Skip to content
Services & Pricing

Fixed scope, fixed fee, agreed before you sign.

Three entry-point assessments. Two retainer tiers. Execution sprints when you need focused delivery. All prices in DKK, excluding VAT.

Fast Track

10 business days

Questionnaire-Unlock Sprint

45,000 DKK. Fixed fee.

A targeted sprint for one specific situation: an enterprise deal stalled on a customer security questionnaire and your CTO is losing weekends trying to answer it. You forward the questionnaire, I draft answers with an evidence library you keep, your CTO reviews, we send it back. The same library answers the next one in hours instead of days.

  • Review of up to 2 customer security questionnaires (SIG Lite, CAIQ, custom)
  • Drafted answers with source evidence mapped to your existing controls
  • Reusable evidence library (Notion or your platform of choice)
  • One working session with your sales team on how to handle the next one

Not a replacement for ISO 27001 or SOC 2. Not an audit. Not pen testing. If the questionnaire reveals gaps, those are fixed under a separate engagement.

Entry point

Readiness Assessments

Fixed fee: 25-35,000 DKK

5-10 business days depending on assessment type. Billed 100% upfront.

Three fixed-fee assessments with defined scope, chosen by what's driving the urgency. Each delivers a written report, a prioritised 90-day plan, and a go/no-go decision point you can act on. Readiness assessments are advisory. Certification audits are conducted by an accredited certification body.

Backed by a guarantee

Cloud Cost Review carries a 2x-savings-or-refund guarantee.

  • ISO 27001 / SOC 2 Readiness Assessment: 25-35K DKK, 5-7 business days
  • Cloud Cost Review: 25/50/100K DKK tiered by cloud spend, 5-10 business days, 2x-savings-or-refund guarantee
  • AI Governance Review: 25-30K DKK, 5-7 business days, covers EU AI Act deployer gap analysis and a prioritised readiness plan
  • Written report with prioritised remediation roadmap and named owners
  • Executive briefing you can present to your board
  • Clear go/no-go decision point before any ongoing commitment

Ongoing

Standard Retainer

Typical engagements 195-225K DKK/quarter

90-day initial term. Quarterly commitment preferred, with 10% discount for prepaid quarters. Monthly billing available. Renewal is your call at each quarter end.

Senior leadership covering IT governance, security, compliance, cloud oversight, AI governance, and executive reporting. Bi-weekly sessions plus async availability. This is not a help desk. It's a named senior operator who knows your business, sits in your leadership conversations, and makes sure the right things actually happen. Exact scope and fee are agreed in the scoping call.

  • Single point of accountability across IT strategy, security, compliance, cloud, and AI governance
  • Compliance programme management (ISO 27001, SOC 2, NIS2, EU AI Act)
  • Cloud oversight and FinOps discipline
  • Security questionnaire handling included (typical scope 2-4 customer questionnaires per quarter; higher volumes scoped separately as a sprint). I run them; your engineers stay on product.
  • Executive communication and board reporting
  • Executive Retainer tier (255-360K DKK/quarter) for companies with multiple concurrent compliance programs, consolidating multi-vendor advisory spend, top-of-ICP (200-250 staff), or PE-backed with investor-grade reporting

What 90 days produces

  • Month 1: Baseline gap report against your primary framework (ISO 27001, SOC 2, NIS2, or EU AI Act per scope) with named owners for every control area, plus a sequenced 6-month roadmap.
  • Month 2: Security questionnaire answer library covering 60-70% of typical inbound, built from your first 2-3 active questionnaires.
  • Month 3: First quarterly board-pack on IT/security/AI posture; at least one major governance decision documented (policy approval, vendor selection, AI tool acceptable-use).
  • Across all 90 days: bi-weekly leadership sessions, async availability for incidents and customer reviews, executive communication on compliance progress.

Sprint

Execution Sprint

From 50,000 DKK. Prepaid.

Defined before work starts. Fixed-fee or time-boxed. Protects the regular cadence of an ongoing retainer.

A focused execution sprint for when the objective is clear and a deadline needs concentrated capacity. Explicitly scoped upfront. Used when the work is heavier than normal cadence and shouldn't be absorbed silently into a retainer.

  • ISO 27001 or SOC 2 certification preparation and external audit coordination
  • NIS2 compliance implementation sprints
  • EU AI Act readiness and AI governance implementation
  • Cloud migration governance and security-by-design
  • Policy and documentation build-outs
  • Deadline-driven coordination (board presentations, customer audits)

Alternatives

Why not just...

There are other ways to solve this. Here's why companies at your stage tend to land here instead.

01

Hire a Big 4 or large consultancy

Expect 800,000+ DKK first-year cost for similar scope. You'll get a junior team that rotates every few weeks, generic deliverables adapted from the last client, and a sales cycle that takes longer than the actual work. The partner who pitched isn't the person who shows up.

