The Right Level of Coverage for Where You Are
No surprise invoices. No enterprise bloat. Every engagement is scoped to your actual risk — not our revenue target.
Identity & SOX Gap Analysis
Know exactly where you stand before an auditor does. We assess your IAM posture against SOX ITGC requirements and deliver a prioritized gap report.
- Entra ID / Azure AD configuration review
- RBAC & privileged access assessment
- SOX ITGC control mapping
- Separation of duties (SoD) analysis
- Written gap report with risk rankings
- 30-minute debrief call
IAM Cleanup & Cloud Hardening
We don't just identify the gaps — we close them. A fixed-scope project to remediate your IAM environment and bring it to audit-ready baseline.
- Full Entra ID / M365 remediation
- Conditional Access policy design & deployment
- MFA rollout & enforcement
- Joiner-Mover-Leaver automation build
- Privileged access cleanup & PIM setup
- Post-project compliance evidence package
Audit-Readiness Retainer
Ongoing IAM management, quarterly access reviews, and continuous audit evidence collection — so you're never scrambling before an audit.
- Monthly IAM health monitoring
- Quarterly access reviews & recertification
- Continuous evidence collection & packaging
- Policy & procedure maintenance
- Dedicated client portal with compliance dashboard
- Priority support & incident response
vCISO Strategic Advisory
Executive-level security leadership without the full-time cost. Your fractional CISO for board reporting, audit committee prep, and security program ownership.
- Security program strategy & roadmap
- Board & audit committee reporting
- Vendor risk management oversight
- Incident response leadership
- Regulatory liaison (NYDFS, SEC, SOX)
- Everything in Tier 3, plus executive access
Not sure which tier fits? Start with the free assessment — we'll tell you exactly where you need to be and what it will cost to get there.
Common Questions
Do you work with companies outside of NJ?
Yes. While we're based in the NYC/NJ metro area, all engagements can be delivered remotely. Most of our IAM and compliance work is done inside client environments via secure remote access.
What's the difference between Tier 1 and the free assessment?
The free assessment is a 30-minute discovery session — we identify where to look. The Tier 1 Gap Analysis is a full technical engagement: we go inside your environment, test every control, and deliver a written report an auditor could read.
Do you only work with Microsoft environments?
We specialize in Microsoft Entra ID / M365, but we also work with Okta, AWS IAM, and hybrid environments. If you're on Entra ID, that's where we're deepest.
Can we start with Tier 1 and move to a retainer?
That's the most common path. The gap analysis shows you what needs fixing — if the scope warrants it, we scope a Tier 2 project and move into a Tier 3 retainer once the environment is clean.