Skip to content
Services & Pricing

Fixed scope, fixed fee, agreed before you sign.

Three entry-point assessments. Retainer engagements. Execution sprints when you need focused delivery. All prices in DKK, excluding VAT.

Which engagement fits?

Three paths, depending on what you need right now.

Assess

25-100K DKK

Find out where you stand.

Fixed-fee, fixed-scope assessments. ISO 27001, SOC 2, cloud cost, or AI governance. Clear picture in 5-10 business days. Decision point before any ongoing commitment.

See assessments

Retain

40-120K DKK/month

Ongoing senior leadership.

Named senior operator covering IT strategy, security, compliance, cloud, and AI governance. Bi-weekly sessions, async availability, board reporting. Standard or Executive tier.

See retainer tiers

Sprint

From 50K DKK

Focused delivery on a deadline.

Certification prep, NIS2 implementation, EU AI Act readiness, or any scoped objective that needs concentrated capacity beyond normal cadence. Security Questionnaire Sprint available separately at 45K DKK.

See sprints

Not sure? Start from what is driving the urgency.

A customer just sent us a security questionnaire and we have no answers

SprintSecurity Questionnaire Sprint (45K DKK, 10 business days)

We need ISO 27001 or SOC 2 but don't know where we stand

AssessReadiness Assessment (25-35K DKK, 5-7 business days)

Our CTO owns security by default and is drowning in it

RetainStandard Retainer (40-75K DKK/month)

We have a hard compliance deadline and nobody staffed to meet it

SprintExecution Sprint (from 50K DKK, scoped to the deadline)

We're not sure what we need yet

AssessStart with a scoping call. 30 minutes, no commitment.

Fast Track

10 business days

Security Questionnaire Sprint

45,000 DKK. Fixed fee.

A targeted sprint for one specific situation: an enterprise deal stalled on a customer security questionnaire and your CTO is losing weekends trying to answer it. You forward the questionnaire, I draft answers with an evidence library you keep, your CTO reviews, we send it back. The same library answers the next one in hours instead of days.

  • Review of up to 2 customer security questionnaires (SIG Lite, CAIQ, custom)
  • Drafted answers with source evidence mapped to your existing controls
  • Reusable evidence library (Notion or your platform of choice)
  • One working session with your sales team on how to handle the next one

Not a replacement for ISO 27001 or SOC 2. Not an audit. Not pen testing. If the questionnaire reveals gaps, those are fixed under a separate engagement.

Entry point

Readiness Assessments

Fixed fee: 25-35,000 DKK

5-10 business days depending on assessment type. Billed 100% upfront.

Three fixed-fee assessments with defined scope, chosen by what's driving the urgency. Each delivers a written report, a prioritised 90-day plan, and a go/no-go decision point you can act on. Readiness assessments are advisory. Certification audits are conducted by an accredited certification body.

Backed by a guarantee

Cloud Cost Review carries a 2x-savings-or-refund guarantee.

  • ISO 27001 / SOC 2 Readiness Assessment: 25-35K DKK, 5-7 business days
  • Cloud Cost Review: 25/50/100K DKK tiered by cloud spend, 5-10 business days, 2x-savings-or-refund guarantee
  • AI Governance Review: 25-30K DKK, 5-7 business days, covers EU AI Act deployer gap analysis and a prioritised readiness plan
  • Written report with prioritised remediation roadmap and named owners
  • Executive briefing you can present to your board
  • Clear go/no-go decision point before any ongoing commitment

Ongoing

Standard Retainer

Typical engagements 40-75K DKK/month

The monthly fee is fixed and agreed in writing before you sign. No usage billing, no scope creep, no multi-year lock-in. 90-day initial term, billed quarterly, 10% discount for prepaid quarters. Renewal is your call at each quarter end.

Senior leadership across IT strategy, security, compliance, cloud, and AI governance, typically 8-12 days a month. Bi-weekly sessions plus async availability. Not a help desk: a named operator who knows your business and sits in your leadership conversations. Scope and fee agreed in the scoping call. Billed quarterly.

