Transparent · Fixed-Fee · No Surprises

Engagement Fees &
Pricing Structure

Every Yamasuki engagement is priced as a fixed fee, agreed and confirmed before work begins. No hourly billing, no scope creep invoices, no hidden costs. What you see here is what you pay.

Fixed-fee contracts only Agreed scope before start No vendor referral fees VAT applicable at standard rate All fees in EUR
⚖️

Why fixed-fee?

Hourly billing creates misaligned incentives. We take longer, you pay more. Fixed fees force us to be efficient and reward our expertise — not our time-keeping.

📋

What's always included

Every engagement includes a written scope document, defined deliverables, named point of contact, and a final report or output suitable for board review.

🔒

What's never included

We do not charge for travel within Ireland. We do not mark up third-party tools or software. We do not earn referral fees from technology vendors. Ever.

📈

How pricing is set

Fees reflect complexity, regulatory scope, and organisation size — not hours. Larger organisations with more complex SAP or multi-jurisdiction requirements pay more. Simpler scopes pay less.

The cost of non-compliance vs. the cost of advisory

NIS2 maximum fine
€10,000,000
or 2% global annual turnover — whichever is higher
vs. a Yamasuki assessment at
€4,950
3-Day Maturity Assessment
EU AI Act maximum fine
€30,000,000
or 6% global annual turnover for prohibited AI practices
vs. a Yamasuki AI audit at
€8,500
AI Data-Flow & Privilege Audit
Full-time CISO annual cost
€150,000+
salary, benefits, recruitment, onboarding — per year
vs. Yamasuki vCISO Advisory from
€2,950/mo
Foundations Retainer
DORA contract termination
Revenue loss
if a regulated-sector client terminates your ICT contract
vs. supply chain assurance from
€9,500
DORA/NIS2 Posture Audit
How We Charge

Three Ways to
Engage Yamasuki

Whether you need a rapid one-time assessment, ongoing retained governance, or a self-serve compliance toolkit, there is a pricing tier designed for your situation and budget.

🎯
Tier 1
Fixed-Fee Projects
One-time, scoped engagements with defined deliverables and a fixed price agreed before work begins. Ideal for specific regulatory events, audits, or one-off needs.
Best for: companies responding to a specific trigger — a client questionnaire, an impending audit, or an M&A event.
Most Popular
🔄
Tier 2
Monthly Retainers
Ongoing retained advisory — a named Yamasuki specialist embedded in your organisation providing continuous compliance governance, regulatory monitoring, and board-level reporting.
Best for: companies needing a fractional CISO, ongoing DORA/NIS2 compliance maintenance, or continuous governance leadership.
📦
Tier 3
Digital Products
Packaged compliance toolkits, policy libraries, and training programmes for organisations that need structured, expert-built frameworks but prefer to manage implementation internally.
Best for: smaller companies under 100 employees, in-house compliance teams, or organisations building internal capability.
Tier 1 — Fixed-Fee Projects

Project Engagement
Fee Schedule

Every project price is fixed. Where a range is shown, the final fee is confirmed at scoping and reflects your organisation's size, regulatory scope, and technical complexity. You will never pay more than the agreed figure.

