Pricing You Can Read

Published prices. No hidden upsell. No sales gauntlet

The whole model is on this page. You will not find a "request a quote" form or a discovery call standing between you and a number. Here is what that means.

Every price is on this page

Flat fees, published in the open. No custom quotes, no "contact us for pricing."

No hidden upsell

The scope you agree to is the scope you pay. Nothing gets bolted on mid-engagement.

No sales gauntlet

There is no sales team to get through. You talk to the senior expert who runs your program.

Leave when it suits you

Subscriptions carry a six month minimum, then run month to month. Cancel anytime after.

How to Get Started

Two ways in. You pick the one that fits

Both paths are run by the same senior expert and lead to the same place: a program that holds. Start with a monthly subscription, or start with a one-time assessment and convert within 60 days.

Path 1 · Subscription First

Start with a monthly program

From $2,000 / mo
Foundation phase, six month minimum

Choose Foundation, Growth, or Peak. A focused gap assessment is built into onboarding at no extra charge: the same analytical rigor as a standalone assessment, with condensed documentation and one combined strategy call. Month one is the assessment. Month two is active program management.

  • Gap assessment included in onboarding
  • Six month minimum, then month to month
  • Active program management from month two
Path 2 · Project First

Start with a standalone assessment

$5,500 one-time
Full-scope gap assessment, complete documentation

Purchase a full-scope gap assessment starting at $5,500, with complete documentation. Within 60 days of delivery, you choose how to continue, with no pressure either way.

  • Roll the assessment straight into an Arc subscription
  • 20% off your first three months on any phase
  • A 60-day window to decide

The Arc Model

One model, four phases, priced to grow with you

Most firms quietly step aside when you hire a CISO. Ours is built to survive that transition. The Arc Model is a single engagement path on a monthly retainer: we meet you at your stage and scale with the company, from your first framework to your first CISO. Every phase carries a six month minimum, then runs month to month.

Phase 01 · Foundation

You run execution, we own direction.

$2,000/ month
6 month minimum

Best for: Seed stage, or post-certification teams with internal capacity


  • Two 60-minute calls per month
  • Async email support, 24-hour response
  • Monthly compliance status summary
  • Policy and procedure review on request
  • Evidence review ahead of audit windows
  • Single framework
  • Client owns execution, Arclight owns direction
Estimate this phase
Phase 02 · Growth

We own and drive the program.

$5,000/ month
6 month minimum

Best for: Series A companies with no dedicated compliance staff


  • Four 60-minute calls per month
  • Async email support, 24-hour response
  • Monthly compliance status summary
  • Full policy and procedure documentation and updates
  • Control implementation guidance and tracking
  • Evidence collection support and review
  • Audit coordination and auditor liaison
  • Remediation tracking with prioritized actions
  • Single framework included, add more at add-on rates
Estimate this phase
Phase 03 · Peak

We run the full program and report to your board.

$9,000/ month
6 month minimum

Best for: Series A to B, board-level oversight, executive stakeholders


  • Four 60-minute calls per month
  • Async email support, same-day response
  • Monthly compliance status summary
  • Executive and board-ready reporting
  • Full policy and procedure documentation and updates
  • Control implementation and tracking across all frameworks
  • Evidence collection support and review
  • Audit coordination and auditor liaison across frameworks
  • Remediation tracking with action items and owners
  • Quarterly program review and roadmap update
  • One incident response tabletop per 12 months
  • One BCDR tabletop per 12 months
  • Single framework included, add more at add-on rates
Estimate this phase
Phase 04 · Evolution

We run the program through your CISO hire.

$12,500/ month
6 month minimum

Best for: Companies at or approaching their first CISO hire


  • Everything in Peak, plus:
  • CISO role definition and hiring assistance
  • Candidate screening and interview support
  • CISO onboarding and first 90-day plan
  • Knowledge transfer and documentation handoff
  • Full program execution through the CISO transition
  • Single framework included, add more at add-on rates
Estimate this phase
Estimate your engagement →

Need more than one framework? Add-on pricing is published below.

