Skip to content
BastionSec
Contact us
Pricing

Clear pricing, no surprises. What you pay and why.

From + ranges for every path. A fixed price for the tool. SOC 2 and enterprise on request. Here, transparency is a trust signal, not a flyer.

Contact us

Why not a flat price list

Real price depends on how ready you already are. So we give honest anchors, 'from' and ranges, and the exact figure after a first conversation. Hiding prices is a tactic; showing them honestly is a choice.

The packages

Four paths. Under each column, the honest timeline where relevant.

Pentest / Audit

from + range

For those who must prove security or unblock a deal.

  • Vulnerability assessment / penetration test
  • Report with findings, remediation and retest

Project / add-on

Request a pentest
Most chosen

Compliance (ISO 27001)

range: 3-6 months prep given adequate readiness

Startups and SMEs serving EU clients.

  • ISMS, SoA on Annex A, policies
  • Support through Stage 1 / Stage 2 audit
  • 3-6 months prep → body's audit → 3-year cycle (annual surveillance)

Project + maintenance

Contact us

AI-ready (ISO 42001)

range / on request

Companies with AI in their product or bidding for EU tenders.

  • AI policy, risk & impact assessment
  • AI inventory
  • AIMS, similar to ISO 27001

Project

Check if you're AI-ready

Continuous security (Retainer)

monthly fee, tailored

For those already certified who want to keep it alive.

  • Periodic audits and pentests
  • Maintained Trust Center
  • Continuous hardening

Retainer (recurring)

Structure your retainer

SOC 2: on request

SOC 2 pricing depends on scope (chosen Trust Services Criteria, Type I or Type II) and on who signs the report (the CPA, not us). Type II requires an observation period (typically 3-12 months): that's why we don't quote a flat number. We build it with you after a first conversation.

Talk to us

Metadata scrubbing: fixed price

~€100/month

A SaaS tool that strips metadata from your documents before they leave. Public, fixed price, no quote needed.

What it does NOT do: it isn't 'forensic sanitization' and isn't GDPR anonymization: it removes metadata, it doesn't make data anonymous under the law.

Try the tool

With a certification, your insurance premium can drop. We facilitate the path (we're not insurance brokers): it's a benefit, not the product.

Not sure where to start? Let's check together.

What do you need?

Indicative result. We give the exact figure after a first conversation.

How we get to the final price

  1. 1

    First conversation

    We figure out where you are, what you need and real timing.

  2. 2

    Proposal

    Scope and a fixed price for your case.

  3. 3

    Kickoff

    We start.

We don't give away the consulting: the real work starts at kickoff, with a clear proposal.

Pricing FAQ

What does ISO 27001 really cost?

It depends on the scope and how ready you already are. We give an honest range and the exact figure after a first conversation. Preparation is typically 3-6 months given adequate readiness, then the body's audit and a 3-year cycle.

Why is SOC 2 'on request'?

Because pricing depends on the chosen Trust Services Criteria, the Type (I or II) and on who signs the report: the CPA, not us. Type II requires an observation period (typically 3-12 months): a flat number would be fake.

Are you cheaper than Vanta/Drata?

We don't aim to be the cheapest, but the most efficient: AI lets us work faster, and that saving shows up in the price, without cutting quality.

What's included in the pentest price?

A vulnerability assessment or penetration test, a report with findings and remediation guidance, and the retest to verify the fixes. It's our most verifiable work.

Want a price for your case?

Write to us and we'll figure out together what you actually need, then give you a fixed price.

Contact us