Service & Deliverables Duration Fixed Fee (excl. VAT)
3-Day Cyber Maturity Assessment
Entry point · Most popular first engagement
Board-level posture report with red/amber/green gap analysis
Regulatory gap map against DORA, NIS2 & ISO 27001
Third-party supply chain audit scope
Prioritised remediation roadmap with effort & cost estimates
Immediate
3 working days
€4,950 Fixed · all-in
DORA / NIS2 Supply Chain Posture Audit
For suppliers to regulated-sector enterprises
DORA and NIS2 contractual fidelity review
ICT third-party dependency mapping and risk ranking
Perimeter and cloud resilience validation
Client-ready evidence pack for upstream audit requests
Urgent
2 – 3 weeks
€9,500 – €14,500 Confirmed at scoping
SAP Identity & Access Governance Audit
SAP S/4HANA · EWM · GRC environments
Toxic Segregation of Duties conflict identification & remediation
SAP role architecture review and redesign blueprint
Privileged account access governance assessment
Audit-ready access control report for regulatory review
Urgent
3 – 4 weeks
€12,500 – €22,500 Scales with environment complexity
AI Data-Flow & EU AI Act Compliance Audit
For organisations deploying LLMs, RAG systems, or AI tools
AI data-flow mapping and privacy boundary enforcement assessment
Privilege escalation risk for AI-connected internal systems
EU AI Act risk classification for deployed AI systems
Data sanitisation pathway recommendations for LLM integrations
Short-term
2 – 3 weeks
€8,500 – €14,500 Confirmed at scoping
M&A Security Due Diligence
Pre-acquisition technical risk valuation
Independent technical security risk assessment and scoring
Post-merger security integration mapping and cost estimate
Technology debt and redundant licence quantification
Business continuity alignment report for combined entity
Event-driven
1 – 3 weeks
€14,500 – €28,500 Scales with deal complexity
Full DORA / NIS2 Implementation Programme
End-to-end compliance programme delivery
Full ICT risk management framework design and implementation
Policy suite, incident response, and business continuity plans
Board and management training and awareness programme
Regulatory submission support and evidence documentation
Handover to internal team or ongoing retainer transition
Programme
2 – 4 months
€28,500 – €65,000 Scoped per organisation
Board & Executive Compliance Workshop
On-site or virtual · NIS2 mandates board-level security training
Half-day or full-day facilitated workshop for exec team
Bespoke regulatory briefing pack for your sector
Personal liability briefing for directors under NIS2
Follow-up Q&A summary and action points
Recurring
Half or full day
€2,500 / €4,500 Half-day / full-day

All fees are fixed and in EUR, excluding VAT at the applicable Irish standard rate. Travel within Ireland is included. International travel, where required, is charged at cost and agreed in advance. A written engagement letter confirming scope, deliverables, and total fee is issued before any work commences.

Tier 2 — Monthly Retainers

Retained Compliance
Advisory Plans

Compliance is not a one-time project. DORA and NIS2 require continuous operational resilience, ongoing monitoring, and regular board-level reporting. Our monthly retainers embed Yamasuki into your organisation as a permanent governance function — at a fraction of the cost of a full-time hire.

Foundations
Compliance Essentials
€2,950 / month
Billed monthly · 3-month minimum · cancel with 30 days notice
Best for: 50–150 employees · important entity classification · first-time compliance programme · companies post-assessment entering remediation
What's included
  • Named compliance adviser (8 hrs/month)
  • Monthly compliance status report for board
  • Regulatory change monitoring & alerts
  • Quarterly video review call (1 hr)
  • Incident response advisory (on-call, business hours)
  • Policy maintenance — up to 5 documents/month
  • vCISO board attendance
  • SAP access governance monitoring
  • Regulatory body liaison
Advisory
Compliance Standard
€5,500 / month
Billed monthly · 3-month minimum · cancel with 30 days notice
Best for: 150–500 employees · essential or important entity · active DORA/NIS2 programme · Tier-1 supplier to regulated enterprise clients
What's included
  • Named senior compliance adviser (16 hrs/month)
  • Monthly & quarterly board reporting pack
  • Regulatory change monitoring & impact assessment
  • Monthly review call + ad hoc advisory (business hours)
  • Incident response advisory & coordination support
  • Policy maintenance — unlimited documents
  • Supply chain risk monitoring (up to 10 third parties)
  • Annual compliance health check assessment
  • vCISO board attendance & presentation
  • SAP access governance monitoring
Executive
Compliance Enterprise
€9,500 / month
Billed monthly · 3-month minimum · cancel with 30 days notice
Best for: 500–2,000 employees · essential entity · regulated-sector or critical ICT supplier · organisations requiring full vCISO function
What's included
  • Dedicated vCISO (up to 24 hrs/month, named senior adviser)
  • Board attendance & executive presentation (quarterly)
  • Full regulatory body liaison and relationship management
  • Real-time compliance monitoring & alert management
  • Incident response leadership & escalation (24/7 on-call)
  • Policy suite management — unlimited
  • Supply chain monitoring (unlimited third parties)
  • SAP access governance monitoring (where applicable)
  • ICT vendor accountability & performance validation
  • Two compliance health checks per year
💡
Retainer discount for new project clients
Clients who complete a fixed-fee project engagement first receive 15% off their first 3 months on any retainer tier. The project gives both parties the context needed to make the retainer immediately effective from day one.
Tier 3 — Digital Products

Self-Serve
Compliance Toolkits

Expert-built, immediately deployable compliance frameworks for organisations that want structured guidance and ready-made documentation without a full advisory engagement. Designed for in-house teams and smaller organisations.