Framework Add-Ons

Run more than one framework on a single program

Most companies grow into a second or third framework. Add one to any phase at a flat monthly rate. The rate depends on the phase you add it to: lower while you are in Foundation or Growth, higher at Peak or Evolution, where we run the added framework end to end alongside everything else.

Framework Added to Foundation or Growth Added to Peak or Evolution
HIPAA$750 / mo$1,000 / mo
SOC 2$1,250 / mo$1,750 / mo
ISO 27001 or ISO 42001$1,500 / mo$2,000 / mo
ISO 27001 + ISO 42001 togetherBundled rate$2,700 / mo$3,600 / mo
ISO 27701$1,000 / mo$1,500 / mo
GDPR + CCPA$1,750 / mo$2,250 / mo
Cyber Essentials$2,000 / mo$3,000 / mo
NIST CSF 2.0$1,250 / mo$1,750 / mo
PCI DSS v4.0$1,500 / mo$2,000 / mo
NIST 800-171$2,000 / mo$2,750 / mo
HITRUST CSFReadiness / PM only$2,750 / mo$3,500 / mo

Each add-on covers the framework at the same level of service as the phase it attaches to, mapped against your existing controls so you are not paying twice for shared work. Pairing ISO 27001 and ISO 42001 together is priced below the sum of the two.

Standalone Service

Annual internal audits to keep your certification

Already hold ISO 27001 or ISO 42001? The standard requires an internal audit every year to keep it. We run that audit as a standalone engagement, separate from the Arc Model subscriptions. This is not a readiness service.

ISO 27001 Per audit · Annual

ISO 27001 Internal Audit

$3,500

A full internal audit of your information security management system against every clause and Annex A control, so you stay compliant between surveillance audits.

  • Audit against all ISO 27001 clauses and Annex A controls
  • Nonconformities documented with severity
  • Report ready for your management review
  • Evidence trail for the external surveillance audit
Book this audit
ISO 42001 Per audit · Annual

ISO 42001 Internal Audit

$4,500

A full internal audit of your AI management system against every clause and Annex A control, covering the AI governance and risk requirements unique to the standard.

  • Audit against all ISO 42001 clauses and Annex A controls
  • AI governance and risk controls reviewed
  • Nonconformities documented with severity
  • Report ready for your management review
Book this audit

Two separate services. No bundle, no combined option. You select the audit for the certification you hold.

Hourly Rates

Almost everything runs as a flat-fee assessment or a monthly subscription. Hourly is the backstop for the narrow work that falls outside a defined scope.

Standard Advisory3-hour minimum · net 15
$225 / hr
Rush and Urgent2-hour minimum · paid up front
$295 / hr
Expert Witness4-hour minimum · retainer in advance
$350 / hr

Common Questions

Answers, before you ask

How much does Arclight cost?

Every price is published openly on this site. Monthly programs run $2,000 (Foundation), $5,000 (Growth), $9,000 (Peak), and $12,500 (Evolution). A standalone full-scope gap assessment starts at $5,500. No custom quotes and no "contact us for pricing."

Which compliance frameworks do you support?

SOC 2, ISO 27001, ISO 27701, ISO 42001, HIPAA, CCPA, GDPR, NIST CSF 2.0, PCI DSS v4.0, NIST 800-171, and HITRUST readiness — all managed under one roof by one senior expert.

How is Arclight different from a larger consulting firm?

Every engagement is led by a senior GRC (Governance, Risk & Compliance) expert with over a decade of audit experience. There are no junior handoffs and no sales team — you work directly with the person who runs your program.

Is there a contract or minimum commitment?

Subscriptions carry a six-month minimum, then run month to month. You can cancel anytime after the minimum.

Can I start with a one-time assessment instead of a subscription?

Yes. A full-scope gap assessment starts at $5,500 with complete documentation. Within 60 days you decide whether to continue — roll into a subscription for 20% off your first three months, or not, with no pressure either way.

What happens in the first month of a subscription?

Month one is a focused gap assessment built into onboarding at no extra charge. Month two begins active program management.

Not sure which phase you need?

That is what the first call is for. Thirty minutes, a straight read on your situation, and a clear next step.

Book a Free Strategy Call