,200 benefits (30.4% of salary) = $185,200
• 1 IT Technician: $55,000 + $16,700 benefits = $71,700
• Equipment and training: $14,000 annually
• Management overhead: $9,000
• Total: $279,900 annually
• Gap: Still lacks dedicated cybersecurity and compliance expertise

Large Business (150 employees) – Full IT Department:

• 1 IT Manager: $155,000 + $47,100 benefits = $202,100
• 2 IT Technicians: $115,000 + $35,000 benefits = $150,000
• 1 Systems Administrator: $75,000 + $22,800 benefits = $97,800
• 1 Cybersecurity Specialist: $95,000 + $28,900 benefits = $123,900
• Equipment and training: $25,000 annually
• Management overhead: $20,000
• Total: $618,800 annually

Managed IT Services Cost Analysis

2025 Managed Services Pricing

Note: The following are general industry pricing ranges. Actual costs vary significantly based on specific business needs, infrastructure complexity, and service requirements. Many providers, including Facet Technologies, create customized solutions that may fall outside these general ranges. These prices reflect managed services only and do not include services like cloud servers, hardware or hosting.

Per-User Pricing Model (Most Common):

• Basic monitoring and support: $99-$150 per user/month
• Comprehensive managed services: $150-$200 per user/month
• Advanced security and compliance: $250-$400 per user/month

What’s Included in Managed Services

Basic Package ($99-$150/user/month):

• 24/7 network monitoring and alerting
• Remote help desk support during business hours
• Basic security (antivirus, firewall management)
• Email support and spam filtering
• Software updates and patch management
• Basic data backup
• Planning and quarterly reviews

Comprehensive Package ($150-$200/user/month):

• All basic services plus:
• Proactive maintenance and optimization
• Advanced cybersecurity (EDR, multi-factor authentication)
• Enhanced data backup and recovery
• Cloud services management
• Strategic IT planning and quarterly reviews
• Basic compliance support

Advanced Package ($200-$300/user/month):

• All comprehensive services plus:
• 24/7 Security Operations Center (SOC) monitoring
• Advanced compliance management (HIPAA, PCI, CMMC)
• Advanced threat detection and response
• Dedicated account management
• Priority on-site support
• Advanced cybersecurity training

Managed IT Cost Examples

These are general industry ranges for reference. Actual pricing varies based on specific business requirements, existing infrastructure, and customized service packages.

Small Business (25 employees):

• Basic package: $2,475-$3,750/month = $29,700-$45,000/year
• Comprehensive package: $3,750-$5,000/month = $45,000-$60,000/year

Medium Business (50 employees):

• Basic package: $4,950-$7,500/month = $59,400-$90,000/year
• Comprehensive package: $7,500-$10,000/month = $90,000-$120,000/year

Large Business (150 employees):

• Basic package: $14,850-$22,500/month = $178,200-$270,000/year
• Comprehensive package: $22,500-$30,000/month = $270,000-$360,000/year

Note: Many providers, including Facet Technologies, offer customized solutions that may not fit standard per-user pricing models. Factors such as existing infrastructure, specific compliance requirements, and unique business needs all influence final pricing.

Co-Managed IT: The Strategic Hybrid Solution

What is Co-Managed IT?

Co-managed IT services represent a partnership model where your existing in-house IT staff works alongside an external managed service provider. This hybrid approach allows you to maintain internal control while gaining access to specialized expertise, advanced security capabilities, and 24/7 monitoring.

When Co-Managed Services Are Ideal

Perfect Scenarios:

• Organizations with 1-3 existing IT staff members who need specialized support
• Companies requiring advanced cybersecurity expertise beyond their team’s capabilities
• Businesses facing compliance requirements (HIPAA, PCI, CMMC) that demand specialized knowledge
• IT departments overwhelmed by security incidents and need SOC support
• Organizations wanting to retain strategic IT control while outsourcing routine monitoring

Key Benefits:

• Leverage existing IT investment while filling skill gaps
• 24/7 monitoring and security without hiring night staff
• Access to specialized compliance and cybersecurity expertise
• Predictable costs for enhanced capabilities
• Allows internal IT to focus on strategic business initiatives

Co-Managed Service Models and Pricing

Important: These are industry-wide pricing ranges for reference only. Each organization has unique requirements that affect actual pricing. At Facet Technologies, we customize co-managed solutions based on your specific needs, existing infrastructure, and business objectives.

