Managed Compliance

Managed Compliance

Unlock new business growth by leveraging the Genius GRC team to fully manage your compliance program. Our experts routinely implement, manage, and monitor SOC 2, ISO 27001, PCI, HIPAA, FTC Safeguards, CMMC, and others!

Pricing

Startup

Growth

Enterprise

Core Price

$4,100/month

$5,200/Month

Request Proposal

Company Size

5 - 100

100 - 200

200+

Advisory CISO Office Hours
Includes a personally assigned Advisory CISO with direct access to via dedicated Slack or Teams channel along with advisory meetings.
Included
Includes a personally assigned Advisory CISO with direct access to via dedicated Slack or Teams channel along with advisory meetings.
Included Frameworks
Requires active Vanta subscription and is limited to a single compliance framework.
SOC 2 Type 1

SOC 2 Type 2

ISO 27001

HIPAA

PCI

FTC Safeguards Rule
If adding as 2nd framework, $1,000/month. 3 or more frameworks require custom proposal.
Complete Audit Assurance
Our team will work with yours to ensure everything is audit ready.

Included

Complete Audit Management
Our team will manage and coordinate with your auditors directly.

Included

Vanta Quick Start Deployment
Includes initial Vanta configuration, company information, notifications, integrations, and user permissions. Does not include Vanta licensing.

Included

Compliance Management & Monitoring
Includes ongoing daily and weekly monitoring of all elements required to meet compliance.

Included

Vanta Integration Management
Continuously manage and monitor all integrations.

Included

Custom Integrations
Integrate on-premise applications, private cloud, or unsupported SaaS applications using private integrations. This is a one-time setup fee.
$1,000/application
One time setup fee.
Policy Management
Include creating new policies from templates with full customization. Also includes ongoing policy management, reviews, and approvals.

Included

Personnel Management
Includes organizing personnel based on teams, departments, or other org structure.

Included

Personnel Checklist Management
Includes complete and ongoing checklist management to ensure each team member accepts the correct policies applicable to them, security awareness assignments. Also ensures onboarding and offboarding tasks are properly assigned and tracked.

Included

Framework Control Management & Monitoring
Includes ensuring each control matches the reality of the organization, ownership assigned, and continuously monitored.

Included

Control Test Management & Monitoring
Includes managing and monitoring automated tests to ensure remediation occurs within defined SLA’s

Included

Manual Evidence Management & Monitoring
Includes managing and monitoring manual evidence to ensure renewal occurs within defined SLA’s. Our team will also review each piece of evidence to ensure it meets the audit requirement.

Included

Vendor Management
Includes full vendor registry management. Also, each new vendor will be risk scored. Our team will also perform annual security reviews on each high-risk vendor.

Included

Risk Assessment and Management
Includes an initial (and annual) risk assessment covering fraud risk, access control, asset management, business continuity, operational risk, and personnel risk.

Included

Incident Response Tabletop
Includes guided IR Tabletop with your team annually.

Included

Disaster Recovery Tabletop
Includes guided DR Tabletop with your team annually. It does not include technical DR implementation or testing.

Included

Managed Access Review
Includes annual access reviews of all integrated systems.

Included

Other Compliance Related Services
Talk to your Advisory CISO to discuss areas where you may need additional help. Common items we help with include responding to customer questionnaires, vulnerability management, technical architecture and engineering, technical assessments, and others.

Available

Startup

$4,100/month

Company Size:
5 - 100

Advisory CISO Office Hours
Includes a personally assigned Advisory CISO with direct access to via dedicated Slack or Teams channel along with advisory meetings.
Included Frameworks
Requires active Vanta subscription and is limited to a single compliance framework.
SOC 2 Type 1

