Services & Pricing Service packages designed to meet you where you are in your compliance journey. Each can be engaged independently or combined for end-to-end readiness support. See our methodology for how the readiness process works.
Readiness Sprint 2–4 weeks Estimated range: $8,000–$25,000
Market-informed estimate — actual pricing depends on scope and complexity.
Deliverables CDE scoping and network segmentation review SAQ or ROC determination based on transaction volume and merchant level PAN discovery scan across all in-scope storage locations Control gap analysis against all 12 PCI DSS v4.0.1 requirements Remediation roadmap with risk-ranked priorities QSA engagement planning and assessment timeline Get Started Remediation Program 4–12 weeks Estimated range: $15,000–$60,000
Market-informed estimate — actual pricing depends on scope and complexity.
Deliverables Network segmentation implementation and validation Encryption deployment for stored cardholder data and data in transit Access control hardening including MFA rollout and role-based access implementation Logging and monitoring setup with SIEM integration and daily review procedures Vulnerability management program with scanning schedules and remediation workflows Policy and procedure documentation covering all 12 PCI DSS requirements Get Started Audit Support During assessment Estimated range: $5,000–$20,000
Market-informed estimate — actual pricing depends on scope and complexity.
Deliverables QSA coordination and scheduling management Evidence package assembly organized by PCI DSS requirement Penetration test coordination with qualified testing firms ASV scan management including remediation and rescan cycles Exception and compensating control documentation Get Started Continuous Compliance Ongoing (monthly) Estimated range: $3,000–$10,000/mo
Market-informed estimate — actual pricing depends on scope and complexity.
Deliverables Quarterly ASV external vulnerability scans with remediation support Quarterly internal vulnerability scans and trending analysis Daily log review monitoring with escalation of security events Annual penetration testing coordination and remediation tracking Policy review and update to reflect environmental and regulatory changes Get Started Who Does What: RACI Matrix A clear engagement model ensures that responsibilities are understood from day one. The matrix below shows who is Responsible (R), Accountable (A), Consulted (C), and Informed (I) for each workstream.
Workstream Founder / CEO CTO / VP Eng Security / Compliance Ops / COO HR Eng / SRE Reviewer Approve scope and goals A C R C I I I Control design and mapping I A R C C R C Policy adoption A C R R C I I Evidence collection I A R C C R I Vendor management evidence I C R A I I I Review coordination I C A/R C C C R
Important Disclaimers We provide PCI DSS v4.0.1 readiness, remediation, evidence preparation, and support. We do not issue compliance reports or provide attestations.
Any formal examination must be performed by an independent licensed firm where applicable.
Management remains responsible for defining scope, operating controls, and making management assertions.
We coordinate with auditors and reviewers, but we do not act as the auditor and do not guarantee outcomes.
Where privacy, employment, or customer-contract issues arise, legal counsel may be required in addition to readiness support.