Pricing
Pricing without the sales call.
Five tiers. The first is free. Three are fixed-price projects. One is a month-to-month retainer, half fee on month one.
Tier 0
Readiness Call
Tier 1
Day-Zero Diagnostic
Tier 2
Compliance Framework Roadmap
Tier 3
Stack Setup Sprint
Tier 4
Fractional CIO and CISO Retainer
Not sure which tier fits your stage?
30 minutes. Three risks named. No commitment. We will figure out together which tier is right.
Tier 0
Readiness Call
Free
- Duration
- 30 min
- Deliverables
- Three risks named in your stack
- Risk mitigator
- Zero commitment
Tier 1
Day-Zero Diagnostic
from $1,500
- Duration
- 1 week
- Deliverables
- Stack recommendation, 12-month roadmap, and "do not buy" list
- Risk mitigator
- Fixed scope and price
Tier 2
Compliance Framework Roadmap
from $7,500
- Duration
- 2 to 3 weeks
- Deliverables
- Single-framework gap analysis, controls inventory, and 12 to 24-month remediation plan
- Risk mitigator
- Fixed scope and price
Tier 3
Stack Setup Sprint
from $12,000
- Duration
- 1 to 3 weeks
- Deliverables
- Baseline company-side stack configured for agreed systems, with handoff documentation
- Risk mitigator
- Fixed scope and price
Tier 4
Fractional CIO and CISO Retainer
from $8,000/mo
- Duration
- Month-to-month
- Deliverables
- Monthly fractional CIO and CISO support for agreed priorities, including executive advisory, vendor and security review support, policy work, roadmap execution, and an IT and security operating cadence
- Risk mitigator
- Scope and cadence defined before kickoff
Start with the level of help you need now. Move from readiness call to diagnostic, roadmap, implementation sprint, or ongoing fractional CIO and CISO support as your company grows.
Retainers are scoped before kickoff. Some clients need a light advisory cadence. Others need active ownership of vendor reviews, policies, security questionnaires, roadmap execution, and executive decision support.
Not for companies looking for 24/7 help desk, device firmware engineering, or regulatory submission ownership.
The Compliance Framework Roadmap covers a single framework; multi-framework engagements happen inside the Fractional CIO and CISO Retainer. Implementation execution is in the retainer, not the Roadmap.
First month half fee. If we are not the right fit, you can end the engagement.
The Fractional CIO and CISO Retainer is half fee for the first month, from $4,000. Month-to-month with 30-day notice. The cost of a bad senior advisor is not the fee; it is the decisions made in the first 30 days. Half fee gives you 30 days to decide.
What we do not do
Not us
Fixed-price audit-readiness sprints
Implementation has variable scope and lives inside the Fractional CIO and CISO Retainer, billed by the month.
Not us
Ongoing help desk and 24/7 IT operations
Day-to-day support is an MSP function. We help you select an MSP and oversee them. One-time environment setup is the Stack Setup Sprint.
Not us
Device firmware and embedded software security
That stays with R&D.
Not us
Certification or audit guarantees
Auditors certify; we prepare.
Not us
Cyber insurance underwriting
Carriers underwrite; we help you prepare the application.
Not us
Tool resale or referral commissions
Our incentive is to keep your tool spend honest.
Not us
Generic SMB or non-medtech engagements
We do medical device, SaMD, IVD, and life science.