Questions, answered.
The most common questions about engagements, pricing, delivery, compliance, and how we operate. Don't see yours? Ask us directly.
How we work.
What is the engagement minimum?
Audits and fixed-fee projects have no minimum beyond the scope. Managed retainers are typically annual but billed monthly. vCISO retainers carry a 6-month minimum to allow strategic work to land. We do not lock clients into multi-year contracts.
Do you charge for scoping or initial calls?
No. The first 30-minute call and any follow-up scoping conversations are free. We commit a fixed-fee proposal before any signed agreement.
How fast can you start?
For audits and assessments: typically within 2 weeks of signed agreement. Managed retainers: onboarding within 30 days. Event work: 2–6 weeks for full scope, faster on existing relationships.
Can you take over from our existing provider?
Yes — this is one of our most common entry points. We run a transition audit, document everything we inherit, and stand up clean operations within 30–60 days while keeping the lights on.
Security specifics.
Do you provide 24/7 incident response?
Managed clients receive 24/7 incident support. Non-retainer clients can engage emergency response on a time-and-materials basis. We aim to acknowledge incident calls from managed clients within 15 minutes.
What does a security audit cost?
Audits are fixed-fee and scoped after an initial conversation. Most SMB audits fall between $5,000 and $25,000 CAD, depending on size and scope.
Are you compliant with PIPEDA, Quebec Law 25, and PHIPA?
Our practices are aligned to PIPEDA, Quebec Law 25, PHIPA, and CyberSecure Canada. We provide board-ready compliance documentation as part of charity and SMB engagements.
Can you work with our existing security tools?
Yes. We are vendor-agnostic by design. We work with your existing EDR, SIEM, firewall, and identity stack, or recommend a refresh based on what fits your operational profile and budget.
Operations & production.
Do you work with M365 / Google Workspace / Proton Mail?
Both, with specific hardening playbooks for each. Identity, MFA, conditional access, DLP, and audit logging configured to a defensible baseline.
What is your service-desk response time?
Standard retainer: 4-hour response on business hours. Priority retainer: 1-hour with after-hours coverage. Critical incidents: 15-minute acknowledgement for managed clients.
What size events do you handle?
100-person corporate gatherings up to multi-thousand-attendee venue events and touring productions. We scale either direction.
Do you support cross-border touring?
Yes. Multi-city Canadian and US tour legs with cross-border logistics handled. Carnet processing, US customs documentation, and per-state crew coordination as needed.
Ask us directly.
Email, call, or fill out the contact form. A senior engineer responds within one business day.