Our Compliance Studio is the human factor of our platform

The Compliance Studio is our human factor for our Compleye Online users! Curious about the services we offer? Stay put! We will take you right through the ins and outs and everything in between.

Online Compliance Platform | Compleye

All of our services will start with a short Intake Call, which will be 20 min max, to tell you all about the process and the preparation. Afterwards, we will plan the first meeting(s) with experts of our Lean Compliance Designer Team. 

Security Meeting Guidance

€150 excl

It takes time to build your information security management system and while building you will need to control progress. By organizing monthly security meetings, you can keep track of implementation, improvements and changes. The agenda topics and notes are embedded in Compleye Online. We will support you during these meetings help you prioritizing your lists and keep you focussed on the target … getting ready for (re)certification.

Added to your client board in Compleye Online:

Sections Operations | Security meetings : follow Agenda, make notes and identify Call to Actions.

Changes will be added to dedicated section pages, if applicable.

During the meetings we will share knowledge and experience to support your ISMS team in moving forward.

1 x 20 minute Intake

1 x 1 hour with ISMS Team

We will spend time during security meeting on topics to discuss and finalize notes and call to actions after the meeting to be most efficient.

Note: Your assessment service is not only 20 minutes. You purchase the complete assessment at once and book the intake call (max. 20min) via the button below After the intake call we will plan the follow up together to complete your assessment.

Internal Audit ISO27001

€2000 excl

There is a long list of activities that need to be done, before you are ready to get certified. This is one of last things to do.. let a friendly partner perform a readiness check. We will check if you have every nitty gritty detail in place. If not, we will support you with tips how to fix it in time. Internal Audit is a mandatory activity that will need to be done on a yearly base. 

Internal Audit is the best preparation for external audit – you can do it yourself the first year, however the external auditor will validate the independence character. We can perform this Internal Audit online – with the restriction that the evidence of ISMS is available in Compleye Online. 

Added to your client board in Compleye Online:

  • Section Certification | Internal Audit : Report and findings, with suggestions for improvements.
  • Section Policies | Internal Audit Procedure

1 x 20 minute intake

1 x 1,5 hour meeting to validate findings of Internal Auditor – all ISMS Team members will need to be available.

1 x 1 hour meeting with C-level to report the end result, findings and suggestions for improvements – to be accepted.

Note: Your assessment service is not only 20 minutes. You purchase the complete assessment at once and book the intake call (max. 20min) via the button below After the intake call we will plan the follow up together to complete your assessment.

External Audit Guidance

€800 excl per day

Getting certified, means that an (accredited) audit party will perform an audit for 3 executive years. With the ISO27001 standard in hand – every line will need to be checked, and you will need to show and tell how you have implemented and where is the evidence.  If this is new for you, we can assist you during the audit – support you with the last preparations and act as an advocate and prompter when needed. Works especially if you did not read the ISO27001 standard. 

If this is your first time, we will need to start prepping approx 6 months – some audit companies have huge waiting lists – to get a quote. The actual prep for External audit will strat 4-6 week before the planned audit, an overview of activities:

  • Review on mandatory documentation (SOA, Management Review and the Documentation of Chapter 4-10 – templates available in Compleye Online)
  • Review of internal audit improvements and in Year 2 and 3 the external audit improvements.
  • Define what work still needs to be done. [at this stage we can indicate how much time will be needed from our side]
  • Setup Agenda in cooperation with external auditor
  • Training session for your Team Members – part of external audit program.
  • Facilitate external audit days, guidance during the day.
  • Addressing the findings of the external audit in Corrective Action Plans and/or make suggestions for improvement.

    Note: Your assessment service is not only 20 minutes. You purchase the complete assessment at once and book the intake call (max. 20min) via the button below After the intake call we will plan the follow up together to complete your assessment.

    Information Security Risk Assessment (ISRA)

    €700 excl

    The ISRA identifies and assesses the risks in your IT environment, both from an attacker’s point of view and the perspective on the potential impact to your business. What measures and controls do you (already) have in place? You should perform an ISRA on a yearly basis, to make sure you are able to discover the vulnerabilities in your security system. Prioritise your findings and define improvements that will strengthen your information security system. 

    1 x 20 minute Intake meeting with owner of ISRA

    1 x 1 hour meeting for actual assessment with ISMS Team

    1 x 1 hour meeting finalise assessment and evaluate improvements with suggestions.

    We will support you with suggestions for improvements for implementation (tooling and soft solutions – based on the phase of your company)

    Note: Your assessment service is not only 20 minutes. You purchase the complete assessment at once and book the intake call (max. 20min) via the button below After the intake call we will plan the follow up together to complete your assessment.

    GDPR
    Assessment

    €1200 excl

    GDPR, the minimum requirement of regulation, is a buzzword for every company doing business in Europe. But what does that mean for your organisation? In the GDPR Assessment, we take you through the mandatory topics and assess what you already have in place and what needs to be implemented. The final report will give you confidence as well as evidence, in case your stakeholders will ask you the GDPR Question.

    1 x 20 minute Intake meeting with owner of GDRP

    1x 1 hour meeting explaining the GDPR Assessment report with findings and suggestion for improvements.

    1 x 30 min meeting for a follow up call in case there are more questions or a review on the improvements implemented.

    Note: Your assessment service is not only 20 minutes. You purchase the complete assessment at once and book the intake call (max. 20min) via the button below After the intake call we will plan the follow up together to complete your assessment.

    Lean Compliance
    Challenge

    €250 excl

    Compliance is a complex matter and in the current world, where avoiding risks is the standard, the increase of regulations seem unprecedented. There is one thought that might ease this pain: security can never be captured by piles of paper. However, you will be able to solve all challenges just by taking one step at the time and making wise (business) decisions. During these sessions, we help you to find that first, next or last step on your compliance roadmap.

    1 x 20 minute Intake meeting with owner of Compliance

    1 x 1 hour meeting to analyze the challenge

    1 x 30 minutes explanation, when the report is ready.

    You will receive a summary of the conversation, explaining or visualising options of the solution. This document you might use during your next conversation to solve the problem and take you to the next step.

    Note: Your assessment service is not only 20 minutes. You purchase the complete assessment at once and book the intake call (max. 20min) via the button below After the intake call we will plan the follow up together to complete your assessment.

    ISO27001
    Certification Process

    Certification of ISO27001 can only be given by an external Audit Company.
    Compleye is not a certified body – we advise and support SME’s.
    Depending on the size of the organization and complexity of technology the Audit Company will make a proposal for 3 years.
    Year 1 is divided into 2 stages: stage 1: decide if you eligible for certification and stage 2: the in depth audit.
    Year 2 and 3: control audits.

    Indication of pricing: If your organization size <10 fte, with an average IT complexity; pricing will be around 8-10 K Euro (year 1: 3,5 days and year 2+3: 2 days a year).  They will charge more (days) if you grow your organization on a yearly base.  

    Compleye Pricing:

    • is depending on the number of days proposed by external audit
    • if internal audit is performed by Compleye we need less time to prepare
    • indication of pricing : for <10 fte this can be done in 4-6 days – if readiness level is ok at the start.

    Implementing new frameworks
    Gap Analysis

    €1500excl

    You scored already your ISO27001 certification, or at least using Compleye Online to get ready for it. And now you are considering to implement another standard (e.g. ISO9001, ISAE, SOC-2, ISO27701), however you have no idea how much impact that might have on your resources. In a Gap Analysis we check your current state of ISO27001 and list additional activities to comply with new standard. This will give you an estimate of the impact.

    • Based on your evidence in Compleye Online – we check what is already in place and what new activities or documentation are needed.
    • A report is drafted and validated with your ISMS/PIMS/QMS Team
    • This report is your first internal audit of the new framework.
    • Based on the findings you can make a plan on timing and resources needed.
    1 x 20 minute intake 
     

    1 x 30 min meeting with C-Level, before the Gap Analysis take place

    1 x 1 hour meeting with C-Level, explain report and Improvements.

    Note: Your assessment service is not only 20 minutes. You purchase the complete assessment at once and book the intake call (max. 20min) via the button below After the intake call we will plan the follow up together to complete your assessment.

    Security Awareness
    Training

    €1000 excl (1 team meeting, €250 for extra team meetings)

    • Mandatory ISO27001 topics addressed
    • Changes in policies & procedures
    • Communicate security measures in place for [e.g. remote working, incident reporting and handlings.
    • Organize with ISMS Team members
    • Make use Compleye Templates
    • Effectiveness of training measure via questionnaire
    • Store info in Compleye training section
    1 x 20 minute intake
     
    1 x 1 hour team meeting

    Note: Your assessment service is not only 20 minutes. You purchase the complete assessment at once and book the intake call (max. 20min) via the button below After the intake call we will plan the follow up together to complete your assessment.