An ongoing compliance and security advisory retainer for businesses that have completed an assessment and need someone to call as their program evolves. We pick up where the assessment ends and stay with you through the work of getting the roadmap done, the program stays current, and the next renewal goes smoothly.
Most Advisory clients come to us after completing an assessment. The assessment tells you where you stand. Advisory is the support that gets you from where you are to where you need to be, and keeps you there. If you haven't had an assessment yet, we usually recommend starting there. It makes Advisory more focused, more productive, and more affordable.
Advisory is what most businesses actually need but rarely budget for: someone to call between assessments. Here's a sample of the kinds of work an Advisory retainer covers. Every retainer is scoped to the client's actual needs, so what's on your plate may look different.
A scheduled monthly call with your designated compliance lead or Qualified Individual. We review what's changed, what's coming up, what's stalled on the roadmap, and what needs attention. The call is your dedicated time to ask questions you don't want to send by email.
Direct access through email or the Complyn Client Portal for the questions that come up between calls. A vendor asks for a security questionnaire. A new hire needs to sign an acceptable use policy. A board member wants to know whether your business is exposed to a recent breach in the news. Send the message, get a real answer.
A short written review every quarter documenting what's changed in your compliance program, what's been completed, what's pending, and what we're recommending next. The review becomes part of your audit trail and what regulators, insurers, and acquirers want to see when they ask whether your program is genuinely living.
Your compliance program isn't static. Staff change, vendors change, your business grows, regulations update. We help you keep the underlying policies and procedures current so the program doesn't go stale between assessments.
New vendor coming on with access to customer data or PHI? We help you evaluate their security posture, review their documentation, and update your service-provider inventory. The kind of due diligence the rules require but most businesses skip.
Insurance renewal questionnaires. Bank partner security demands. Customer due-diligence requests. We help you respond accurately and consistently so you stop scrambling every time one shows up.
Advisory is a month-to-month retainer with no long-term commitment. We scope each engagement against your actual needs and document it in a short Statement of Work. You pay monthly. You can cancel whenever the relationship isn't serving you.
A free thirty-minute call to talk about your business, your existing compliance posture (if any), what's on your plate, and what good support actually looks like for your situation. If we're not a fit, we'll tell you. If we are, we'll write up a proposed Statement of Work.
A short, plain-language document covering what's included in the retainer, what's out of scope, the monthly fee, the term (month-to-month by default), and how either side ends the relationship. No hidden surprises, no minimum commitments beyond a single month.
Once signed, the retainer is active. You get the standing check-in calls, the email access, the quarterly reviews, and the project work scoped into your engagement. We invoice monthly. You pay monthly.
The retainer continues until either side ends it. If your needs grow, we expand the scope. If your situation changes and you no longer need the retainer, you cancel with thirty days notice and we hand off any open work cleanly. No exit penalties, no awkward conversations.
Most Advisory retainers fall between $500 and $2,000 per month.
The base tier starts at $500 per month for small businesses with a documented baseline and steady, manageable ongoing needs. Pricing scales with complexity: more entities, more business associates or service providers, more frequent questionnaire pressure, more active remediation, or more rigorous oversight requirements all move the number up.
Every retainer is quoted at a fixed monthly rate after the initial scoping call. The rate is locked in your Statement of Work. If the scope of your engagement grows, we discuss it before we change the rate.
Most compliance work disappears into an inbox. We do it differently. Every Complyn client gets access to the Complyn Client Portal, a dedicated space where your reports, files, and conversations stay organized and accessible for up to three years after the engagement ends.
Three years of access, no extra fee. The platform exists to make compliance something you can return to, not something you have to rebuild every time.
Fill out the form. We'll review your inquiry and reach out within one business day to talk about whether Advisory makes sense for your business and what a fitting scope looks like.
Already a Complyn assessment client? Tell us in the form. We can usually pick up where the engagement ended and get a retainer started quickly.
No, but we usually recommend it. Advisory works best when there's a documented baseline to advise against. If you haven't had a recent assessment, your retainer ends up doing assessment-style work piecemeal, which is less efficient and more expensive over time. For most clients, an assessment first, then Advisory, is the most cost-effective path. We'll talk through whether that's right for you on the scoping call.
No. The retainer is month-to-month. You can cancel with thirty days notice. No exit penalty, no awkward conversations. We'd rather have clients who genuinely want to be in the relationship than clients trapped by a long-term contract.
That's normal and expected. Retainers are designed to absorb ordinary fluctuation. If a particular month involves materially more work than the scope contemplates, we'll flag it before the next invoice and we'll have a conversation about whether the scope needs to expand. The conversation happens before the bill changes, not after.
For most small and mid-sized businesses, yes. The retainer can effectively serve as your compliance and security function: maintaining the program, handling questionnaires, responding to questions, keeping the documentation current, and acting as the Qualified Individual or compliance lead on paper if that fits your structure. For larger businesses with more sophisticated needs, the retainer typically operates alongside in-house staff rather than replacing them.
No, the annual assessment is scoped and priced separately as a distinct engagement. Bundling them blurs the independence that makes the assessment trustworthy. Your retainer continues through the assessment period and helps you prepare, but the assessment itself is its own engagement with its own scope, deliverables, and price.
We don't sell anything, and we don't take vendor commissions on tools we recommend. Our independence is the whole product. When the retainer work calls for a tool, software, or vendor (a password manager, an EDR product, a MFA platform, a phishing test service), we'll recommend what your business actually needs, with multiple options where appropriate. You buy whatever you choose directly from the vendor.
For existing Complyn assessment clients, usually within a week of signing the Statement of Work. For new clients, we typically need one to two weeks to scope the engagement properly, agree on the terms, and complete any onboarding required to give us the access and context we need.
Fill out the inquiry form. We'll review your situation and reach out within one business day with next steps. The conversation is free, no obligation.