  • Single point of accountability across IT strategy, security, compliance, cloud, and AI governance
  • Compliance programme management (ISO 27001, SOC 2, NIS2, EU AI Act) -- run as one integrated programme, not four separate projects
  • Cloud oversight and FinOps discipline
  • Security questionnaire handling included (typical scope 2-4 customer questionnaires per quarter; higher volumes scoped separately as a sprint). I run them; your engineers stay on product.
  • Executive communication and board reporting

Expanded tier

Executive Retainer

70-120K DKK/month

When nobody in the company owns the full risk across IT, security, and AI governance, and it shows in board conversations, audit findings, or vendor reviews. Broader scope for larger growing companies, PE-backed, or running several compliance programmes at once. Board-prep blocks and quarterly strategic reviews included.

What 90 days produces

  • Month 1: Baseline gap report against your primary framework (ISO 27001, SOC 2, NIS2, or EU AI Act per scope) with named owners for every control area, plus a sequenced 6-month roadmap.
  • Month 2: Security questionnaire answer library covering 60-80% of typical inbound, built from your first 2-3 active questionnaires.
  • Month 3: First quarterly board-pack on IT/security/AI posture; at least one major governance decision documented (policy approval, vendor selection, AI tool acceptable-use).
  • Across all 90 days: bi-weekly leadership sessions, async availability for incidents and customer reviews, executive communication on compliance progress.

Sprint

Execution Sprint

From 50,000 DKK. Prepaid.

Defined before work starts. Fixed-fee or time-boxed. Protects the regular cadence of an ongoing retainer.

A focused execution sprint for when the objective is clear and a deadline needs concentrated capacity. Explicitly scoped upfront. Used when the work is heavier than normal cadence and shouldn't be absorbed silently into a retainer.

  • ISO 27001 or SOC 2 certification preparation and external audit coordination
  • NIS2 compliance implementation sprints
  • EU AI Act readiness and AI governance implementation
  • Cloud migration governance and security-by-design
  • Policy and documentation build-outs
  • Deadline-driven coordination (board presentations, customer audits)

Alternatives

Why not just...

There are other ways to solve this. Here's why companies at your stage tend to land here instead.

01

Hire a Big 4 or large consultancy

Expect 800,000+ DKK first-year cost for similar scope. You'll get a junior team that rotates every few weeks, generic deliverables adapted from the last client, and a sales cycle that takes longer than the actual work. The partner who pitched isn't the person who shows up.

02

Hire a full-time Head of IT & Security

115,000-130,000 DKK/month all-in for one role that covers operations and some security. IT strategy, AI governance, and board-level accountability still fall to whoever has bandwidth. Add 5-9 months from search to effective contributor. Most companies at your stage hire one of these roles and stretch them; covering all three at senior level (IT director, security lead, AI governance lead) would run an estimated 300-400K DKK/month.

03

Just buy tools and figure it out

Tools don't build strategy. They don't fill out customer security questionnaires. They don't talk to auditors, coach your team, or sit in the board meeting to explain your risk posture. You need human judgment and leadership to make the tools matter.

Already have internal teams?

For companies with internal IT, security, legal, finance, or engineering staff, this is not a replacement. It's outside capacity for a defined gap: a compliance programme your team doesn't have the specific depth to run, a sprint for a hard deadline, or senior oversight while you hire. The engagement ends cleanly when the gap closes.

Fit

When Accel Comply is the right fit, and when it isn't.

  • Growing Nordic B2B SaaS with enterprise pipeline pressure or regulatory triggers (ISO 27001, SOC 2, NIS2, EU AI Act)
  • Nordic mid-market PE operating partners needing diligence or portfolio IT/AI oversight
  • Growing companies where the CTO owns security by default and is drowning in it
  • Companies where one senior operator covering IT, security, and AI together is the right shape, rather than three separate specialists

Not the right fit

  • Pre-revenue or very early-stage: the retainer is too heavy for your stage right now. Download the free NIS2 scope checklist, read the articles, and reach out when you're ready. Happy to help when the model fits.
  • Looking for full-time employee placement. I'm a fractional operator, not a headhunter
  • Looking for hands-on penetration testing, SOC operations, or audit opinion letters. Those need specialist firms
  • Wanting pure compliance paperwork without the strategy and execution piece. A Big 4 shop or tool-only platform will be cheaper

Standard commercial terms

Engagement terms at a glance.

