| Engagement | Delivery | Price (€/mo.) |
|---|---|---|
|
One day per week Suitable for organisations needing strategic oversight and decision support without day-to-day operational involvement. |
Remote induction with semi-annual on-site alignment. |
5,600
|
|
Two days per week Suitable for organisations requiring active support across functions and ongoing operational guidance. |
On-site induction with semi-annual on-site alignment. |
11,200
* 9,500
|
|
Three days per week Suitable for organisations whose needs approach full-time leadership without justifying a dedicated hire. |
On-site induction with quarterly on-site alignment. |
16,800
* 14,200
|
What’s included:
- Rapid induction in month one, including up to two days of discovery work at no additional cost
- Rolling monthly engagement with one month notice period
- Support hiring or building the profile internally when you are ready to transition to a full-time executive
- Discounted rates (-15%) applicable from month seven *
Implementation projects
Project cost depends on organisational complexity, portfolio diversity, and your current state — such as current practices, maturity of business processes, existing documentation, etc. Each project is scoped individually based on your needs. We bill time and materials, at a rate of 1,280 €/day .
| Service | Delivery | Typically (€) |
|---|---|---|
|
Risk framework implementation Suitable for organisations looking to consolidate risk management across business functions. Includes establishing a risk governance structure, methodology design, definition of workflows, team training & support, risk assessment support, integrated risk register and management report. |
Remote, with three on-site sessions: kick-off, risk assessment & training, management report & closing. Duration 3 – 6 months |
19,200 – 43,500
|
|
ISO/IEC 27001 ISMS implementation Suitable for organisations looking for a managed process to ISO/IEC 27001 certification. Includes ISMS implementation — organisational context analysis, scoping, gap analysis, security governance structure design, risk assessment support, risk treatment planning, statement of applicability (SOA), policy development, control design, control implementation support, stakeholder training — as well as management reporting, support in documentation and evidence management, and audit support. |
Remote, with four on-site sessions: kick-off, risk assessment & treatment plan approval, management review and audit support. Duration 6 – 12 months |
48,600 – 98,600
|
|
ISO/IEC 27001 compliance advisory Suitable for organisations with established security management capability needing guidance and advice to ISO/IEC 27001 alignment and certification. Includes guidance on ISO/IEC 27001 requirements, overview of the certification process, gap analysis, weekly progress check-ins, as well as on-demand reviews and advice. |
Remote, with optional paid on-site presence for key events. |
12,800 – 25,600
|
|
Compliance readiness Suitable for organisations targeting compliance with one of the supported frameworks: GDPR, DORA, NIS2, CRA, PCI DSS, PCI Secure SLC, etc. Includes gap analysis & remediation plan, implementation support, documentation and evidence management, team training, as well as audit support where applicable. |
Delivered either as a managed process or advisory service. |
|
Ranges shown above represent typical service price and project duration for small to medium enterprises (SMEs). When planning however, you should account for costs beyond what we bill, such as: internal staff efforts, auditors, certification bodies where applicable, etc. If you want to get more insight on how different cost factors scale, as well as how to plan properly for success, the following ISO/IEC 27001 budget planning write-up is one of the best out there.
If something looks too good to be true, then it almost certainly is!
When researching implementation cost and timelines, make sure you rely on credible sources. There is a lot of misinformation on the internet, and we have noticed a lot of AI-generated content on the topic in which the numbers simply don’t add up — we have nothing against the use of AI, but we are strongly against misinformation.
The same goes for tools and template packs that promise almost instant compliance. While tools and templates are very useful, signing off a policy without implementing it in practice is one of the “worst offences” in security compliance, and a recipe for failure. Your customers, the industry and public authorities are interested in pragmatic but true security — not security theater .
Need to meet a compliance deadline?
If you’re facing regulatory deadlines or certification requirements with tight timelines, compressed implementation is possible. Feasibility and time gained depend on availability, your commitment, and risk tolerance. We concentrate the work into higher monthly intensity with primary focus on meeting requirements efficiently, de-prioritising capability development.
Total cost typically remains similar to standard timelines. What changes is delivery speed at the expense of reduced knowledge transfer and overall maturity. Note that if you choose this route you should plan for a follow-up after reaching your milestone in order to achieve sustainable capability — often required for continued compliance. We don’t recommend this approach unless you absolutely need it.
Advisory work is purchased as 5-hour packages, valid for 30 days. For ongoing access over multiple months, multiple packages can be purchased as a light retainer. Predefined assessments are available at fixed prices.
| Service | Deliverables | Price (€) |
|---|---|---|
|
Organisation context analysis Facilitated analysis based on a structured workshop (up to four stakeholders) using SWOT, PESTLE, and Porter’s Five Forces frameworks. |
Organisational context report, consolidating internal capabilities, external factors and competitive environment, suitable for strategic planning, threat identification and compliance documentation. |
6,400
|
|
Maturity review Assessment of current security or risk practices, with included organisational context analysis. |
Report on organisational context, the state of current practices, proposed target state based on organisational context, as well as recommendations on achieving the proposed target state. |
10,200
|
|
Advisory package Five hours of expert consultation, used flexibly within 30 days. |
Expert consultation on security or risk topics of your choice — used for second opinions, guidance, risk assessment facilitation, or ad hoc questions. |
800
|
Other fixed-price deliverables, such as gap analysis against specific frameworks or security architecture reviews, can be arranged on request.
If you are a charity, cooperative, social enterprise, or any organisation genuinely advancing human welfare and environmental protection, we offer up to 30% lower rates. Legal structure is not what qualifies you — actual practice is. Reach out and we can check if our values align.