SOC 2 Type 2

ISO 27001

HIPAA

PCI

FTC Safeguards Rule
If adding as 2nd framework, $1,000/month. 3 or more frameworks require custom proposal.
Complete Audit Assurance
Our team will work with yours to ensure everything is audit ready.
Complete Audit Management
Our team will manage and coordinate with your auditors directly.
Vanta Quick Start Deployment
Includes initial Vanta configuration, company information, notifications, integrations, and user permissions. Does not include Vanta licensing.
Compliance Management & Monitoring
Includes ongoing daily and weekly monitoring of all elements required to meet compliance.
Vanta Integration Management
Continuously manage and monitor all integrations.
Custom Integrations
Integrate on-premise applications, private cloud, or unsupported SaaS applications using private integrations. This is a one-time setup fee.
$1,000/application
One time setup fee.
Policy Management
Include creating new policies from templates with full customization. Also includes ongoing policy management, reviews, and approvals.
Personnel Management
Includes organizing personnel based on teams, departments, or other org structure.
Personnel Checklist Management
Includes complete and ongoing checklist management to ensure each team member accepts the correct policies applicable to them, security awareness assignments. Also ensures onboarding and offboarding tasks are properly assigned and tracked.
Framework Control Management & Monitoring
Includes ensuring each control matches the reality of the organization, ownership assigned, and continuously monitored.
Control Test Management & Monitoring
Includes managing and monitoring automated tests to ensure remediation occurs within defined SLA’s
Manual Evidence Management & Monitoring
Includes managing and monitoring manual evidence to ensure renewal occurs within defined SLA’s. Our team will also review each piece of evidence to ensure it meets the audit requirement.
Vendor Management
Includes full vendor registry management. Also, each new vendor will be risk scored. Our team will also perform annual security reviews on each high-risk vendor.
Risk Assessment and Management
Includes an initial (and annual) risk assessment covering fraud risk, access control, asset management, business continuity, operational risk, and personnel risk.
Incident Response Tabletop
Includes guided IR Tabletop with your team annually.
Disaster Recovery Tabletop
Includes guided DR Tabletop with your team annually. It does not include technical DR implementation or testing.
Managed Access Review
Includes annual access reviews of all integrated systems.
Other Compliance Related Services Available
Talk to your Advisory CISO to discuss areas where you may need additional help. Common items we help with include responding to customer questionnaires, vulnerability management, technical architecture and engineering, technical assessments, and others.

Growth

$5,200/month

Company Size:
100 - 200

Advisory CISO Office Hours
Includes a personally assigned Advisory CISO with direct access to via dedicated Slack or Teams channel along with advisory meetings.
Included Frameworks
Requires active Vanta subscription and is limited to a single compliance framework.
SOC 2 Type 1

SOC 2 Type 2

ISO 27001

HIPAA

PCI

FTC Safeguards Rule
If adding as 2nd framework, $1,000/month. 3 or more frameworks require custom proposal.
Complete Audit Assurance
Our team will work with yours to ensure everything is audit ready.
Complete Audit Management
Our team will manage and coordinate with your auditors directly.
Vanta Quick Start Deployment
Includes initial Vanta configuration, company information, notifications, integrations, and user permissions. Does not include Vanta licensing.
Compliance Management & Monitoring
Includes ongoing daily and weekly monitoring of all elements required to meet compliance.
Vanta Integration Management
Continuously manage and monitor all integrations.
Custom Integrations
Integrate on-premise applications, private cloud, or unsupported SaaS applications using private integrations. This is a one-time setup fee.
$1,000/application
One time setup fee.
Policy Management
Include creating new policies from templates with full customization. Also includes ongoing policy management, reviews, and approvals.
Personnel Management
Includes organizing personnel based on teams, departments, or other org structure.
Personnel Checklist Management
Includes complete and ongoing checklist management to ensure each team member accepts the correct policies applicable to them, security awareness assignments. Also ensures onboarding and offboarding tasks are properly assigned and tracked.
Framework Control Management & Monitoring
Includes ensuring each control matches the reality of the organization, ownership assigned, and continuously monitored.
Control Test Management & Monitoring
Includes managing and monitoring automated tests to ensure remediation occurs within defined SLA’s
Manual Evidence Management & Monitoring
Includes managing and monitoring manual evidence to ensure renewal occurs within defined SLA’s. Our team will also review each piece of evidence to ensure it meets the audit requirement.
Vendor Management
Includes full vendor registry management. Also, each new vendor will be risk scored. Our team will also perform annual security reviews on each high-risk vendor.
Risk Assessment and Management
Includes an initial (and annual) risk assessment covering fraud risk, access control, asset management, business continuity, operational risk, and personnel risk.
Incident Response Tabletop
Includes guided IR Tabletop with your team annually.
Disaster Recovery Tabletop
Includes guided DR Tabletop with your team annually. It does not include technical DR implementation or testing.
Managed Access Review
Includes annual access reviews of all integrated systems.
Other Compliance Related Services Available
Talk to your Advisory CISO to discuss areas where you may need additional help. Common items we help with include responding to customer questionnaires, vulnerability management, technical architecture and engineering, technical assessments, and others.