The full Master Services Agreement, Data Processing Addendum, and professional indemnity certificate are shared on request before any SOW signs. Engagement-specific terms are agreed in the SOW itself; the positions below are the defaults.

  • Professional indemnity cover

    Professional liability insurance: DKK 5M as standard. Higher limits can be requested for relevant engagements, subject to insurer approval and agreed scope. Certificate, carrier, and territorial scope shared before SOW signs.

  • Liability cap

    The greater of fees paid in the prior 12 months or a value agreed in the SOW.

  • IP ownership

    All deliverables and work product are yours. Accel Comply retains the right to use anonymised methodology for future engagements.

  • Notice period

    30 days after the initial quarterly commitment. No multi-year lock-ins.

  • Sub-processors and continuity

    Sub-processors run under general authorisation, with prior notice and a right to object. Current list: HubSpot, Vercel, Google Analytics, Google Ads, LinkedIn (jurisdictions and transfer mechanisms in DPA Annex 2). Continuity is best-effort by default: your artefacts stay in your tenancy, I respond async during planned absences, and escalation paths sit in the SOW. Retainers do not include 24/7 coverage. Optional Continuity-Assured cover (+20%) names a Nordic peer CIO/CISO at signature, with a one-business-day response, a five-business-day takeover, and automatic pro-rata credit if I am out more than 10 business days in any 90-day window.

Already a client?

Existing retainer clients adding new scope.

On a Standard or Executive Retainer with a new trigger, here is where each usually lands. AI governance is in scope on the Standard Retainer, absorbed in the existing cadence at no extra cost. NIS2 implementation runs as an Execution Sprint alongside the retainer when it needs concentrated capacity. Cloud Cost Review is a standalone attach (25/50/100K DKK, with the 2x-savings-or-refund guarantee). In-scope additions need no new scoping call; sprint adds are scoped in your next bi-weekly session.

PE / Portfolio rollout

For PE operating partners running portfolio engagements.

When the engagement spans 4 or more portfolio companies, the commercial structure changes. One master service agreement at the fund level with per-engagement letters at portco level. Your IC reads one document. Your portcos onboard fast. Each portco still has one named operator who scopes, plans, and executes.

  • Master service agreement at fund level

    Fund-level MSA covers the commercial framework, governance, insurance, and continuity terms across the relationship. Per-portco engagement letters cover scope, schedule, and named operator. One paper trail for your IC; minimal repetition at portco level.

  • Portfolio pricing bands

    4-6 active portfolio engagements: 15% off published Standard / Executive Retainer rates. 8 or more active engagements: 20% off. Discount applied via fund-level service credit (not per-portco rate concession), preserving transparent list pricing at portco level.

  • Capacity through named-peer co-delivery

    At 4 or more concurrent portfolio engagements, named Nordic peer fractional CIO / CISO / CTOs are introduced into specific portcos at fund discretion. Engagement-level continuity is preserved: each portco still has one named operator who scopes, plans, and executes. The fund knows which named operator is on which portco at all times.

  • Pre-transaction Diligence Sprint

    Buy-side IT / security / AI diligence sprint at 250-350K DKK fixed. Used at LOI stage or immediately post-LOI for portfolio-fit assessment. Output: readiness heatmap, prioritised first-100-day plan, named-owner allocation. Survives transition into post-close engagement when appropriate.

Talk through portfolio fit

Operating partners book a 30-minute orientation call separate from per-portco scoping. I walk through portfolio fit, named-operator allocation logic, and proposed framework structure. No pitch, no obligation.

Book a scoping call

Reference credit

Happy with the work? Be a reference, get a service credit.

If you're willing to take 2-3 short reference calls a year for 18 months after our engagement ends, you get a 5,000 DKK credit against any future work with me (assessment, sprint, or retainer). Entirely optional, discussed at engagement close (never before). The arrangement is always disclosed when I use the reference.