02

Hire a full-time Head of Security

115,000-130,000 DKK/month all-in (base, pension, holiday, bonus, employer overhead). Add 5-9 months from search start to effective contributor. And if your company is 50-150 people, you might not have enough sustained security work to justify a full-time senior hire yet. You end up overpaying for capacity you don't fully use.

03

Just buy tools and figure it out

Tools don't build strategy. They don't fill out customer security questionnaires. They don't talk to auditors, coach your team, or sit in the board meeting to explain your risk posture. You need human judgment and leadership to make the tools matter.

Fit

When Accel Comply is the right fit, and when it isn't.

  • 40-250 staff Nordic B2B SaaS with enterprise pipeline pressure or regulatory triggers (ISO 27001, SOC 2, NIS2, EU AI Act)
  • Nordic mid-market PE operating partners needing diligence or portfolio IT/AI oversight
  • Growing companies where the CTO owns security by default and is drowning in it
  • Companies where one senior operator covering IT, security, and AI together is the right shape, rather than three separate specialists

Not the right fit

  • Under 40 staff and pre-revenue. The retainer is too heavy for your stage; read the articles and return later
  • Looking for full-time employee placement. I'm a non-full-time operator, not a headhunter
  • Looking for hands-on penetration testing, SOC operations, or audit opinion letters. Those need specialist firms
  • Wanting pure compliance paperwork without the strategy and execution piece. A Big 4 shop or tool-only platform will be cheaper

Standard commercial terms

Engagement terms at a glance.

The full Master Services Agreement, Data Processing Addendum, and professional indemnity certificate are shared on request before any SOW signs. Engagement-specific terms are agreed in the SOW itself; the positions below are the defaults.

  • Professional indemnity cover

    DKK 5,000,000 base coverage; scalable to 10-15M for engagements requiring higher limits (PE-backed, regulated sectors, single engagements with enterprise pipeline above DKK 5M ARR-at-risk). Certificate, carrier, and territorial scope shared before SOW signs.

  • Liability cap

    The greater of fees paid in the prior 12 months or a value agreed in the SOW.

  • IP ownership

    All deliverables and work product are yours. Accel Comply retains the right to use anonymised methodology for future engagements.

  • Notice period

    30 days after the initial quarterly commitment. No multi-year lock-ins.

  • Sub-processors and continuity

    No sub-processors engaged without your written approval. Default continuity is best-effort: artefacts in your tenancy from day one, async response during planned absences, escalation paths in the SOW. Optional Continuity-Assured cover (+20% on retainer fee) names a peer fractional CIO/CISO from the Nordic network at signature with a written cover arrangement, 1 business day response SLA, 5 business days takeover SLA, automatic pro-rata service credit if I'm out more than 10 business days in any 90-day window. Most engagements run on default cover; the add-on is selected at scoping when formal SLA matters. Retainers do not commit to 24/7 coverage.

Already a client?

Existing retainer clients adding new scope.

If you're on a Standard or Executive Retainer and a new trigger has emerged, here's where each typically lands. AI governance is in scope on Standard Retainer (no extra cost; absorbed in the existing cadence). NIS2 implementation runs as an Execution Sprint alongside the retainer when the work needs concentrated capacity beyond normal hours. Cloud Cost Review is available as a standalone attach (25/50/100K DKK with the 2x-savings-or-refund guarantee). Customer AI Readiness Sprint covers EU AI Act deployer obligations when an enterprise customer asks for the policy stack. No new scoping call needed for in-scope additions; sprint adds are scoped in your next bi-weekly session.

PE / Portfolio rollout

For PE operating partners running portfolio engagements.

When the engagement spans 4 or more portfolio companies, the commercial structure changes. One master service agreement at the fund level with per-engagement letters at portco level. Your IC reads one document. Your portcos onboard fast. Each portco still has one named operator who scopes, plans, and executes.

  • Master service agreement at fund level

    Fund-level MSA covers the commercial framework, governance, insurance, and continuity terms across the relationship. Per-portco engagement letters cover scope, schedule, and named operator. One paper trail for your IC; minimal repetition at portco level.

  • Portfolio pricing bands

    4-6 active portfolio engagements: 15% off published Standard / Executive Retainer rates. 8 or more active engagements: 20% off. Discount applied via fund-level service credit (not per-portco rate concession), preserving published-list integrity at portco level.

  • Capacity through named-peer co-delivery

    At 4 or more concurrent portfolio engagements, named Nordic peer fractional CIO / CISO / CTOs are introduced into specific portcos at fund discretion. Engagement-level continuity is preserved: each portco still has one named operator who scopes, plans, and executes. The fund knows which named operator is on which portco at all times.

  • Pre-transaction Diligence Sprint

    Buy-side IT / security / AI diligence sprint at 250-350K DKK fixed. Used at LOI stage or immediately post-LOI for portfolio-fit assessment. Output: readiness heatmap, prioritised first-100-day plan, named-owner allocation. Survives transition into post-close engagement when appropriate.

