Pricing

Pricing that scales with your stage.

Every engagement is scoped to your frameworks, team size, and goals. The starting points below give you a clear sense of investment before we ever get on a call.

01

Compliance Launch

From $5K/ mo

Adjusts based on the frameworks in scope.

Timeline
3–12 months
Best for
Early-stage or first-time compliance

Includes

  • GRC platform implementation
  • Control mapping & gap analysis
  • Policy development
  • Risk management setup
  • Audit readiness
Most popular
02

Program Management

From $3K/ mo

Up to 20 employees.
+$1K/mo per additional 50 employees.

Timeline
Annual
Best for
Teams that need operational ownership

Includes

  • Continuous control oversight
  • Evidence management
  • Audit coordination
  • Framework maintenance
  • Ongoing compliance management
03

Strategic Advisory

Custom

Scoped to the advisory services you select.

Timeline
Multi-year
Best for
Programs needing strategic guidance

Includes

  • Compliance maturity planning
  • Governance strategy
  • Executive reporting
  • Embedded GRC leadership
  • Long-term advisory support
  • Scale & vertical expansion

How pricing works

Ruleset pricing reflects the scope of your program. This includes the compliance frameworks you're pursuing, your current program maturity, and the level of ongoing ownership required. The figures above are starting points. Every engagement begins with a discovery call to define scope and provide fixed, predictable pricing before work begins.

Book a scoping call

Or work with us project-by-project

Project-Based Advisory

Hire us for a specific deliverable, audit deadline, or short-term workstream — without a long-term commitment. Ideal for teams that need senior compliance and security expertise on a defined scope.

Pricing scoped to your project.

Contact us

Examples: audit prep sprint · gap assessment · GRC platform cleanup · vendor risk assessment · customer security questionnaire support · post-audit remediation

Additional Services

Layer on what you need.

Add any of these to a Buildout, Program Management, or Advisory engagement. Scoped and priced with your plan.

+

Fractional CISO

Senior security leadership on demand, without a full-time hire.

+

Penetration Testing

Simulated attacks to surface vulnerabilities before auditors or attackers do.

+

Managed Vulnerability Scanning

Continuous scanning and remediation tracking across your environment.

+

Internal Audit

Independent review of controls and evidence ahead of formal audits.

+

Cloud Remediation

Our cloud team fixes the misconfigurations and findings your GRC platform surfaces.

+

M&A & Vendor Diligence

Security and compliance reviews for deals, partners, and vendors.