FAQs
1) What services do you provide?
We help organizations prepare for and maintain compliance through readiness assessments, gap analyses, remediation roadmaps, evidence collection, and audit support across PCI DSS, SOC 2, ISO 27001, and NIST-based frameworks.
2) Do you help with PCI DSS (SAQ/ROC) readiness?
Yes. We support PCI scoping, gap assessments, remediation planning, evidence preparation, and pre-assessment “dry runs” to help you complete SAQ/ROC requirements more efficiently.
3) What does a typical engagement look like?
4) How long does a readiness assessment take?
We start with a short discovery call, then confirm scope and success criteria. From there we deliver a gap assessment, prioritized remediation plan, and an evidence checklist with ongoing support through audit readiness.
Most readiness assessments take 2–6 weeks, depending on scope (systems, locations, and documentation maturity). We can accelerate timelines for fixed deadlines.
5) What do you need from us to get an estimate?
6) Can you work remotely or onsite?
Framework(s), target deadline, environment scope (cloud/on-prem, # systems/apps, # locations), and whether you already have policies, risk assessments, and prior audit reports.
We are primarily remote and support clients nationwide. Onsite support can be arranged when needed for workshops, interviews, or evidence review sessions.
7) Do you sign NDAs and handle sensitive information?
8) How do you price your services?
Yes. NDAs are available upon request. We follow least-privilege access and secure evidence handling practices; we’ll provide a secure method for sharing documents.
Pricing depends on scope and timeline. We offer fixed-fee packages for defined deliverables (e.g., readiness assessments) and hourly advisory support for ongoing remediation and compliance operations.