02 / Compliance-led teams · Most Popular

The Compliance
Engine™

"We secure your environment, prove it to auditors, and reduce your human risk." Security operations plus evidence generation, access reviews, audit support, and security awareness — managed continuously.

Book a Fit Call From €120/user/month

Who it's for

For SaaS companies
pursuing ISO 27001 or SOC 2.

The Compliance Engine™ is the right tier when compliance certification is on your roadmap — or when investors, enterprise customers, or partners are asking for formal proof of your security program.

On top of the full Security Baseline™ operations, this tier adds monthly evidence pack generation, quarterly access reviews, phishing simulations, security awareness training, and direct audit support from Stage 1 through Stage 2.

Security questionnaire support is capped at 4 per quarter — enough to handle your enterprise sales pipeline without it becoming a drain on your team.

Tier details

Pricing From €120/user/month
Minimum seats 40 users
Commitment 12-month minimum
Helpdesk SLA 4h standard / 2h critical
Questionnaires Up to 4/quarter
Book a Fit Call

Full scope

Everything included
in The Compliance Engine™.

Everything in The Security Baseline™

  • SSO & MFA enforcement (Entra ID / JumpCloud)
  • MDM — endpoint hardening & patching
  • EDR monitoring & response (Huntress 24/7)
  • Password manager management (1Password)
  • Network security & firewall management
  • DNS security & email protection
  • Cloud backup management + monthly test restores
  • Security awareness training + quarterly phishing sims
  • Automated user onboarding & offboarding
  • Monthly security posture report
  • Monthly CTO briefing call (15 min)
  • Annual security posture re-assessment

Compliance additions

  • Compliance dashboard (real-time)
  • Evidence packs — mapped to ISO/SOC 2/PCI (quarterly)
  • Quarterly access reviews — all systems in scope
  • Policy review cycle management
  • External audit support — Stage 1 and Stage 2
  • Security questionnaire support (up to 4/quarter)
  • Incident response playbook — maintained, tested annually
  • vCISO advisory & risk register (2 hrs/month)
  • SLA upgrade: 4h standard / 2h critical

When to upgrade

Move to The Full Fortress™ when…

Trigger 01

Board or investors request security reporting

Quarterly board-ready security reporting, risk register, and executive briefings require the Full Fortress™ tier.

Trigger 02

You handle regulated data

Health data, financial data, or government-adjacent contracts require a higher-level security posture and more rigorous governance.

Trigger 03

CTO wants to offload security strategy entirely

Monthly vCISO sessions, risk register management, and strategic security roadmapping are Full Fortress™ capabilities.

See The Full Fortress™ →

What you receive

Audit evidence.
Generated monthly.

ISO 27001 and SOC 2 evidence packs generated automatically every month — ready for your auditor.

evidence-pack-v2.1 / table-of-contents
A.5_information_security_policies8 docs
A.6_access_control12 items
A.8_asset_management6 items
A.12_operations_security9 items
A.16_incident_management5 items
A.18_compliance4 items
total_evidence_artifacts47
Updated and delivered every month

Ready to start?

Stop carrying
security alone.

Book a 30-minute fit call. No sales pitch. Just an honest conversation about where you stand and what it takes to get audit-ready.

Book a Fit Call Get Your Free Snapshot →

30-minute discovery call · No commitment · Europe & USA