Disclosure applies per Danish Markedsføringsloven and EU UCP Directive. Transparent list pricing is preserved. This is a credit, not a discount off headline rates.

FAQ

Common questions about pricing and services.

What if the assessment doesn't reveal anything useful?
Fixed fee means you know the cost upfront regardless of what I find. If there's nothing to fix, you get documented confirmation that your posture is solid. Useful for customer reviews and board conversations.
Can I start with a smaller engagement?
The assessments are the smallest engagements. Each is a low-risk entry point: fixed scope, fixed price, clear deliverables, and a decision point at the end where you choose what happens next. No obligation to continue.
What's included in the monthly retainer?
IT, security, compliance, cloud, and AI governance under one named operator. Bi-weekly leadership sessions plus async availability. Security questionnaire handling included (typically 2-4 per quarter; higher volumes scoped as a sprint). Executive and board communication included. Scope and fee are agreed in the scoping call. The Executive Retainer (70-120K DKK/month) adds broader scope for companies running several compliance programmes at once or PE-backed reporting.
How long do most retainer relationships last?
Typically 6-18 months. The goal is to build your team's capability, not create dependency. Two common shapes: a bridge-to-hire of 4-9 months when you have a Head of IT & Security hire planned (covers the gap, hands off documentation, runs month-to-month after the first quarter, ends cleanly when your hire starts); or an ongoing model of 12-24 months when a full-time hire is not the plan yet.
How does the Cloud Cost Review 2x-savings-or-refund guarantee work?
The review targets at least 2x its fee in savings you can verify against your own billing exports (Azure Cost Management, AWS Cost & Usage Reports, GCP Billing), using the FinOps Foundation method: right-sizing, reserved-instance and savings-plan optimisation, storage review, shadow resources, and tagging gaps. If the savings I can evidence against your bill come to less than 2x the fee, I refund the difference. The full method is shared on request before you buy.
We're PE-backed and on an exit track. How does this engagement read at diligence?
On buy-side IT/security/compliance diligence it reads as governance infrastructure: board-pack ready, controls documented, vendor inventory current, AI policy in place, named-operator accountability on the org chart. It shows up as named external senior leadership and survives the handoff to an acquirer. A typical pre-transaction retainer runs 18-24 months. For multi-portco rollout, see the PE / Portfolio section above.
How do I defend the spend internally to a CFO who wasn't in the room?
Three numbers your CFO can verify: recovered leadership-capacity (40-60 hours/month of senior-leader time freed from compliance/security work, valued at the loaded cost of your VP Eng or CTO); deal-protection (one stalled enterprise deal at DKK 1-2M ARR unblocked typically pays the retainer for the year); hire-deferral (Standard Retainer 40-75K/mo vs full-time Head of IT & Security 115-130K all-in plus 5-9 months hire timeline plus 22-25% recruiter fee). The scoping call produces these numbers tailored to your situation.
Can I speak to a current or past client before committing?
Yes. Most current clients are under NDA, so full case citations are not public. Reference calls under NDA are available on request, before or after the scoping call. I match you with a reference whose situation most closely mirrors yours.
Do you have a reference program?
Yes, and it's a credit, not a discount. If after our engagement you'll be a named reference (2-3 short calls a year for 18 months), you get a 5,000 DKK credit against any future work with me. Always discussed at close, never before, and disclosed whenever I use the reference. The price on the work itself doesn't move.
Are we a provider or a deployer under the EU AI Act?
Most growing companies are both. You're a deployer for the AI tools your staff use (ChatGPT, Copilot, and similar) and a provider for any AI feature you ship to customers under your own name. Calling an API to OpenAI for an internal task makes you a deployer. Embedding that same API call in a customer-facing product feature makes you a provider for that feature. The provider role carries the heavier compliance obligations, so that's usually where to focus first. I work out which role applies where in the EU AI Act scoping conversation.

Next step

Not sure which engagement fits?

Book a 30-minute scoping call and I'll help you work out the right starting point.

Book a scoping call