Services & Pricing

Service packages designed to meet you where you are in your compliance journey. Each can be engaged independently or combined for end-to-end readiness support. See our methodology for how the readiness process works.

Readiness Sprint

2–4 weeks

Estimated range: $8,000–$25,000

Market-informed estimate — actual pricing depends on scope and complexity.

Deliverables

  • ICT risk management framework gap analysis against DORA Art. 5–16
  • Third-party ICT register review and completeness assessment
  • Incident classification readiness evaluation against RTS criteria
  • Resilience testing programme assessment
  • DORA compliance roadmap with prioritized remediation tasks
  • Management body briefing on obligations and residual gaps
Get Started

Remediation Program

4–12 weeks

Estimated range: $15,000–$60,000

Market-informed estimate — actual pricing depends on scope and complexity.

Deliverables

  • ICT risk management framework development or enhancement to DORA standards
  • Incident classification and reporting procedures aligned with RTS requirements
  • Third-party ICT risk strategy and register build-out
  • BCP/DR plan updates with DORA-specific RTO/RPO requirements
  • ICT change management procedure enhancement
  • ICT asset register build-out with dependency mapping and criticality classification
Get Started

Audit & Examination Support

During assessment

Estimated range: $5,000–$20,000

Market-informed estimate — actual pricing depends on scope and complexity.

Deliverables

  • Regulatory examination preparation and readiness walkthrough
  • Evidence assembly and organization for competent authority review
  • ICT register documentation and completeness verification
  • Resilience test coordination and results packaging
  • Management body documentation and governance evidence preparation
Get Started

Continuous Compliance

Ongoing (monthly)

Estimated range: $3,000–$10,000/mo

Market-informed estimate — actual pricing depends on scope and complexity.

Deliverables

  • Quarterly ICT risk management framework reviews and updates
  • Annual resilience testing coordination and programme management
  • Third-party ICT register re-assessment and contract review cycles
  • Incident reporting readiness maintenance and tabletop exercises
  • Regulatory update tracking for RTS/ITS delegated acts and supervisory guidance
Get Started

Who Does What: RACI Matrix

A clear engagement model ensures that responsibilities are understood from day one. The matrix below shows who is Responsible (R), Accountable (A), Consulted (C), and Informed (I) for each workstream.

Workstream Founder / CEO CTO / VP Eng Security / Compliance Ops / COO HR Eng / SRE Reviewer
Approve scope and goals A C R C I I I
Control design and mapping I A R C C R C
Policy adoption A C R R C I I
Evidence collection I A R C C R I
Vendor management evidence I C R A I I I
Review coordination I C A/R C C C R