Skip to main content
Subscriptions
Managed Services

Plan to reduce the risks. We'll manage it together.

Choose the level of support that matches your team, your audit pressure, and the amount of day-to-day operational help you need.

All plans are annualPricing is scaled to your business
Choose your level
Buyer guide

Start with the amount of operational ownership you need today, then scale up as audits, stakeholders, and environments get more complex.

01

Choose Essentials if you need a clear baseline and lighter-touch guidance.

02

Move to Starter or Advanced when you need leadership support, annual assessments, and audit help.

03

Use Enterprise when regulation, scale, or complexity changes the shape of the work.

Book a subscription consult
§Choose your operating level

Each tier is designed around the operating burden you want us to absorb, not just a checklist of services.

IBaseline coverage

Essentials

Best for small organizations that need baseline coverage without building an internal program first.

Establish a working starting point with monthly guidance, reusable policies, and visibility into core hygiene issues.

  • Monthly compliance & cybersecurity bulletin
  • Policy and procedure template library
  • DMARC monitoring · 1 domain
  • Endpoint patch management add-on
Talk through Essentials
IIStructured oversight

Starter

Best for growing businesses that need more structure, leadership input, and a repeatable annual rhythm.

Move from reactive work to a managed program with CXO guidance, a yearly assessment, and incident planning.

  • Everything in Essentials, plus
  • Fractional CXO support
  • NIST CSF 2.0 annual assessment
  • Incident-response planning · annual training
  • DMARC · up to 3 domains
Discuss Starter
Most chosen
IIIAudit-ready cadence

Advanced

Best for teams preparing for audits, customer diligence, and a more mature operating cadence.

Run a fuller compliance program with audit support, tabletop exercises, and recurring training across the year.

  • Everything in Starter, plus
  • Support during external audits
  • Annual tabletop exercises
  • Quarterly live virtual training
  • DMARC · up to 5 domains · 25 endpoints
Plan the Advanced tier
IVComplex environments

Enterprise

Best for larger or more regulated organizations with broader environments, more stakeholders, and higher scrutiny.

Coordinate a tailored retainer with deeper audit readiness, OWASP maturity work, and higher service limits.

  • Everything in Advanced, plus
  • Audit-readiness assessment
  • Annual OWASP maturity assessment
  • Monthly virtual training · hosted security meetings
  • DMARC · up to 10 domains · 100 endpoints
Design an Enterprise program
Add-ons available for DMARC domains and endpoint patching at a per-unit rate
Feature
IEssentials
IIStarter
IIIAdvanced
IVEnterprise
Governance
Monthly compliance & cybersecurity bulletin
Policy and procedure template library
Fractional CXO support
NIST CSF 2.0 annual assessment
Policy & procedure review
Audit-readiness assessment
Annual OWASP maturity assessment
Infrastructure
DMARC monitoring
1 domain
up to 3
up to 5
up to 10
Endpoint patch management
Add-on
up to 5
up to 25
up to 100
Operations
Hosted security meetings
Security-vendor support
Incident-response planning
Annual risk assessment
Support for external audits
Annual tabletop exercises
Culture
Security Awareness Training
Add-on
Live virtual training
Annual
Quarterly
Monthly
Coming soon - ComplianceXO Portal
Policy management
Secrets management
Incident management
Change management
Risk register
§Included in every plan
I

Compliance Expertise

Every level is backed by our compliance experts with a deep understanding of your regulatory requirements.

II

Quarterly report

Executive-level summary of your compliance posture and progress, delivered quarterly.

III

Twelve-month plan

A dated, resourced plan — not a backlog. Your compliance goals are mapped to a realistic roadmap

IV

On-going support

When questions get hard, ComplianceXO experts are available to provide guidance and support.

§Frequently asked
Q.01

Can we switch levels mid-term?

Yes. We can add or remove services beginning the following month and adjust billing accordingly.

Q.02

Who actually does the work?

Senior leaders provide fractional CXO oversight, with analysts and trusted partners supporting execution where needed.

Q.03

Will you work with our auditor directly?

Yes. Advanced and Enterprise plans include direct auditor liaison, including pre-audit kickoff and post-audit response support.

Q.04

What about one-off assessments?

See our Expert Assessments. Standalone engagements are billed at a fixed fee based on the scope of work.

Q.05

Is there a free tier?

Yes. The self-assessments on the homepage are free and require no account. If you are not ready to engage, you can also follow The Risk Register for ongoing guidance.

Q.06

Do you do the audit?

No. We prepare you for the audit and support you through it, but we do not perform audits ourselves.

On retainers

ComplianceXO subscriptions are designed to give you a complete compliance program, complementing your existing internal IT, MSP, or MSSP to enable you to build a successful program.

Erik Boemanns·Founder, Chief Technologist, Mirability / ComplianceXO
Need something between the lines?

Custom programs — designed for every company.

Multi-entity groups, regulated industries, sovereign-data requirements, post-incident remediation. Let us know your requirements and we'll design a program specifically for your organization.