So You’ve Been Named the Security Program's DQI...

Now What?

You may not have ask to be your company’s security officer. But now you’re responsible for HIPAA, GLBA, and FTC Safeguards – with no handbook and everyone looking to you for answers.

Your new DQI reality:

Your training benefits:

Perfect for: office managers, IT admins, and accidental security officers suddenly carrying the DQI title.

Edit Template

You didn’t ask for this role. But now everyone is counting on you.

Most DQIs were appointed because they were “good with computers” or “organized” – not because
they were trained in cybersecurity, risk, or compliance.

No real security background

You’re suddenly responsible for security policies, risk assessments, access controls, and incident response – with no real roadmap and no mentor.

High accountability, low clarity

Regulators and leadership expect you to “ensure compliance” with HIPAA, GLBA, and FTC Safeguards – yet nobody has defined what that looks like day-to-day for you.

Fear of getting it wrong

One incident, one breach, or one bad audit – and you’ll be asked why things weren’t in place. The risk feels high, and the guidance feels vague.

You’re not alone. In my work, roughly 8 out of 10 DQIs were appointed with no training, no transition plan, and often no extra time added to their day.

The only coaching program built specifically for first-time

Designated Qualified Individuals.

Clear role definition

Understand exactly what a DQI is expected to do, how it’s defined in HIPAA, GLBA, and FTC Safeguards – and where your legal responsibilities begin and end.

Simple, real-world frameworks

Learn how to build and maintain a security program using templates, checklists, and proven workflows – even if you’re not a “security person.”

Audit-ready documentation

Build the policies, procedures, and evidence your organization needs to defend itself during audits, examinations, or incident investigations.

Live guidance & support

Get direct, practical answers to your real situations – vendor reviews, risk questions, board updates, staff training, and more.

Edit Template

Hi, I’m Rod Andes. I train Information Security program managers.

30+ years in IT, security, and operational resilience. I’ve seen the reality behind compliance checklists and “paper-only” security programs.

Over the past three decades, I’ve worked with organizations that range from small clinics and professional practices to banks and regulated financial institutions. One pattern kept showing up: someone gets handed the security role without real preparation.

The office manager, IT admin, or operations lead suddenly becomes the Designated Qualified Individual – on top of everything else they’re already doing. No training. No roadmap. But full responsibility.

This coaching program exists to change that. I give you the context, tools, and step-by-step support you need to run a credible security program, speak confidently to leadership and auditors, and sleep better at night.

A step-by-step pathway from overwhelmed to fully capable.

The coaching is structured into clear phases so you always know what to focus on next –
instead of trying to fix everything at once.

Phase 1Role Clarity & Risk

Understand your DQI responsibilities, how regulators view the role, and where you’re most exposed today.

Phase 2Policies & Documentation

Build or fix your core security policies, procedures, and evidence so you can withstand basic scrutiny.

Phase 3Technical Safeguards & Vendors
Get a practical handle on access, backups, monitoring, and vendor risk without becoming a full-time engineer.
Phase 4Audits, Reporting & Training
Prepare for audits and exams, design staff training, and learn how to report meaningfully to leadership.
Phase 5Ongoing Operations
Turn your one-time effort into a sustainable, realistic security program that fits your actual workload.
Download the Full 6-Week DQI Curriculum Overview

Everything you need to succeed as your company’s DQI.

Weekly coaching calls

Live group sessions (with time for questions) focused on the specific tasks and decisions DQIs face in regulated environments.

Policy toolkit

Templates and samples for policies, risk registers, vendor reviews, incident logs, training records, and more.

Checklists & workflows

Step-by-step checklists so you know exactly what to do monthly, quarterly, and annually to stay in control.

Q&A and office hours

Bring your real-world questions: a vendor security questionnaire, a scary email from a regulator, or a board request you’re not sure how to answer.

Stop guessing. Start leading.

Real people. Real results.

If you’re just starting out as a DQI, you don’t need hype – you need confidence that this
will actually help you do the job.

“Before this, I had no idea what a DQI was supposed to do. Now I can explain our security posture to my CEO in plain language and back it up with documentation.”

Office Manager, Healthcare Clinic

“Rod cut through the noise and gave me a simple plan: what to fix this month, what can wait, and what really matters to regulators.”

IT Lead, Regional Financial Services Firm

“The checklists and templates alone were worth it. It turned vague ‘be secure’ advice into concrete, manageable tasks.”

Operations Director, Professional Services

Start with the free guide: “So You’ve Been Named the DQI… Now What?”

A short, practical mini-ebook that explains what the DQI role actually is, what’s at stake,
and the first steps you should take in the next 30 days.

Inside the guide, you’ll learn:
  • What “Designated Qualified Individual” actually means in plain English
  • The biggest mistakes new DQIs make in the first 90 days
  • How to quickly assess where your security program really stands
  • How to talk to leadership about risk without fear-mongering
  • Which tasks you should prioritize this month – and what can wait

DQI Quickstart

Perfect for small environments
$ 497
90-minute kickoff
Templates Pack
30-Day Support
DQI Checklist
Evidence Log
Invitation to open roundtables

DQI 1-0n-1 Coaching

Most popular
$ 1,497
Everything in Quickstart
6 Weekly Coaching Sessions
Full DQI Confidence System
Customized Policy Review
Personalized Risk Map
Invitation to open roundtables
Most Popular

DQI Premium

Best for healthcare and financial services
$2,997 $ 1,997
Everything in 1-on-1
Annual Program Buildout
Vendor Management Overview
Incident Response Chaching
On-call Support for 90 Days
Invitation to open roundtables
2025 Pricing

In order to ensure the best customer service, please schedule a call with me to ensure we provide you with the best information.

Edit Template

Tell me a bit about your DQI situation.

Send a short overview and I’ll follow up with options for joining the coaching program and
how to position this as approved training with your leadership.

Questions you might have right now.

What exactly is a Designated Qualified Individual (DQI)?
In short, it’s the person your organization names as being responsible for overseeing its information security program. Different regulations describe it slightly differently, but the idea is the same: one accountable individual.
Do I need a technical cybersecurity background?
No. This coaching is built for non-security professionals who have been given security responsibilities. We focus on practical risk, governance, and communication – not turning you into a full-time engineer.
Will my company pay for this?
In many cases, yes. Organizations often treat this as professional development, compliance, or risk management training. I can help you frame this properly for your leadership or HR.
How much time will this take each week?
Plan for roughly 1–2 hours per week for coaching and materials, plus any time you choose to spend applying what you learn inside your organization.
Is this only for healthcare or financial services?
The coaching is especially relevant if you’re under HIPAA, GLBA, or the FTC Safeguards Rule, but the principles also apply to other regulated and professional service environments.
Can you guarantee regulatory compliance?
No one can guarantee compliance – it’s a shared responsibility with your organization. What I can offer is a structured, practical way to build and run a much stronger, more defensible security program.
What’s the difference between regulation and framework?
Government regulations like HIPAA, GLBA and FTC Safeguards layout general requirements while frameworks such as NIST, ISO, HITRUST and SOC 2 define specific controls.