Governance. Risk. Compliance. Cybersecurity.
MAST Consulting Group - Governance, Risk, Compliance and Cybersecurity Logo
Pricing & Engagement

Pricing & Engagement — SOC 2 Type I & Type II Readiness

SOC 2 Type I & Type II Readiness is delivered on fixed-fee, time-and-materials or retained models — whichever best matches your risk and budget profile. Every proposal is preceded by a free 30-minute scoping call.

  • ISO/IEC 27001 Certified
  • ISO/IEC 27701 Certified
  • ISO 9001 Certified

Delivered by an ISO/IEC 27001, 27701 & 9001 certified organisation

Engagement models

ModelBest forCommercial shape
Fixed feeWell-defined scope, certification deadlines, board commitmentsSingle price across all phases, milestone-based invoicing
Time & materialsEvolving scope, multi-entity rollouts, M&A integrationDaily rate by consultant grade, monthly burn report
Managed retainerContinuous compliance and multi-framework operationsMonthly subscription with defined service catalogue and SLAs
Outcome-basedMature buyers who want fees tied to certification or audit passBase fee plus success fee on milestone achievement
Commercial model at a glance

Comparison table titled "Commercial model at a glance" with 4 rows comparing Model versus Commercial shape: Fixed fee versus Single price across all phases, milestone-based invoicing; Time & materials versus Daily rate by consultant grade, monthly burn report; Managed retainer versus Monthly subscription with defined service catalogue and SLAs; Outcome-based versus Base fee plus success fee on milestone achievement.

Comparison of Model versus Commercial shape across 4 rows.
ModelCommercial shape
Fixed feeSingle price across all phases, milestone-based invoicing
Time & materialsDaily rate by consultant grade, monthly burn report
Managed retainerMonthly subscription with defined service catalogue and SLAs
Outcome-basedBase fee plus success fee on milestone achievement

What drives the fee

  • Number of in-scope legal entities, sites and business units.
  • Headcount and complexity of the technology estate.
  • Number of frameworks running in parallel (one ISMS often satisfies several).
  • Maturity of existing policies, evidence and tooling.
  • Regulator submission deadlines and audit-body availability.
Relative impact on fee

Horizontal bar chart titled "Relative impact on fee". Values: Scope (entities, sites) 90%, Headcount & estate 75%, Parallel frameworks 65%, Existing maturity 55%, Deadline pressure 45%.

  • Scope (entities, sites)
    90%
  • Headcount & estate
    75%
  • Parallel frameworks
    65%
  • Existing maturity
    55%
  • Deadline pressure
    45%

What is included

  • All consulting effort across the phases listed in the methodology.
  • Document templates, working sessions and review cycles.
  • Internal audit and management review facilitation.
  • Auditor liaison through Stage 1, Stage 2 or equivalent.
  • Up to 30 days of post-go-live support at no extra cost.
Included in every fixed-fee proposal

Checklist titled "Included in every fixed-fee proposal" with 5 items, every item marked complete: All consulting effort across the phases listed in the methodology.; Document templates, working sessions and review cycles.; Internal audit and management review facilitation.; Auditor liaison through Stage 1, Stage 2 or equivalent.; Up to 30 days of post-go-live support at no extra cost..

  • All consulting effort across the phases listed in the methodology.
  • Document templates, working sessions and review cycles.
  • Internal audit and management review facilitation.
  • Auditor liaison through Stage 1, Stage 2 or equivalent.
  • Up to 30 days of post-go-live support at no extra cost.

What is separate

  • Certification-body or QSA fees (paid directly to the audit firm).
  • Penetration testing and ASV scans when not already in scope.
  • GRC platform licences (we hold partner status with major vendors).
  • Travel and accommodation for on-site work outside the home city.
Next: Industries Served