Basic Co-Management ($50-$100/user/month):

• 24/7 network and security monitoring
• Backup monitoring and management
• Patch management support
• Basic help desk overflow support
• Security incident response

Advanced Co-Management ($75-$150/user/month):

• All basic services plus:
• SOC monitoring and threat response
• Compliance monitoring and reporting
• Advanced cybersecurity tools and management
• Dedicated cybersecurity consulting hours
• Strategic planning support

Specialized Services (à la carte):

• HIPAA compliance management: $25-$50/user/month
• PCI DSS compliance: $20-$40/user/month
• CMMC preparation and maintenance: $30-$60/user/month
• Advanced threat hunting: $15-$30/user/month

Critical Support Even for “Self-Sufficient” IT Teams

The Reality: No IT Team Is Truly Independent

Even organizations with capable in-house IT staff typically require external support in critical areas that are difficult to manage internally:

Software Licensing Management:

• Volume licensing negotiations and compliance
• License optimization and cost management
• Software audit preparation and response
• New technology evaluation and procurement

Cybersecurity Expertise:

• 24/7 security monitoring and threat detection
• Incident response and forensic analysis
• Security tool management and optimization
• Compliance reporting and documentation

Specialized Compliance Requirements:

• HIPAA, PCI, CMMC, and other regulatory frameworks
• Risk assessments and remediation planning
• Policy development and implementation
• Audit preparation and support

Why Even Small IT Teams Need Partners Like Facet:

1. You can’t monitor 24/7 – Your IT person needs sleep, vacations, and sick days
2. Cybersecurity is a full-time specialization – Threats evolve faster than any single person can track
3. Compliance requires dedicated expertise – Regulations change frequently and penalties are severe
4. Software licensing is complex – Mistakes can cost thousands in audit penalties
5. Emergency response needs immediate expertise – Ransomware and breaches require specialized knowledge

Facet’s Flexible Co-Managed Approach:

We work with organizations of all sizes, from single-person IT departments to full teams. Our approach is to complement your existing capabilities rather than replace them, providing:

• Targeted expertise in areas where you need support
• 24/7 monitoring to extend your coverage
• Software licensing management to optimize costs and ensure compliance
• Cybersecurity enhancements to protect against evolving threats
• Flexible engagement models that scale with your needs

Co-Managed Cost Examples

These examples use general industry pricing for illustration. Actual costs depend on specific requirements, existing infrastructure, and customized service packages.

Small Business (25 employees) with 1 IT person:

• Existing IT staff: $67,800 annually
• Basic co-management: $15,000-$30,000 annually
• Total: $82,800-$97,800 annually
• Value: Gains 24/7 monitoring, cybersecurity expertise, compliance support

Medium Business (50 employees) with 2 IT staff:

• Existing IT staff: $139,500 annually (2 technicians)
• Advanced co-management: $45,000-$90,000 annually
• Total: $184,500-$229,500 annually
• Value: SOC monitoring, compliance management, advanced security tools

Large Business (150 employees) with 3-4 IT staff:

• Existing IT staff: $348,800 annually
• Comprehensive co-management: $135,000-$270,000 annually
• Total: $483,800-$618,800 annually
• Value: Enterprise-grade security, full compliance support, strategic partnership

Single IT Person Scenario: Even if you have just one capable IT professional, they likely need support with:

• Software licensing optimization: Save 15-30% on annual software costs
• 24/7 security monitoring: Provide coverage when your IT person isn’t available
• Compliance management: Ensure HIPAA, PCI, or other regulatory requirements are met
• Cybersecurity expertise: Access to specialized tools and incident response capabilities

Facet works with businesses of all sizes to provide exactly the support needed, whether that’s comprehensive co-management or targeted assistance in specific areas like cybersecurity and compliance.

Industry-Specific Example: Healthcare Organizations

Unique Healthcare IT Challenges

Compliance Requirements:

• HIPAA Privacy and Security Rules
• HITECH Act breach notification requirements
• State-specific healthcare data protection laws
• Medical device security and integration

Cost Implications for In-House Healthcare IT:

50-Person Medical Practice – In-House Approach:

• IT Manager (HIPAA-trained): $155,000 + $47,100 benefits = $202,100
• IT Technician (healthcare experience): $58,000 + $17,600 benefits = $75,600
• HIPAA compliance training: $5,000 annually
• Specialized healthcare IT tools: $15,000 annually
• Risk assessment and documentation: $8,000 annually
• Total: $305,700 annually

50-Person Medical Practice – Managed Services:

• Healthcare-specialized managed services: $200-$250/user/month (industry range)
• HIPAA compliance included
• Medical device support
• Breach response planning
• Total: $120,000-$150,000 annually
• Savings: $155,700-$185,700 (51-61% reduction)

50-Person Medical Practice – Co-Managed:

• 1 existing IT person: $75,600 annually
• Healthcare co-managed services: $75-$125/user/month = $45,000-$75,000 annually (industry range)
• Total: $120,600-$150,600 annually
• Savings: $155,100-$185,100 (51-61% reduction)
• Benefits: Retains internal IT control, gains HIPAA expertise and SOC monitoring

Important: Healthcare IT requirements are highly specific. These cost estimates are based on general industry pricing. Facet creates customized healthcare IT solutions based on specific practice needs, existing systems, and compliance requirements. Actual pricing may vary significantly based on factors such as electronic health records integration, medical device connectivity, and specific HIPAA risk assessment findings.