Talk through portfolio fit

Operating partners book a 30-minute orientation call separate from per-portco scoping. I walk through portfolio fit, named-operator allocation logic, and proposed framework structure. No pitch, no obligation.

Book a scoping call

Reference credit

Happy with the work? Be a reference, get a service credit.

If you're willing to take 2-3 short reference calls a year for 18 months after our engagement ends, you get a 5,000 DKK credit against any future work with me (assessment, sprint, or retainer). Entirely optional, discussed at engagement close (never before). The arrangement is always disclosed when I use the reference.

Disclosure applies per Danish Markedsforingsloven and EU UCP Directive. Price anchors stay intact. This is a credit, not a discount off headline rates.

FAQ

Common questions about pricing and services.

What if the assessment doesn't reveal anything useful?
Fixed fee means you know the cost upfront regardless of what I find. If there's nothing to fix, you get documented confirmation that your posture is solid. Useful for customer reviews and board conversations.
Can I start with a smaller engagement?
The assessments are the smallest engagements. Each is a low-risk entry point: fixed scope, fixed price, clear deliverables, and a decision point at the end where you choose what happens next. No obligation to continue.
What's included in the monthly retainer?
IT, security, compliance, cloud, and AI governance under a single named operator. Bi-weekly leadership sessions plus async availability. Security questionnaire handling included (typical scope 2-4 per quarter; higher volumes scoped separately as a sprint). Executive and board communication included. Standard Retainer scope and fee are agreed in the scoping call. Executive Retainer covers broader scope for companies running multiple concurrent compliance programs (ISO 27001 + SOC 2 + NIS2 simultaneously), consolidating ad-hoc IT/security/AI advisory spend across multiple vendors, top-of-ICP scale (200-250 staff), or PE-backed engagements with investor-grade reporting. Typical engagements 255-285K DKK/quarter, expanded engagements up to 360K DKK/quarter.
How long do most retainer relationships last?
Typically 6-18 months. The goal is to build your team's capability, not create dependency. Two common shapes: a bridge-to-hire engagement of 4-9 months for companies with a Head of Security/Compliance hire planned (covers the gap, includes documentation handoff, onboarding briefing, and optional final-round interview participation; runs month-to-month after the initial quarter with 30 days' notice to terminate, ends cleanly when your hire starts, no extension pressure); or an ongoing operating model of 12-24 months for companies that don't plan to hire full-time at this stage.
How does the Cloud Cost Review 2x-savings-or-refund guarantee work?
Savings target is committed-savings opportunities identified within 90 days of engagement close, verified against your provider's own billing exports (Azure Cost Management, AWS Cost & Usage Reports, GCP Billing). Methodology aligns with FinOps Foundation framework: shadow-resource detection, right-sizing analysis, reserved instance/savings plan optimisation, storage class review, and tagging gaps. If committed-savings opportunities found are less than 2x the engagement fee, the difference is refunded. Tooling and methodology disclosure available on request before purchase.
We're PE-backed and on an exit track. How does this engagement read at diligence?
On a buy-side IT/security/compliance diligence, the engagement is governance infrastructure: board-pack ready, controls documented, vendor inventory current, AI policy in place, named-operator accountability on the org chart. Engagement appears as named external senior leadership; survives transition to acquirer with documented handoff. Typical retainer covering pre-transaction cycle is 18-24 months. For PE operating partners running portfolio rollout (multi-portco), see the dedicated PE / Portfolio rollout section above: fund-level MSA, portfolio pricing bands (15% off at 4-6 engagements, 20% at 8+), named-peer co-delivery, and the buy-side Diligence Sprint.
How do I defend the spend internally to a CFO who wasn't in the room?
Three numbers your CFO can verify: recovered leadership-capacity (40-60 hours/month of senior-leader time freed from compliance/security work, valued at the loaded cost of your VP Eng or CTO); deal-protection (one stalled enterprise deal at DKK 1-2M ARR unblocked typically pays the retainer for the year); hire-deferral (Standard Retainer 65-75K/mo vs full-time Head of Security 115-130K all-in plus 5-9 months hire timeline plus 22-25% recruiter fee). The scoping call produces these numbers tailored to your situation.
Can I speak to a current or past client before committing?
Yes. Most current clients are under NDA, so full case citations are not public. Reference calls under NDA are available on request, before or after the scoping call. I match you with a reference whose situation most closely mirrors yours.
Do you have a reference program?
Yes. It's a credit, not a discount. If after our engagement you're willing to be a named reference (2-3 short calls a year for 18 months), you get a 5,000 DKK service credit against any future engagement with me. Always discussed at engagement close, never before, and always disclosed when I use the reference, per Danish and EU marketing rules. Full price on the work itself is non-negotiable.

Next step

Not sure which engagement fits?

Book a 30-minute scoping call and I'll help you work out the right starting point.

Book a scoping call