Transparent Pricing

One Program.
Three Tracks.

Choose the framework your customers are asking for. Pursue one or all three. Every cohort includes expert-led sessions, structured milestones, and a free 90-day immutable risk ledger trial.

New cohorts start the first Monday of every month.

Contact us for pricing and cohort availability.

ISO 27001
Readiness Standard

Ideal for: Fintech and digital asset firms, EU and global market entrants, credit union and bank vendors — any organization whose enterprise or regulated-sector customers require international security certification.

Full ISO 27001 implementation from scope through Stage 1 submission. All 93 Annex A controls addressed. Internal audit facilitated. Stage 1 package assembled and ready for your certification body.

Contact for pricing
Per organization · 90-day cohort
What's included
ISO 27001 Annex A — all 93 controls
ISMS scope, risk register, and Statement of Applicability
Internal audit facilitation
Management review support
Stage 1 submission package — assembled and reviewed
Certification body shortlist and selection guidance
Priority Slack support channel
Free immutable risk ledger trial (90 days)
Contact for more information
SOC 2 Type 2
Readiness Pro

Ideal for: B2B SaaS closing enterprise deals, fintech and credit union vendors, healthcare vendors — any organization that needs to go beyond control design and demonstrate that controls actually work over time.

SOC 2 Type 2 cohort includes the Type 2 observation period launch and an ongoing evidence framework so your CPA firm receives a clean 6-month operational story.

Contact for pricing
Per organization · 90-day cohort
What's included
SOC 2 Type 2 operational evidence framework
Type 2 observation period launch (Week 11)
Vendor / TPRM module
Change management evidence procedures
Post-cohort Type 2 monitoring check-ins (Month 6 & Month 9)
Type 2 audit preparation package
CPA firm introduction and relationship management
Free immutable risk ledger trial (90 days)

Type 2 report: Month 10–12 from cohort start

Contact for more information
⭐ Complete Bundle
ISO 27001 + SOC 2 Type 2

Ideal for: Digital asset and fintech companies facing compounding obligations (GENIUS Act, MiCA, DORA), Fortune 2000 vendors who need both US and international compliance credibility, and any organization that wants to close all compliance gaps once rather than twice.

Every framework. One cohort. ~70% of the control work overlaps — doing them sequentially costs time and money. The Complete Bundle addresses ISO 27001 and SOC 2 Type 2 in parallel, producing auditor-ready outputs from a single 90-day engagement.

Contact for pricing
Per organization · 90-day cohort
Everything in ISO 27001 + SOC 2 Type 2, combined
Cross-framework unified control library
Unified risk register feeding both ISO 27001 SoA and SOC 2 documentation
Internal audit scoped to both frameworks simultaneously
ISO 27001 Stage 1 package + SOC 2 Type 2 evidence package, delivered together
Type 2 observation period running concurrent with ISO 27001 certification timeline
Auditor relationship management for both certification body and CPA firm
Post-cohort monitoring check-ins (Month 6 & Month 9)
Dedicated BlockSkunk point of contact
Free immutable risk ledger trial (90 days)
Contact for more information

Pricing is per organization per cohort. Contact us for details and cohort availability. Audit fees charged by your chosen certification body or CPA firm are separate and not included. BlockSkunk Ready prepares you for audit — we are not the auditor.

Who Needs This

Is Audit Readiness Mandatory
for Your Industry?

For most organizations selling to enterprise or regulated sectors — yes. Here's where SOC 2 or ISO 27001 has become a hard gate, not a nice-to-have.

