An auditor or investor asks for your policy set — and you’ve got a folder of half-finished Google Docs.
Your current policies reviewed against the suite a software company actually needs, the gaps rated by risk, and a board-ready set mapped to how you work — with a rollout plan, delivered in about a week.
✓ Money-back guarantee. Fixed scope, fixed fee · report in about a week · Enterprise (multi-entity) scoped on a call.
Standard is a fixed price you buy directly. Enterprise covers multiple entities and hands-on rollout, scoped on a short call.
✓ Money-back if you’re not happy
You share access and context; we agree the scope in writing before any work starts.
We assess against the rules that actually apply to you and pinpoint every gap.
A written report: findings, a scored rating and a prioritised fix-first roadmap.
We talk through the findings, the priorities and your questions.
The report, roadmap and relevant kit templates — plus a review a month on.
Where it helps, we run the engagement in a shared Slack or Microsoft Teams channel — so questions and hand-offs happen where your team already works. Available on Enterprise and retained engagements; correspondence on our side stays on Proton.
A written, board-ready report — score, findings rated by risk and effort, and a fix-first roadmap you can act on. Plus the relevant kit templates and a walkthrough call.
Representative layout · real sample on request
The review, the gap list and a board-ready set mapped to ISO 27001 and SOC 2 — mapped to how you work — as a fixed €2,500, in about a week. Money-back if you’re not happy.
Handled directly by a senior compliance and contracts practitioner with 15 years across contracts, GDPR, IP and the EU AI Act — 10,000+ contracts and corporate documents reviewed, 1,000+ deals across the table, both sides of M&A, and a recent USD 40M+ software exit, expertly managed.
Want the DIY version first? The Internal Policies Pack — the same substance, done yourself for a fraction of the price.
See the kitLimits — 15 documents in, deep redlines on 5. Not included — writing new policies from scratch (that's the Internal Policies Pack).
Pick the one that matches where you are — each stands alone, buy in any order or on its own. Your team does the work with our templates; that’s why this costs a fraction of a consultancy.
Yes — that’s the starting point. We review what you have against the suite a software company needs, tell you what’s missing, outdated or unenforceable, and fill the gaps with a coherent, board-ready set.
The set is mapped to ISO 27001 and SOC 2, and the rollout plan is built to evidence approval and adoption — which is what auditors actually test.
No. This is a fixed-scope commercial compliance assessment — structured information and expert analysis of your posture — not legal advice, a formal legal opinion, or representation before a regulator. It’s run by a senior practitioner; no lawyer–client relationship or privilege is created, and Xprofesso LLC is not a law firm.
What we’ll do: assess your setup against the policy set procurement and investors expect, score it, and hand you a prioritised, fix-first roadmap plus the templates to close the gaps — where you stand, and what to do next.
What we won’t: give jurisdiction-specific employment-law opinions, handle HR casework, act for you before a supervisory authority or regulator, or give an opinion on whether a measure is legally sufficient under a specific law. Where you need a regulated professional, we say so and point you to a licensed lawyer.
Money-back guarantee — if you’re not happy with what you receive, you don’t pay.