Services & Pricing Service packages designed to meet you where you are in your compliance journey. Each can be engaged independently or combined for end-to-end readiness support. See our methodology for how the readiness process works.
Readiness Sprint 2–4 weeks Estimated range: $8,000–$25,000
Market-informed estimate — actual pricing depends on scope and complexity.
Deliverables Private information inventory across all SHIELD Act categories Safeguard gap assessment against § 899-bb(2)(b) administrative, technical, and physical requirements Breach notification readiness review against § 899-aa requirements Vendor security evaluation for key service providers Remediation roadmap with prioritized action items Executive readout with risk-ranked findings Get Started Remediation Program 4–12 weeks Estimated range: $15,000–$60,000
Market-informed estimate — actual pricing depends on scope and complexity.
Deliverables Security program development meeting § 899-bb reasonable security standard Safeguard implementation across administrative, technical, and physical categories Employee training program aligned with § 899-bb(2)(b)(i)(C) Vendor contract amendments incorporating safeguard requirements per § 899-bb(2)(b)(i)(E) Breach notification procedures and templates meeting § 899-aa requirements Disposal policy and procedures aligned with § 899-bb(2)(b)(iii)(D) Get Started Audit Support During assessment Estimated range: $5,000–$20,000
Market-informed estimate — actual pricing depends on scope and complexity.
Deliverables Attorney General inquiry preparation and response coordination Evidence documentation and organization for safeguard verification Safeguard sufficiency verification against § 899-bb requirements Breach response coordination and notification compliance support Get Started Continuous Compliance Ongoing (monthly) Estimated range: $3,000–$10,000/mo
Market-informed estimate — actual pricing depends on scope and complexity.
Deliverables Quarterly safeguard reviews across administrative, technical, and physical categories Annual risk assessment update per § 899-bb(2)(b) requirements Employee training refreshers and new-hire onboarding support Vendor re-assessment and contract compliance verification Breach notification readiness testing and tabletop exercises Get Started Who Does What: RACI Matrix A clear engagement model ensures that responsibilities are understood from day one. The matrix below shows who is Responsible (R), Accountable (A), Consulted (C), and Informed (I) for each workstream.
Workstream Founder / CEO CTO / VP Eng Security / Compliance Ops / COO HR Eng / SRE Reviewer Approve scope and goals A C R C I I I Control design and mapping I A R C C R C Policy adoption A C R R C I I Evidence collection I A R C C R I Vendor management evidence I C R A I I I Review coordination I C A/R C C C R
Important Disclaimers We provide NY SHIELD Act readiness, remediation, evidence preparation, and support. We do not issue compliance reports or provide attestations.
Any formal examination must be performed by an independent licensed firm where applicable.
Management remains responsible for defining scope, operating controls, and making management assertions.
We coordinate with auditors and reviewers, but we do not act as the auditor and do not guarantee outcomes.
Where privacy, employment, or customer-contract issues arise, legal counsel may be required in addition to readiness support.