Our process

Assess. Build. Run.
In that order.

Three phases, one outcome: a security program that holds up under audit, satisfies enterprise customers, and runs without requiring your CTO's attention. Here's exactly how we get there.

2–3 weeks for the
Security Assessment
90 days from Assessment
to audit-ready
6 Sprint phases covering
every control domain
3 compliance frameworks
evidence-pack ready

The engagement model

Three phases.
One security program.

Each phase builds on the last. You don't skip steps. You don't get surprises. And at the end of each phase, you have something concrete in hand.

01
Security & Compliance Baseline Assessment · 2–3 weeks · €2,500

We map every gap.

Before we touch anything, we need to know exactly what we're dealing with. In 2–3 weeks, we conduct a structured assessment across every major security control domain — identity and access, endpoint security, backup and recovery, logging and monitoring, offboarding processes, and policy gaps.

You get a prioritized remediation roadmap, an executive summary for leadership, and a clear picture of exactly what stands between your company and audit readiness. The €2,500 fee is fully credited toward the Sprint.

Identity & Access Review Endpoint Posture Backup & Recovery Policy Gaps Compliance Exposure Prioritized Roadmap
02
The 90-Day Accelerator · 12 weeks · €28,000 fixed

We implement every control.

The 90-Day Accelerator takes the Assessment roadmap and executes it — completely. Six structured phases cover every technical and organizational control required for ISO 27001 or SOC 2 audit readiness. Fixed scope. Fixed price. No surprises.

At the end of the Sprint, you have a fully implemented security baseline, a complete policy pack, an evidence pack v1 ready for your audit, and a transition plan into managed services.

SSO & MFA MDM Enrollment EDR Deployment Backup & Recovery Policy Pack Evidence Pack v1
03
Managed Security · Ongoing · From €85/user/month

We take over and keep it running.

After the Sprint, we don't hand over a stack of documents and disappear. We become your managed security function. Endpoint management, identity operations, compliance maintenance, and — at the higher tiers — fractional CISO advisory.

Your CTO focuses on product. Your team focuses on growth. We handle the security program that your auditors, investors, and enterprise customers expect to see.

The Security Baseline™ The Compliance Engine™ The Full Fortress™ vCISO Advisory Evidence Packs

Inside the Sprint

What 90 days actually
looks like.

The Sprint runs across six structured phases, each with defined deliverables and clear ownership. You always know where you are and what's coming next.

Weeks 1–3
Identity & Access Hardening
SSO consolidation, MFA enforcement across all systems, conditional access policies, least-privilege review, and JML (joiner-mover-leaver) workflow implementation.
Weeks 3–5
Endpoint & Device Security
MDM enrollment for all devices, full disk encryption enforcement, patching cadence configuration, and EDR deployment with baseline detection rules.
Weeks 5–7
Backup & Recovery
Cloud backup implementation for M365 or Google Workspace, retention policy configuration, recovery testing with documented results, and RTO/RPO baselining.
Weeks 7–9
Logging & Monitoring
Centralized logging configuration, security alert rules, baseline detection for identity and endpoint events, and audit log retention aligned to compliance requirements.
Weeks 9–11
Policy & Documentation
6–8 core security policies written and approved (acceptable use, data handling, access control, incident response, business continuity, vendor management). Evidence pack v1 compiled and formatted for ISO 27001 or SOC 2.
Weeks 11–12
Awareness & Handover
Security awareness baseline training for all staff, offboarding automation with timestamped audit trail, managed service transition plan, and final Sprint readout with the founding team.

After the Sprint

Your security program,
permanently maintained.

The managed service isn't a support contract. It's the ongoing operation of the security baseline we built. Three tiers to match where you are and where you're going.

01
The Security Baseline™
From €85/user/month

Endpoint management, identity operations, backup, and documented offboarding. Your environment, running securely. No surprises.

Learn more
02 · Most Popular
The Compliance Engine™
From €120/user/month

Everything in The Security Baseline™ plus evidence packs, access reviews, audit support, phishing simulations, and security awareness training.

Learn more
03
The Full Fortress™
From €165/user/month

Full security ownership including vCISO advisory, board reporting, vendor risk assessments, tabletop exercises, and policy governance.

Learn more

All tiers require a completed Assessment or Sprint · 12-month minimum · See full pricing →

Ready to start?

Start with a
Security Assessment.

A 2–3 week deep-dive into your full security posture. Prioritized findings, a remediation roadmap, and a clear path to audit readiness. €2,500 — fully credited toward the Sprint.

Book a Fit Call

30-minute discovery call · No commitment · Europe & USA

or
Take the free Security Snapshot

2 minutes · Zero commitment · Instant security grade