Enterprise

Request Proposal

Company Size:
200+

Advisory CISO Office Hours
Includes a personally assigned Advisory CISO with direct access to via dedicated Slack or Teams channel along with advisory meetings.
Included Frameworks
Requires active Vanta subscription and is limited to a single compliance framework.
SOC 2 Type 1

SOC 2 Type 2

ISO 27001

HIPAA

PCI

FTC Safeguards Rule
If adding as 2nd framework, $1,000/month. 3 or more frameworks require custom proposal.
Complete Audit Assurance
Our team will work with yours to ensure everything is audit ready.
Complete Audit Management
Our team will manage and coordinate with your auditors directly.
Vanta Quick Start Deployment
Includes initial Vanta configuration, company information, notifications, integrations, and user permissions. Does not include Vanta licensing.
Compliance Management & Monitoring
Includes ongoing daily and weekly monitoring of all elements required to meet compliance.
Vanta Integration Management
Continuously manage and monitor all integrations.
Custom Integrations
Integrate on-premise applications, private cloud, or unsupported SaaS applications using private integrations. This is a one-time setup fee.
$1,000/application
One time setup fee.
Policy Management
Include creating new policies from templates with full customization. Also includes ongoing policy management, reviews, and approvals.
Personnel Management
Includes organizing personnel based on teams, departments, or other org structure.
Personnel Checklist Management
Includes complete and ongoing checklist management to ensure each team member accepts the correct policies applicable to them, security awareness assignments. Also ensures onboarding and offboarding tasks are properly assigned and tracked.
Framework Control Management & Monitoring
Includes ensuring each control matches the reality of the organization, ownership assigned, and continuously monitored.
Control Test Management & Monitoring
Includes managing and monitoring automated tests to ensure remediation occurs within defined SLA’s
Manual Evidence Management & Monitoring
Includes managing and monitoring manual evidence to ensure renewal occurs within defined SLA’s. Our team will also review each piece of evidence to ensure it meets the audit requirement.
Vendor Management
Includes full vendor registry management. Also, each new vendor will be risk scored. Our team will also perform annual security reviews on each high-risk vendor.
Risk Assessment and Management
Includes an initial (and annual) risk assessment covering fraud risk, access control, asset management, business continuity, operational risk, and personnel risk.
Incident Response Tabletop
Includes guided IR Tabletop with your team annually.
Disaster Recovery Tabletop
Includes guided DR Tabletop with your team annually. It does not include technical DR implementation or testing.
Managed Access Review
Includes annual access reviews of all integrated systems.
Other Compliance Related Services Available
Talk to your Advisory CISO to discuss areas where you may need additional help. Common items we help with include responding to customer questionnaires, vulnerability management, technical architecture and engineering, technical assessments, and others.

Frequently Asked Questions

HIDDEN

We don’t want to waste your time if the service is not what you need. Plain and simple.
Vanta’s pricing structure is based upon user count and framework. We wanted to provide transparent pricing regardless of framework. Vanta’s tiers don’t match ours. Because of those factors, we find it necessary to quote it separately. We hope that we can bundle it as a single transparent price at some point in the future.
When a customer utilizes our services for managing their SOC 2 or ISO 27001 program, we commit to getting it right. We feel like we only succeed after you have a successful audit. If your SOC 2 audit does not result in an unqualified opinion, we will work to correct the issues and pay for a new audit. If the ISO 27001 audit results in a failure, we will work to correct the issues and pay for a new one. The financial stake we have in your success, should give you confidence that we will put for the effort to get it right the first time!

Yes. The following obligations are placed upon the customer.

  1. You must leverage Genius GRC to fully manage the compliance program.
  2. You must agree to be responsive in communications and committed to promulgating information security throughout the organization.
  3. You must work with the team to address any identified issues or gaps during the pre-audit assessment.
  4. You must leverage Insight Assurance (insightassurance.com) as the audit firm. We have a great working relationship with them, and we trust their work.
  5. You must leverage an approved GRC automation tool such as Vanta: (vanta.com)
  6. The automated compliance tool must be integrated with a HRIS system.
It depends upon each individual organization, but our internal goal is to have the program fully implemented, gaps closed, and audit ready 90 days after onboarding. Some organizations are ready faster, and others take longer.

Experience. Because we have implemented compliance programs for so many companies, we have developed a reasonable understanding of the amount of time it takes to go through the process. To be totally transparent, the first year is typically not very profitable. We are learning about your company, gaining an understanding of your processes and procedures, developing the relationships, and working with the team to identify and close gaps. Once our team has gained the institutional knowledge of your organization, the processes become more refined more efficient. Finally, managing the program in a GRC automation platform like Vanta (vanta.com) allows us to develop repeatable processes and evidence collection cadences in a way that is completely transparent to everyone.

Like most organizations, our company was started to deliver better results than the competition. We’ve discovered that most consulting firms end up taking on more work than their team can handle. To prevent that, we limit new customer onboarding to 1 or 2 companies in a month (depending on size) and no more than 4 per quarter. This allows us to effectively scale our team without sacrificing our high standards. It also ensures that our team will have the time necessary to truly focus on your program without missing key details.

We evaluate rates quarterly (January, April, July, October). We always honor the agreements we make with our customers and commit to not raising rates during the contract period. Renewal pricing considers company growth or decline, mergers and acquisitions, new compliance requirements, and other factors. If there is little or no change in the company operations, renewal pricing for existing customers typically keeps pace with inflation.

Author