Services

Every organization has different regulatory terrain. We assess where you stand and chart the path forward.

HIPAA Assessment

Know your risk before the auditors do.

We assess your Azure, M365, and Epic environments against HIPAA Security Rule sections 164.308 through 164.312 -- every control, every requirement. AI maps your technical controls to regulatory obligations automatically. You get a gap analysis, quantified risk, and a prioritized remediation roadmap.

Who it's for

Healthcare providers, health plans, business associates, and any organization handling PHI.

Investment

$15K – $25K

Final scope determined after orientation call.

What you get

  • Control-by-control HIPAA Security Rule gap analysis (164.308-164.312)
  • Azure and M365 security posture assessment (Sentinel, Defender, Entra ID)
  • Risk assessment with quantified findings
  • Prioritized remediation roadmap with effort estimates
  • Board-ready executive summary
Discuss HIPAA Assessment

PCI DSS Gap Analysis

Clear path to cardholder data compliance.

We evaluate your cardholder data environment against all applicable PCI DSS requirements, identify gaps, and provide a structured remediation plan that your QSA will recognize.

Who it's for

Merchants, payment processors, service providers, and any organization storing, processing, or transmitting cardholder data.

Investment

$12K – $20K

Final scope determined after orientation call.

What you get

  • Cardholder data flow mapping
  • Requirement-by-requirement gap assessment
  • Compensating control recommendations
  • Remediation roadmap with effort estimates
  • QSA-ready documentation package
Discuss PCI DSS Gap Analysis

NIST CSF Implementation

Framework adoption that sticks.

A phased implementation of the NIST Cybersecurity Framework blended to your organization’s size, industry, and risk profile. We map overlapping controls across frameworks so you implement once and satisfy many.

Who it's for

Mid-market and enterprise organizations seeking a structured cybersecurity program, especially those in government contracting, critical infrastructure, or financial services.

Investment

$22K – $40K

Final scope determined after orientation call.

What you get

  • Current-state maturity assessment across all CSF functions
  • Target profile development
  • Gap analysis and action plan
  • Policy framework aligned to CSF categories
  • Implementation support across Identify, Protect, Detect, Respond, Recover
Discuss NIST CSF Implementation

Cyber Insurance Readiness

Documentation that underwriters trust.

We prepare your organization to meet cyber insurance application requirements, reduce premiums, and ensure you can actually collect on a claim. We address the controls insurers care about most.

Who it's for

Any organization applying for or renewing cyber insurance, especially those who’ve been denied or face premium increases.

Investment

$10K – $15K

Final scope determined after orientation call.

What you get

  • Insurance application gap assessment
  • MFA and identity control validation
  • Backup and recovery posture review
  • Incident response plan review or development
  • Underwriter-ready security documentation
Discuss Cyber Insurance Readiness

vCISO Services

Strategic security leadership on demand.

Fractional Chief Information Security Officer services for organizations that need senior security leadership without the full-time executive cost. We integrate with your team, attend your board meetings, and drive your security program forward.

Who it's for

Organizations without a full-time CISO, or those needing interim leadership during transitions, growth periods, or compliance pushes.

Investment

$8K – $12K/mo

Final scope determined after orientation call.

What you get

  • Monthly security program oversight
  • Board and executive reporting
  • Vendor risk management
  • Policy governance and lifecycle management
  • Incident response coordination
  • Compliance program management
Discuss vCISO Services

Continuous Compliance Monitoring

Stay compliant between audits.

Ongoing monitoring of your compliance posture against your target framework. We detect drift, track remediation progress, and ensure you’re always audit-ready — not just on assessment day.

Who it's for

Organizations with existing compliance programs that need ongoing assurance, drift detection, and continuous evidence collection.

Investment

$5K – $8K/mo

Final scope determined after orientation call.

What you get

  • Automated compliance drift detection
  • Monthly compliance posture reports
  • Evidence collection automation
  • Remediation tracking and SLA monitoring
  • Quarterly compliance review meetings
Discuss Continuous Compliance Monitoring

AI handles the evidence. Our analysts handle the judgment.

AI automates evidence collection, policy drafting, and control mapping so our experts spend time on the work that requires human judgment: interpreting findings, assessing risk, and building roadmaps that actually get funded.

Task Traditional With Iron Compass
Policy drafting 2–4 weeks 2–3 days
Evidence gathering 40+ hours manual Automated collection
Gap analysis mapping Spreadsheet-based Real-time framework mapping
Report generation 1–2 weeks Same-day drafts
Overall assessment timeline 6–8 weeks 3–4 weeks

Timelines are estimates and vary by scope and organization size.

See how our AI personas work under the hood

Not sure which service you need?

Start with a 30-minute call. We will assess which frameworks apply, identify where your gaps likely are, and tell you honestly whether you need us.

Schedule a Call