Add-On Services
Targeted enhancements to extend existing work
Add-on services provide additional coverage when a specific need comes up during a starter, anchor, or retainer engagement.
They are designed to extend an existing scope — not replace a full program or create a standalone engagement.
When Add-Ons Make Sense
Add-ons are a good fit when:
-
A specific gap is identified during an engagement
-
A customer, auditor, or partner asks for something incremental
-
Additional documentation or validation is needed
-
You want to strengthen a particular area without expanding scope unnecessarily
Add-ons are always scoped, time-bound, and attached to an existing engagement.
Common Add-Ons
Examples of commonly used add-ons include:
-
Website Compliance Pack (Privacy, Terms, Cookies, Accessibility awareness)
-
Security Incident Response Plan + Tabletop Exercise
-
Privacy Breach Response Playbook and Decision Trees
-
Deeper Data Inventory and Flow Mapping
-
Lightweight, Role-Based Security & Privacy Training
-
Data Processing Agreement (DPA) and Vendor Contract Review
Each add-on is scoped based on context and need.
What Add-Ons Are Not
To protect clarity and outcomes, add-ons do not:
-
Stand alone as independent services
-
Replace starter or anchor packages
-
Expand into ongoing or unmanaged work
-
Guarantee compliance, certification, or outcomes
-
Transfer ownership away from internal teams
If multiple add-ons are requested together, a packaged engagement is usually more effective and more cost-efficient.
How Add-Ons Are Used
Add-ons are typically used to:
-
Address issues uncovered during an assessment
-
Support a specific audit or deal requirement
-
Strengthen documentation or preparedness
-
Extend an engagement without unnecessary overhead
They are intentionally designed to stay focused and bounded.