Targeted engagements when you need specific work done. Gap assessments, tabletop exercises, RFP responses, custom policy development — billed per project, scoped to your need.
A complete program engagement covers everything in the categories below — designed, implemented, and operated continuously.
Single-engagement assessment of your readiness against SOC 2 Trust Services Criteria with prioritized remediation roadmap.
ISMS maturity review and Annex A control gap analysis, scoped for cert decision-making.
Half-day or full-day facilitated sessions to build BCP, identify critical processes, define RTO/RPO.
Realistic scenario-based simulations to test your IR playbook with leadership and technical teams.
Detailed third-party risk reviews for critical vendors — security, privacy, financial stability, exit strategy.
Comprehensive handbook covering employment, conduct, technology use, OHS — BC-compliant.
Net-new policies for unusual scenarios, evolving regulations, or specific framework requirements.
We complete vendor security questionnaires and RFP compliance sections accurately and quickly.
Not every compliance need is a continuous program. Sometimes you need a SOC 2 gap assessment before deciding to pursue certification. Sometimes you need a tabletop exercise to test your incident response. Sometimes a customer's RFP demands compliance answers in 5 business days.
Our project-based services are designed for those moments — scoped engagements with clear deliverables, fixed pricing, and outcomes you can use immediately. Often the entry point to a longer relationship; sometimes a one-off when that's what you need.
Businesses with a specific, scoped compliance need — whether you're early in your journey (gap assessments) or mature (tabletops, custom policy development). Also a great fit for businesses that already have internal compliance staff and need surge capacity for specific projects.
