Mercury Security

Advisory & Enablement Services — Menu
(v1.0, 2025)

Mercury provides targeted advisory support to organizations needing governance help beyond the fixed-scope Audit Sprint and Oversight Pack. Services are offered on a time-and-materials or package basis.

1. Procurement & Vendor Assurance

  • Supplier Security Pack Review — $5,000 (flat fee)
    • Review of vendor DPA, SOC 2, ISO 27001, and AI assurances.
    • Summary report with gaps & questions for vendor.
  • Third-Party AI Risk Briefing — $3,500
    • 1-day assessment of AI-enabled vendor solutions.
    • Includes briefing deck for procurement/legal teams.

2. Hosting & Regional DPA Reviews

  • Hosting Posture Assessment — $4,000
    • Review of cloud provider controls, data residency, and regional hosting practices.
    • Output: Hosting & Assurance Overview (PDF).
  • Regional Data Protection Add-On — $2,500 per jurisdiction
    • Gap analysis of applicable regional DPAs (e.g., EU/EEA, US state laws).

3. Subprocessor Due Diligence

  • Subprocessor List Audit — $3,000
    • Review of current subprocessors, mapping against frameworks.
    • Recommendations for vendor risk register.
  • Continuous Monitoring Setup — $6,000
    • Establish automated tracking of vendor updates (changes in hosting, ownership, certifications).

4. Governance Coaching

  • Board / Exec Briefing Session — $2,000
    • 90-min tailored session on AI governance readiness.
  • Compliance Team Workshop — $5,000
    • Half-day workshop with governance leads.
    • Covers HITL procedures, evidence logging, and escalation playbooks.

5. Custom Advisory

  • Day Rate (Senior Advisor) — $3,500/day
  • Day Rate (Specialist/Analyst) — $1,500/day

Custom engagements are scoped separately with a short addendum SOW.

6. Delivery & Terms

  • Advisory engagements are booked in minimum half-day blocks.
  • Deliverables are agreed in writing prior to kickoff.
  • Advisory is optional and does not replace the fixed deliverables in the Audit Sprint or Oversight Pack.

✅ This menu provides procurement teams with clarity on available add-ons while ensuring Mercury’s fixed-scope products remain the core offering.

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram