Purpose: Identify the most common Google Workspace security risks

Includes:

• Super admin and privileged role review
• MFA enforcement review
• User account security review
• External sharing configuration review
• Basic OAuth application inventory
• Email authentication review (SPF, DKIM, DMARC)
• Security alert configuration review
• Workspace security posture evaluation

Deliverables: Security Findings Report (PDF), Identified risks and misconfigurations, Basic remediation recommendations

Best For: Small organizations wanting a quick security health check

Purpose: Provide deeper visibility into identity and data protection risks

Everything in Basic plus:

• Admin privilege structure analysis
• OAuth application permission risk analysis
• Third-party application review
• Google Drive sharing policy evaluation
• Suspicious login and security monitoring review
• Identity lifecycle risk analysis (onboarding/offboarding)
• Access governance gap analysis

Deliverables: Detailed Security Assessment Report, Risk prioritization (High/Medium/Low), Remediation roadmap

Best For: Organizations preparing to improve their security posture

Purpose: Deliver a full Google Workspace security assessment with expert consultation

Everything in Standard plus:

• Advanced Gmail phishing protection review
• Data Loss Prevention configuration analysis
• Google Vault compliance readiness review
• API token and OAuth security analysis
• SaaS access governance review
• Identity architecture improvement recommendations

Deliverables: Full Google Workspace Security Assessment Report, Step-by-step remediation roadmap, 30-45 minute consultation session, Implementation guidance

Best For: Organizations preparing for SOC 2, HIPAA, vendor security reviews, or security hardening projects

Purpose: Identify the most common security risks in Microsoft 365 environments

Includes:

• Microsoft Entra ID security configuration review
• MFA enforcement status across users and admins
• Global admin and privileged role review
• Conditional Access policy overview
• OAuth application permission inventory
• External sharing and guest account review
• Email authentication check (SPF, DKIM, DMARC)
• Security findings report

Deliverable: Security Risk Report (PDF), List of detected risks, Basic remediation recommendations

Best For: Small organizations wanting a quick security health check

Purpose: Provide deeper visibility into identity risks and access control gaps

Everything in Basic plus:

• Detailed Conditional Access policy review
• Admin privilege restructuring recommendations
• Legacy authentication risk analysis
• External sharing policy evaluation
• SaaS OAuth integration risk review
• Sign-in security monitoring review
• Identity governance gap analysis

Deliverable: Detailed Security Assessment Report, Risk prioritization (High/Medium/Low), Remediation roadmap

Best For: Organizations preparing for security improvements or compliance readiness

Purpose: Provide a complete Microsoft 365 security assessment with expert consultation

Everything in Standard plus:

• Microsoft Defender security configuration review
• Identity protection and risk detection review
• API token and application permission analysis
• Conditional Access policy redesign recommendations
• Least-privilege admin model recommendations
• SaaS access governance review

Deliverables: Full Microsoft 365 Security Assessment Report, Step-by-step remediation roadmap, 30-45 minute consultation session, Implementation guidance

Best For: Organizations preparing for SOC 2, HIPAA, vendor security reviews, or security hardening projects

Purpose: Identify identity security weaknesses across your environment

Includes:

• Identity provider configuration review (Google Workspace/Microsoft Entra/Okta)
• Privileged admin account analysis
• SaaS access governance review
• Contractor and vendor account exposure review
• OAuth integrations and API token risk review
• Identity lifecycle evaluation (onboarding/offboarding)
• Privilege escalation risk analysis

Deliverables: Identity Security Risk Report, Identified architecture weaknesses, High-level remediation recommendations

Best For: Organizations wanting a strategic identity security assessment before implementing changes

Purpose: Design a secure identity access model for the organization

Everything in Tier 1 plus:

• Role-Based Access Control (RBAC) model design
• Group-based access structure
• Admin privilege model redesign
• Identity lifecycle framework (joiner/mover/leaver)
• SaaS access governance framework
• Conditional access strategy (if supported by platform)

Deliverables: Identity Architecture Blueprint, Role and group structure documentation, Identity governance recommendations, Prioritized implementation roadmap

Best For: Companies implementing identity-first security architecture

Purpose: Deliver a complete identity security framework for the organization

Everything in Tier 2 plus:

• Privileged access management model
• Vendor and contractor access governance framework
• SaaS identity federation architecture
• Identity risk monitoring strategy
• Access review process design
• Identity security policy framework

Deliverables: Complete Identity Security Architecture Document, Identity governance model, Access control framework, Security policy templates, 60-minute architecture review session

Best For: Organizations preparing for SOC 2, enterprise vendor security reviews, or security maturity programs

Purpose: Identify obvious privilege and access risks across core SaaS tools

Includes:

• Review of up to 5 SaaS platforms
• User role and admin privilege review
• Identification of over-privileged accounts
• External sharing access review
• Contractor and vendor account review
• Basic OAuth integration inventory
• Security findings report with remediation recommendations

Best For: Small teams that want to identify access risks and privilege issues across key SaaS platforms

Purpose: Identify deeper identity and integration risks across SaaS platforms

Everything in Tier 1 plus:

• Review of up to 8 SaaS platforms
• OAuth application permission analysis
• Third-party application risk review
• API token and service account exposure review
• SaaS identity lifecycle analysis (onboarding/offboarding)
• Access governance recommendations
• Prioritized remediation roadmap

Best For: Organizations managing multiple SaaS tools and wanting stronger access governance controls

Purpose: Provide a full SaaS identity security assessment including vendor risk and shadow SaaS

Everything in Tier 2 plus:

• Review of up to 12 SaaS platforms
• Shadow SaaS discovery (connected applications)
• Vendor and third-party integration risk analysis
• Privileged access model review
• SaaS identity architecture recommendations
• Least-privilege redesign roadmap
• Executive summary report for leadership

Best For: Companies preparing for SOC 2, HIPAA, or vendor security reviews or those with complex SaaS environments

Purpose: Establish a secure SSO foundation for key SaaS tools

Includes:

• Identity provider setup (Okta, Entra ID, or Google SSO)
• MFA enforcement configuration
• Integration with up to 3 SaaS applications
• Basic group-based access configuration
• User authentication testing
• SSO documentation

Examples of SaaS integrations:

Slack, Notion, Dropbox, Zoom, Atlassian, and other common business platforms

Deliverables: Working SSO authentication, MFA enforcement across integrated apps, Admin setup guide

Best For: Small teams beginning centralized authentication

Identity Discovery Workshop + $500 Required for Tier 2

Purpose: Implement structured identity governance across SaaS platforms

Everything in Tier 1 plus:

• Integration with up to 6 SaaS applications
• Role-based access model design
• Group-based provisioning
• Admin privilege review
• Conditional access configuration (if supported)
• Identity lifecycle recommendations (joiner/mover/leaver)

Deliverables: Identity architecture documentation, Role and group access structure, Implementation guide

Best For: Organizations scaling SaaS usage and wanting structured access control

Identity Discovery Workshop + $500 Required for Tier 3

Purpose: Deploy a complete identity security framework

Everything in Tier 2 plus:

• Integration with up to 10 SaaS applications
• Advanced MFA policies
• Conditional access policy design
• Contractor/vendor access model
• Privileged admin access model
• Identity governance recommendations
• Security monitoring recommendations

Deliverables: Complete identity architecture documentation, SSO configuration across SaaS platforms, Identity governance roadmap, 45-60 minute implementation walkthrough

Best For: Companies adopting identity-first security architecture

Perfect for Quick authentication setup without full DMARC enforcement

Includes:

• SPF record configuration
• DKIM key generation
• DKIM signing verification
• DNS validation testing
• Email authentication baseline

Price depends on environment complexity:

Everything in Tier 3 plus:

What's included:

• Everything in Tier 2B, plus:
• WE implement all recommended fixes for you
• Third-party email service configuration (Mailchimp, SendGrid, CRM, etc.)
• Quarantine phase management and testing (30 days)
• Full enforcement implementation (reject mode)
• 60-day post-enforcement monitoring and support
• Ongoing DMARC report analysis
• Final implementation report and documentation

Purpose: Establish a secure baseline and remove obvious risks

Includes:

• MFA enforcement across all users
• Super / Global admin account review and cleanup
• Removal of legacy authentication
• Third-party app review and cleanup
• Basic email authentication verification (SPF/DKIM)
• Security alert configuration (login alerts, suspicious activity)
• Security baseline documentation

Purpose: Move from baseline security to controlled access governance

Everything in Basic Hardening plus:

• DMARC enforcement (p=quarantine or reject) if SPF and DKIM are already configured and passing.
• Admin privilege restructuring (least-privilege model)
• External sharing restrictions
• Data Loss Prevention (DLP) policy setup
• Email phishing protection policies
• Suspicious login monitoring configuration
• Access governance recommendations

Purpose: Implement a complete SMB security foundation

Everything in Advanced Implementation plus:

• Mobile device security controls (MDM or device access policies depending on platform licensing)
• Contractor / vendor access model
• Offboarding checklist and SOP
• Security alert tuning and monitoring policies
• Incident response checklist
• Security policy documentation package

Implement baseline protections to detect and prevent accidental sharing of sensitive information

Includes:

• Enable DLP functionality within the workspace environment
• Pre-built detection rules for common sensitive data types: Social Security Numbers, credit card numbers, bank account numbers
• Basic Gmail DLP policy configuration
• Basic Google Drive file sharing protection
• Alert notifications for policy violations
• Policy validation and testing

Best For: Small teams beginning security controls, organizations handling limited sensitive data

Adds stronger policy control and broader coverage across collaboration tools

Everything in Tier 1 plus:

• Custom DLP rule creation
• Additional data type detection: PII, financial records, internal business documents
• Expanded Google Drive sharing restrictions
• Policy-based warning prompts for users
• Administrative alert configuration
• Incident response workflow recommendations

Best For: Companies handling customer information, organizations preparing for compliance readiness

Implements structured data protection with classification and advanced governance controls

Everything in Tier 2 plus:

• Data classification label framework
• Sensitivity labels for documents and files
• DLP policies tied to classification labels
• Automated file sharing restrictions based on classification
• Reporting dashboard configuration
• Administrator training session (30–45 minutes)

Best For: Companies preparing for compliance (SOC 2, HIPAA, PCI), organizations handling regulated or confidential data

Establish baseline protections for mobile devices accessing company email and files

Includes:

• Mobile device management activation
• Basic device enrollment setup (iOS & Android)
• Screen lock and password policy enforcement
• Device access restrictions for unmanaged devices
• Basic security posture review for connected devices
• Testing to confirm device policies apply correctly

Best For: Small teams using personal devices for work, organizations starting mobile security controls

Adds stronger security policies and device protection requirements

Everything in Tier 1 plus:

• Device encryption enforcement
• Advanced password policies
• Device inactivity lock configuration
• Basic remote device wipe capability
• Compliance rules for device access
• Administrative alerts for non-compliant devices

Best For: Organizations handling sensitive customer information, teams using mobile devices to access email and shared files

Implements a complete mobile device governance model for secure remote work

Everything in Tier 2 plus:

• Device inventory monitoring
• Full remote wipe and account wipe capability
• App Protection Policies controlling corporate data in apps like Outlook, Teams, OneDrive
• Application management policies
• BYOD access policy framework
• Device compliance reporting setup
• Administrator training session (30 minutes)

Best For: Remote or hybrid teams, organizations enforcing mobile security policies, companies preparing for compliance readiness

Establish baseline retention controls to ensure business data is preserved according to organizational policies

Includes:

• Google Vault activation and configuration
• Email retention rule setup
• Google Drive retention rule setup
• Basic retention policy documentation
• Validation testing to confirm policies apply correctly

Best For: Small teams starting compliance readiness, organizations needing basic record retention

Adds litigation readiness and stronger governance over critical records

Everything in Tier 1 plus:

• Legal hold configuration
• Legal hold workflow documentation
• Administrative role configuration for Vault access
• Search and export testing procedures
• Incident response guidance for data preservation

Best For: Companies handling contracts or sensitive communications, organizations preparing for regulatory requirements

A complete Google Workspace data governance framework aligned with compliance standards

Everything in Tier 2 plus:

• Custom retention rules for different departments
• Shared Drive retention configuration
• Vault search query templates
• eDiscovery export workflow documentation
• Compliance policy documentation
• Administrator training session (30–45 minutes)

Best For: Companies preparing for SOC 2, HIPAA, or vendor security reviews; organizations needing defensible data retention practices

Purpose: Provide companies with ready-to-use training materials

Includes:

• Security awareness slide deck
• Phishing identification guide
• Password & MFA best practices guide
• Secure device usage guidelines
• Incident reporting workflow template
• Employee security quick reference guide

Delivery: PDF + presentation materials

Best For: Companies that want to conduct training internally

Purpose: Provide instructor-led training for employees

Everything in Tier 1 plus:

• 60-90 minute live training session
• Real-world phishing attack examples
• Credential theft demonstrations
• Interactive Q&A session
• Training recording (if virtual)

Delivery: Virtual (Zoom/Teams)

Best For: Teams of 5-30 employees

Purpose: Implement an ongoing awareness program

Everything in Tier 2 plus:

• Simulated phishing campaign
• Phishing risk assessment report
• Employee phishing susceptibility score
• Follow-up training session
• Security awareness policy template
• Quarterly training roadmap

Best For: Organizations preparing for SOC 2, HIPAA, or security audits