Davis Investigation Services

The setup

Davis Investigation Services is a Conroe, TX investigative and background-check firm that serves Fortune 500 employers, more than 100 government and public-sector clients, and organizations in regulated transportation and safety-sensitive industries. Their work runs through a platform that handles highly-sensitive consumer data, pre-employment screening records, DOT-regulated drug-and-alcohol program data, and investigation files — every piece of which is governed by overlapping federal regulations.

For a firm whose product is, essentially, evidence and trusted information, the IT layer is not a back-office convenience. It is the product.

What they were running into

The investigative and background-check industry has quietly become one of the most compliance-heavy verticals in the country. Davis operates under Fair Credit Reporting Act (FCRA) obligations, EEOC requirements on how consumer data is handled, DOT rules for transportation-sector programs, and an ever-growing set of state-level privacy statutes. On top of that, every Fortune 500 client runs a vendor-security review before signing — and those reviews have grown sharper year over year.

The practical effect: Davis needs an IT environment that can pass a large-enterprise vendor-risk assessment, survive a federal or state audit, and hold up under a plaintiff-attorney discovery request — all while remaining stable, fast, and available for the investigators who rely on it every day.

What we did

Hardened identity and access

Multi-factor authentication on every user and every admin path. Privileged-access separation so day-to-day accounts never carry the keys to the environment. Conditional access policies that restrict where and how the platform can be reached. Every access decision is logged and kept for audit.

End-to-end encryption and controlled data handling

Encryption at rest and in transit across the investigative platform, workstations, and backup chain. Consumer-report data flows are governed by retention and destruction schedules that match FCRA's permissible-use framework. Nothing stays longer than it should; nothing gets deleted before it legally can be.

Audit-ready logging and evidence

Centralized logging with retention that matches the longest of the applicable regulatory windows. When a Fortune 500 client's vendor-risk team asks for evidence that a specific control is in place — and they do ask — Davis can produce the attestation and the log excerpt without a scramble.

Disaster recovery sized for enterprise expectations

Backup tiers that include immutable, off-site copies designed specifically against ransomware scenarios. A written and tested recovery plan with RTO and RPO targets aligned to what Davis's enterprise clients expect from their vendors — not a vague promise that the backups exist.

What changed

Davis continues to win and retain enterprise engagements in an industry where the IT posture itself is frequently the deciding factor. Vendor-security reviews from Fortune 500 procurement teams close cleanly. Federal and state regulator touchpoints are met with prepared, documented answers instead of best-effort reconstructions.

Just as importantly, the infrastructure is quiet. Investigators can work the case, not the laptop.

Why the partnership has lasted

Mako has run Davis's IT for years across multiple generations of the compliance landscape — FCRA updates, state-level privacy laws that didn't exist when the relationship started, vendor-review questionnaires that have tripled in length. The work has matured alongside the business. That is what a 10-plus-year MSP relationship looks like in a regulated vertical: not a static set of tickets, but a shared track record.