The full security build: Scope audit + Continuous Monitoring + Implementation Tier 2. Ends with every finding closed, the Hardening Certificate issued, and ongoing dark-web watching. Typical timeline: 2–4 weeks from purchase to certificate. Pricing: /pricing/.
Scope purchase (Implementation T2 optional upfront)
You can purchase Scope alone first and decide to add Implementation after reading findings, or purchase both together if you already know you want the full stack. Most full-stack customers purchase them sequentially.
Audit runs + monitoring trial activates
Scan finishes, audit dashboard goes live, monitoring trial clock starts (90 days included with Scope).
Findings review
Severity-ranked, with remediation steps. Use this to confirm the work scope. Tier 2 makes sense when you have 6+ findings or you specifically need compliance documentation + certificate (insurance renewal, vendor questionnaire).
Read findings →Implementation Tier 2 booking
One-time Tier 2 charge. Includes contractor-led remediation of every finding plus compliance documentation pack and signed Hardening Certificate on completion. Checkout from your customer hub or by reply to the audit-ready email. Current pricing: tier details.
How tiers work →Contractor assignment and introduction
A vetted North American contractor is assigned to your engagement. They email you their intro, review your audit, prepare a written brief, and propose session times. We never assign offshore.
How contractors are vetted →Remediation sessions
Screen-share sessions where the contractor walks you through every fix. You retain administrative control — they show you what to click, you click it. Findings get marked done and reverified per session. Between sessions, email the contractor directly for clarification.
Working between sessions →Compliance documentation assembly
Tier 2 includes a structured documentation pack: per-finding remediation log, severity-ranked closure summary, evidence package suitable for cyber-insurance applications and vendor security questionnaires.
Hardening Certificate issuance
Your engagement lead signs the dated Hardening Certificate. It names your company, lists which findings were remediated, and attests to reverification. You receive it by email + the audit dashboard shows the certificate-issued state.
About the Hardening Certificate →Monitoring handover
With every finding closed, the focus shifts to detecting new exposures. Monitoring (now in your paid period if your trial expired during Implementation) alerts on any new credential leak, breach mention, or impersonation registration affecting your domain.
How monitoring alerts work →Insurance renewal or vendor review
This is where the certificate earns its keep. Share read-only access with your insurance broker / CPA / compliance reviewer (see "anytime" features below). Most cyber-insurance underwriters want documentation dated within the last 12 months.
Recertification cycle
The Hardening Certificate doesn't formally expire, but it's dated. Insurance underwriters typically want one less than 12 months old. Run a fresh Scope audit + an abbreviated Implementation cycle to refresh.
After your engagement closes →Other things you can do anytime
Available throughout the full-stack lifecycle.
Share evidence with an outside reviewer
Generate a time-limited read-only link for your insurance broker, CPA, SOC 2 auditor, or your enterprise client's vendor-security team.
Share with a reviewer →Download PDF reports
Executive summary, technical report, compliance evidence package — anytime from the audit dashboard.
Download reports →Request a different contractor
Schedule conflict, communication mismatch, technical fit — email support and we reassign without delay.
Contractor info →