Break-Fix vs. Managed vs. Co-Managed: The Hidden Costs

Break-Fix Model Risks

Hourly Rates in Central Illinois:

• Basic technician: $150-$250/hour
• Emergency/after-hours: $250-$350/hour
• Cybersecurity incident response: $300-$500/hour

Typical Break-Fix Scenarios:

• Server failure: $2,000-$8,000 per incident
• Ransomware attack: $15,000-$100,000+ (including downtime)
• Compliance violation: $50,000-$500,000 in fines
• Data breach: $150,000+ average cost for small businesses

Why Proactive Management Saves Money

Prevented Incidents:

• 90% reduction in security incidents with proper monitoring
• 75% reduction in system downtime with proactive maintenance
• 80% reduction in compliance violations with proper oversight
• 60% reduction in user productivity issues with managed services

Financial Analysis: 5-Year Total Cost of Ownership

Small Business (25 employees)

In-House IT:

• Year 1: $85,000 (hiring, setup, equipment)
• Years 2-5: $80,000/year (salary increases, training)
• 5-Year Total: $405,000
• Risk: Limited expertise, no 24/7 coverage

Managed Services (Comprehensive):

• Years 1-5: $52,500/year average
• 5-Year Total: $262,500
• Savings: $142,500 (35% reduction)

Co-Managed Services:

• Existing IT: $70,000/year + Co-managed: $22,500/year
• 5-Year Total: $462,500
• Value: Enhanced capabilities with existing staff

Medium Business (50 employees)

In-House IT:

• Year 1: $295,000 (hiring, setup, equipment)
• Years 2-5: $285,000/year (salary increases, benefits)
• 5-Year Total: $1,435,000
• Gap: Still lacks cybersecurity specialist

Managed Services (Comprehensive):

• Years 1-5: $105,000/year average
• 5-Year Total: $525,000
• Savings: $910,000 (63% reduction)

Co-Managed Services:

• Existing IT: $144,000/year + Co-managed: $67,500/year
• 5-Year Total: $1,057,500
• Savings: $377,500 (26% reduction)
• Value: Retains control, adds expertise

Large Business (150 employees)

In-House IT (Full Department):

• Year 1: $650,000 (hiring, setup, equipment)
• Years 2-5: $630,000/year (salary increases, benefits)
• 5-Year Total: $3,170,000

Managed Services (Comprehensive):

• Years 1-5: $315,000/year average
• 5-Year Total: $1,575,000
• Savings: $1,595,000 (50% reduction)

Co-Managed Services:

• Existing IT: $400,000/year + Co-managed: $200,000/year
• 5-Year Total: $3,000,000
• Savings: $170,000 (5% reduction)
• Value: Maximum control with enterprise-grade capabilities

Beyond Cost: Strategic Value Considerations

In-House IT Advantages

Control and Customization:

• Direct management of IT resources and priorities
• Immediate availability during business hours
• Deep knowledge of specific business processes and workflows
• Ability to customize solutions exactly to unique business needs
• Complete control over security policies and implementations

Managed Services Advantages

Comprehensive Expertise:

• Access to diverse, specialized skill sets unavailable locally
• Continuous training on latest technologies and threats
• Industry best practices and proven methodologies
• 24/7 monitoring and support capabilities
• Predictable monthly costs with no surprises

Co-Managed Services: Best of Both Worlds

Strategic Benefits:

• Retain internal IT knowledge and business understanding
• Gain access to specialized cybersecurity and compliance expertise
• 24/7 monitoring without hiring additional staff
• Flexible engagement model that scales with business needs
• Cost-effective way to fill critical skill gaps

Operational Benefits:

• Internal IT focuses on strategic business initiatives
• External partner handles routine monitoring and security
• Immediate access to incident response capabilities
• Compliance expertise without full-time specialist salary
• Technology refresh planning with expert guidance

Making the Right Choice for Your Business

Choose In-House IT When:

• You have 100+ employees with highly complex, unique IT requirements
• Your industry requires maximum control over all IT operations
• You have budget for ongoing training, certifications, and technology refresh
• Your IT requirements are stable and predictable
• You can afford redundancy for 24/7 coverage and vacation coverage
• You have access to local cybersecurity and compliance talent

Choose Managed Services When:

• You have fewer than 100 employees
• You need 24/7 support and monitoring capabilities
• Cybersecurity and compliance are major concerns
• You want predictable, comprehensive IT costs
• You lack specialized IT expertise in-house
• Your focus should be on core business operations, not IT management
• You need rapid access to diverse technical skills

Choose Co-Managed Services When:

• You have 1-3 existing IT staff who need specialized support
• You want to retain internal IT control while gaining expertise
• You need cybersecurity or compliance capabilities beyond your team’s skills
• You’re looking for 24/7 monitoring without hiring additional staff
• You want to transition gradually from in-house to managed services
• You need specific expertise (security, compliance) without full-time hires

Questions to Ask When Evaluating Options

For Managed Service Providers

Service and Support:

1. What is your guaranteed response time for different types of issues?
2. Do you provide 24/7 support, and what is included in the base price?
3. How do you handle emergency situations and after-hours support?
4. What is your escalation process for complex technical issues?

