Big “I” Cyber Resources
Empower your agency with smart, strategic technology insights.
Agency Cyber Roadmap & Resources.
How to Use This Roadmap.
This roadmap is designed to help agencies understand cybersecurity regulatory requirements. While the steps are listed in a suggested sequence, you can explore them in any order. However, to gain a complete picture of your risks, we recommend starting with a Risk Assessment. From there, identify the areas that matter most to your organization and prioritize your next steps.
For each regulation, we have listed examples of industry and external resources. ACT provides these based on our awareness of services offered, but does not endorse any specific service providers.
Risk Assessment.
Typically this is the first step on your roadmap. A Risk Assessment is the identification of hazards that could negatively impact an organization’s ability to conduct business. These assessments help identify inherent business risks and provide measures, processes, and controls to reduce the impact of these risks to business operations. The assessment should include a risk mitigation checklist.
Resources presented by the National Cyber Alliance on how to stay safe online.
A cybersecurity and forensics firm supporting businesses nationwide.
Written Security Policy.
A security policy is a document that states in writing how a company plans to protect the company’s physical and information technology (IT) assets. It can also be referred to as a “written information security policy” or “WISP”.
The document must detail your agency’s operations for security, governance, inventories, controls, continuity and disaster planning and systems monitoring. This includes internal and external mitigation policies.
ACT Cybersecurity Policy Template
A free agency resource to create a written agency security policy – Requires Big ‘I’ ID & password to access.
FCC Cyber Security Planning Guide
This planning guide is designed to meet the specific needs of your company, using the FCC’s customizable Small Biz Cyber Planner tool.
Incident Response Plan.
An Incident Response Plan is an organized approach to addressing and managing the aftermath of a security breach or attack (also known as an ‘incident’). The goal is to handle the situation in a way that limits damage and reduces recovery time and costs while complying with federal and state regulations. This includes communication/notices to the state superintendent upon detection of a cybersecurity event and communication to customers, insurers, and third-party service providers. This is part of an overall written security plan.
NCSL Security Breach Notification Laws by State
NCSL serves state legislators and their staff. This site provides general comparative information only and should not be relied upon or construed as legal advice
the 2026 & 2027 IIAMT Insurexpo
rsvp now
Join us in Billings and Helena for two powerful events that will elevate your independence, expand your knowledge, grow your network, and accelerate your career. This is your moment to take charge — and you won’t want to miss it.
Invest in your Agency’s Success.
You’ve chosen independence — but you’re never alone.
Partner with the IIAMT team and let us help carry the load, so you can focus on what really matters: growing your agency.