Fixed scope, fixed price

Packs and pricing

Fixed scope. Concrete artefact lists. Inspectable samples. Delivered in days with implementation notes.

Get a recommendation Download sample pack

Compare packs at a glance

Buyer-focused comparison. Fixed scope only feels safe when you can see it.

Pack Coverage Doc count Mapping and evidence Delivery Revisions Care Plan
Express Pack
€1,200
 One requirement set: ISO 27001, SOC 2, GDPR, NIS2, NIST CSF, CIS Controls 8 to 12 core docs Included 2 to 5 business days 2 rounds Optional
Most popular
Tailored Core Pack
€2,500
 One requirement set: ISO 27001, SOC 2, GDPR, NIS2, NIST CSF, CIS Controls About 20 docs plus mappings Included 5 to 10 business days 2 rounds Included (year 1)
Compliance Plus Pack
From €5,000
 Two requirement sets integrated (examples: ISO 27001 + SOC 2, ISO 27001 + GDPR, NIST CSF + CIS Controls) About 30 to 40 docs (crosswalk) Included 5 to 10 business days 2 rounds Included (year 1)
Enterprise Custom
From €10,000
 Multi requirement scope and regulated environments (examples: complex audits, DORA adjacent documentation, multi stakeholder rollouts) Defined in scope Included Scoped on call Defined in scope Defined in scope

Doc counts vary slightly with scope and existing material. The artefact list is concrete on each pack section below.

Pack details

Concrete artefacts, plus what you still need to do after delivery.

Pack

Express Pack

Fast baseline for one requirement set

€1,200
2 to 5 business days · 2 rounds
What’s included
  • Core policy set (starter scope)
  • Evidence checklist template (starter)
  • Reviewer-ready PDF export
  • Implementation notes (starter playbook)
  • One handover call
Artefact list (examples)
  • Information Security Policy
  • Access Control Policy
  • Password and MFA Standard
  • Asset Inventory template
  • Risk Register template
  • Security Awareness Procedure
  • Incident Response Quick Guide
  • Supplier Security Checklist
  • Evidence checklist (starter)
  • Implementation notes (starter)

Lists are representative. Your actual pack is tailored to your tooling and owners without changing the fixed artefact structure.

Trust booster

After delivery, you still need to

  • Assign document owners and approve the documents
  • Configure controls in your environment (MFA, logging, backups)
  • Start collecting evidence using the checklist (access reviews, vuln scans)
  • Use the notes to close reviewer questions
Get a recommendation Download sample pack
Pack

Tailored Core Pack Most popular

Audit readiness under a real deadline

€2,500
5 to 10 business days · 2 rounds
What’s included
  • ≈20-document suite (policies + procedures)
  • Control mapping workbook
  • Evidence checklist template
  • Implementation notes and rollout playbook
  • Two revision rounds
  • Handover call
Artefact list (examples)
  • Information Security Policy
  • Risk Management Policy + Risk Register
  • Access Control Policy + Joiner/Mover/Leaver procedure
  • Logging and Monitoring Policy
  • Backup and Restore Policy
  • Secure Configuration Standard
  • Vulnerability Management Procedure
  • Change Management Procedure
  • Incident Response Policy + Playbook
  • Business Continuity overview + test checklist
  • Supplier Security Policy + assessment template
  • Data Classification + Handling Standard
  • Security Training and Awareness Procedure
  • Exception/Risk Acceptance template
  • Control mapping workbook (your chosen requirement set)
  • Evidence checklist (reviewer-ready)
  • Implementation notes (with common pitfalls and evidence cues)

Lists are representative. Your actual pack is tailored to your tooling and owners without changing the fixed artefact structure.

Trust booster

After delivery, you still need to

  • Assign owners and approve the documents
  • Implement and configure controls (MFA, access reviews, logging, backups)
  • Run evidence activities (access reviews, vuln scans, supplier reviews)
  • Use the checklist to keep reviewers satisfied
Get a recommendation Download sample pack
Pack

Compliance Plus Pack

Two requirement sets in one coherent system

From €5,000
5 to 10 business days · 2 rounds
What’s included
  • One coherent document set covering both frameworks or regulations
  • Crosswalk mapping where relevant (for example ISO 27001 to SOC 2)
  • Evidence checklist (dual-use)
  • Implementation notes and rollout plan
  • Two revision rounds
  • Handover call
Artefact list (examples)
  • Core suite (as in Core)
  • Control mapping workbook for each framework or regulation
  • Crosswalk worksheet where relevant (for example ISO 27001 to SOC 2)
  • Evidence checklist (dual-use)
  • Implementation notes and rollout plan

Lists are representative. Your actual pack is tailored to your tooling and owners without changing the fixed artefact structure.

Trust booster

After delivery, you still need to

  • Choose the audit order (ISO first, SOC first, or parallel)
  • Assign owners and approve the documents
  • Implement control operations and start evidence capture
  • Use the crosswalk to avoid duplicated work in reviews
Get a recommendation Download sample pack
Pack

Enterprise Custom

Regulated or complex organisations with bespoke scope

From €10,000
Scoped on call · Defined in scope
What’s included
  • Bespoke artefact list and timeline
  • Custom mapping and evidence approach
  • Stakeholder workshops as needed
  • Defined revision policy in scope
Artefact list (examples)
  • Defined during scoping

Lists are representative. Your actual pack is tailored to your tooling and owners without changing the fixed artefact structure.

Trust booster

After delivery, you still need to

  • Execute the agreed rollout plan and evidence plan
  • Run governance cadence (risk reviews, access reviews, supplier reviews)
  • Maintain versioning and change log (Care Plan optional)
Get a recommendation Download sample pack

Audit-ready Care Plan

Quarterly update cycles and light support to keep your documentation coherent as your organisation changes. Included in year 1 with Tailored Core and Compliance Plus.

Included

What it covers

  • Up to 4 update cycles per year (quarterly)
  • Change log and versioning maintained
  • Support for small organisational changes (roles, tools, vendors)
  • Framework update guidance (documentation impact)
  • Target response time: 3 to 5 business days for requests
  • Pricing: €600 per year (Express), €1,200 per year renewal (Tailored Core), €1,800 per year renewal (Compliance Plus)
Update triggers

When updates happen

  • Tooling changes (IdP, ticketing, logging, backups)
  • Org changes (new teams, new owners, new vendors)
  • Audit feedback requiring documentation changes
  • Framework updates impacting document wording or evidence
Excluded

What is not included

  • New framework rollouts (scoped separately)
  • Legal interpretation (GDPR/NIS2)
  • Implementation work inside your environment

Commercial summary

Procurement-friendly summary of how engagements run.

  • Fixed price, fixed artefact list, fixed revision rounds.
  • Deposit to start. NET 7 payment terms (unless agreed otherwise).
  • Remote delivery. Handover call included.
  • Change requests handled as a scoped add-on.
Get a recommendation Download sample pack