Security and Compliance: 5. What cybersecurity measures are included in your base package? 6. How do you handle industry-specific compliance requirements? 7. What is your incident response process for security breaches? 8. Do you provide ongoing security awareness training for employees?

Co-Managed Capabilities: 9. How do you work with existing in-house IT staff? 10. What tools and access will you provide to our internal team? 11. How do you handle knowledge transfer and collaboration? 12. Can you provide training and mentoring for our IT staff?

For In-House IT Planning

Skill Assessment:

1. What are the current skill gaps in our IT team?
2. How much will it cost to fill these gaps through hiring or training?
3. Do we have coverage for vacations, sick leave, and emergencies?
4. How will we stay current with evolving cybersecurity threats?

Growth Planning: 5. How will our IT needs change as we grow? 6. Can we scale our IT team cost-effectively? 7. What will technology refresh cycles cost over the next 5 years? 8. How will we handle compliance requirements as they evolve?

Conclusion: The Strategic Path Forward

The choice between in-house, managed, and co-managed IT isn’t just about immediate costs—it’s about positioning your business for sustainable growth while managing risk effectively. For most Peoria businesses, a hybrid approach offers the optimal balance of control, expertise, and cost-effectiveness.

Key Decision Factors:

1. Business Size and Complexity: Smaller organizations (under 50 employees) typically benefit most from managed services, while larger organizations may prefer co-managed approaches
2. Industry Requirements: Healthcare, manufacturing, and other regulated industries often require specialized compliance expertise best obtained through managed or co-managed services
3. Existing IT Investment: Organizations with current IT staff can leverage co-managed services to enhance capabilities without starting over
4. Growth Plans: Managed and co-managed services offer better scalability for growing businesses
5. Risk Tolerance: 24/7 monitoring and specialized security expertise are typically more cost-effective through managed services

Recommended Next Steps:

1. Conduct a comprehensive IT cost analysis including all hidden expenses and opportunity costs
2. Assess your current cybersecurity and compliance posture against industry requirements
3. Evaluate your existing IT team’s skills and identify critical gaps
4. Schedule a consultation with Facet Technologies to discuss your specific needs and explore customized solutions
5. Request a detailed cost analysis based on your actual infrastructure and requirements rather than industry averages

Why Schedule a Consultation with Facet?

• Free, no-obligation assessment of your current IT infrastructure and costs
• Customized recommendations based on your specific business needs, not generic solutions
• Transparent pricing with detailed explanations of what’s included and what’s not
• Local expertise with over 30 years of experience serving Central Illinois businesses
• Flexible engagement options from targeted co-managed services to comprehensive managed IT
• Industry-specific knowledge including healthcare, manufacturing, and compliance requirements

Even if you think your in-house IT is sufficient, a consultation can reveal:

• Potential cost savings through software licensing optimization
• Critical security gaps that need immediate attention
• Compliance risks that could result in significant penalties
• Opportunities to enhance your IT capabilities without major investments

Remember: The cost of prevention is always less than the cost of recovery. Whether you need comprehensive managed services, targeted co-managed support, or just want to ensure you’re not missing critical vulnerabilities, Facet’s experts can help you make informed decisions about your IT strategy.

The most successful businesses are those that leverage the right combination of internal capabilities and external expertise to achieve their strategic objectives. For most Central Illinois organizations, this means embracing a partnership approach to IT that combines the best of in-house knowledge with managed service capabilities.

Ready to Optimize Your IT Strategy?

Don’t base critical business decisions on general industry pricing. Every organization has unique requirements that affect both costs and optimal solutions. Whether you’re looking to reduce costs, enhance security, ensure compliance, or simply want a second opinion on your current IT approach, Facet’s experts are here to help.

Schedule your free consultation today to receive:

• Customized cost analysis based on your actual infrastructure
• Specific recommendations for your industry and business size
• Transparent pricing with no hidden fees or surprises
• Flexible solutions that work with your existing IT investments
• Expert guidance from a team with over 30 years of local experience

Contact Facet Technologies at (309) 689-3900 or visit facettech.com to schedule your free assessment. Because when it comes to IT strategy, one size doesn’t fit all.