Effectively Mandatory
You cannot operate in these markets without it.
Segment What's Required Why It's a Hard Gate
B2B SaaS / Cloud Providers (US) SOC 2 Type 2 Enterprise procurement teams block vendors without it. Losing deals to certified competitors is the norm.
Financial Services / Fintech (EU & Global) ISO 27001 DORA (in force Jan 2025) legally requires ISO 27001-equivalent controls for EU financial entities and their ICT vendors.
Digital Asset Companies (GENIUS Act, MiCA) ISO 27001 + SOC 2 Emerging regulatory frameworks are creating hard reporting and governance obligations for stablecoin issuers, custodians, and payment providers.
Credit Unions & Banks (US) SOC 2 Type 2 NCUA/FFIEC regulations require credit unions to audit every technology vendor. Without SOC 2 Type 2, the contract never gets signed.
Contractually Required
Standard requirement in vendor questionnaires and enterprise deals.
Segment What's Required Why It Matters
Healthcare / HealthTech SOC 2 Type 2 Required in nearly every enterprise vendor questionnaire for vendors touching PHI — sits alongside HIPAA in procurement checklists.
Enterprise Tech / Fortune 500 Vendors ISO 27001 or SOC 2 Major enterprises automate vendor risk assessments — absence of ISO 27001 or SOC 2 is treated as an automatic disqualifier.
Legal / Law Firms SOC 2 or ISO 27001 Enterprise clients are writing it directly into contracts.
Strongly Expected
Not yet hard-required everywhere, but the gap is closing fast.
Segment What's Required Why It Matters
Manufacturing & Supply Chain (Global) ISO 27001 Already mandatory in EU and APAC supplier chains. Increasingly expected in North America.
MSPs / IT Service Providers SOC 2 Type 2 Any MSP connecting into enterprise environments faces SOC 2 as a standard onboarding condition.
HR Tech, Legal Tech, EdTech (PII) SOC 2 Type 2 Vendors handling sensitive user data face SOC 2 as a hard gate in enterprise procurement.
Every Cohort Includes

What You Get in
Every Track

Expert-Led Sessions

Live sessions with BlockSkunk compliance practitioners — not pre-recorded videos, not outsourced facilitators.

Policy Templates

Pre-built, auditor-tested policy and procedure templates for every required control area. Customized during the workshop, not handed over as generic documents.

Risk Ledger Trial

90-day free trial of our on-chain immutable risk ledger — your evidence stored tamper-proof from day one.

Readiness Dry Run

A mock audit walkthrough in Month 3 — so you know exactly where you stand before your real auditor arrives.

FAQ

Common Questions

Do you guarantee we'll pass our audit?
No — and any provider that does is misleading you. We prepare you thoroughly. The audit outcome depends on your auditor, your controls, and your organization's execution. What we guarantee is that you'll walk in organized, evidenced, and ready.
Are audit fees included in the price?
No. Fees charged by your certification body (for ISO 27001) or CPA firm (for SOC 2) are separate. We can recommend auditors and make introductions, but those fees are contracted directly with them.
What's the difference between the ISO 27001 track and the Complete Bundle?
The ISO 27001 track delivers your Stage 1 submission package. The Complete Bundle delivers that and your SOC 2 Type 2 track (evidence package and Type 2 observation period) — all from one 90-day cohort. If you know you'll need SOC 2 within 12 months, the Complete Bundle saves significant time and money.
How many people from our team can join?
Pricing is per organization, not per seat. We recommend 2–4 people — your compliance lead plus the team members who own specific control areas.
What if we miss sessions in the cohort?
All sessions are recorded. We recommend live attendance — the cohort dynamic and accountability is a core part of how this works.
What happens after the 90 days?
You leave with a complete evidence package and a handoff document for your auditor. The risk ledger trial extends with flexible paid options. Annual surveillance cohorts are available for ongoing readiness.
I'm not sure whether my customers will ask for SOC 2 or ISO 27001 — which track should I choose?
US-based enterprise clients almost universally ask for SOC 2. European, APAC, or regulated-sector clients typically require ISO 27001 — or both. Talk to us before you reserve — we'll tell you which one will unlock the most doors for your specific pipeline.
Next Cohort · First Monday of Next Month

Your Customers Are Already Asking.
Your Competitors Are Already Certified.

Whether it's an enterprise RFP, a credit union vendor review, or an EU client due diligence checklist — the question is the same: "Do you have SOC 2 or ISO 27001?" The next cohort is the fastest path to being able to say yes.

Contact for pricing