Starter

DORA / NIS2 Readiness Toolkit

Everything a mid-market company needs to self-assess and begin a structured DORA/NIS2 compliance programme.

  • Self-assessment questionnaire (120 controls)
  • Gap analysis spreadsheet with traffic-light scoring
  • ICT risk register template
  • Incident response plan template
  • Board reporting template pack
  • Regulation summary reference guide
€495 / year · single organisation licence
Most Complete

EU Compliance Policy Library

A professionally authored policy suite covering DORA, NIS2, and ISO 27001 requirements, ready to customise and deploy.

  • 25+ policy templates (ISMS, ICT risk, access control, DR/BCP)
  • Supplier due diligence questionnaire pack
  • Third-party contract clause library
  • Employee awareness training slides
  • Annual review checklist
  • Quarterly update service — new templates as regulations evolve
€995 / year · single organisation licence
SAP Specific

SAP GRC Audit Preparation Kit

A structured pre-audit framework for SAP environments facing an access control or SoD compliance review.

  • SoD conflict risk matrix (standard SAP role catalogue)
  • Access control review checklist (S/4HANA focused)
  • Privileged access risk assessment template
  • Remediation tracking spreadsheet
  • Auditor Q&A preparation guide
€750 / one-time purchase
Training

Board Compliance Masterclass

A facilitated half-day or full-day session for your board and executive team covering DORA, NIS2, EU AI Act obligations, and personal director liability.

  • Sector-specific regulatory briefing
  • Personal liability walkthrough for directors (NIS2)
  • Crisis simulation exercise (tabletop)
  • Delegate briefing packs (print & digital)
  • Post-session Q&A summary report
€2,500 / half-day · €4,500 / full-day
Bundled Engagements

Multi-Service
Discount Packages

Combining services unlocks significant savings — and produces better outcomes, because each engagement builds on intelligence from the last.

Compliance Launchpad

3-Day Assessment + Supply Chain Audit

The most common starting sequence. The maturity assessment identifies your gaps; the supply chain audit validates your client-facing obligations. Delivered consecutively for maximum momentum.

Individually: €4,950 + €9,500 = €14,450

Bundle price: €12,950 — save €1,500
Regulatory Readiness Programme

Assessment + NIS2 Full Implementation + 3-Month Retainer

A complete end-to-end engagement: baseline your posture, implement the full compliance framework, then transition into ongoing retained governance. The most comprehensive route to full DORA/NIS2 compliance.

Individually: from €4,950 + €28,500 + €8,850 = €42,300

Bundle price: from €36,500 — save €5,800+
SAP & Regulatory Dual Audit

SAP IAM Audit + DORA/NIS2 Supply Chain Audit

For SAP-dependent organisations supplying regulated-sector clients, these two audits are tightly linked. Running them in parallel reduces duplication and delivers a unified remediation roadmap.

Individually: from €12,500 + €9,500 = €22,000

Bundle price: from €18,500 — save €3,500
AI Governance + DORA Compliance Bundle

AI Data-Flow Audit + Full DORA/NIS2 Implementation

For organisations deploying AI tools while simultaneously facing DORA or NIS2 obligations. The AI audit informs the compliance framework design, ensuring AI governance is embedded from day one.

Individually: from €8,500 + €28,500 = €37,000

Bundle price: from €32,000 — save €5,000
Payment Terms

How and When
We Invoice

Clear, predictable payment terms. No surprises, no ambiguity. Every engagement includes a written engagement letter before any work begins.

01

Fixed-Fee Projects (under €10,000)

100% invoiced on engagement commencement. Payment due within 14 days. Work begins upon receipt of cleared funds.

02

Fixed-Fee Projects (€10,000+)

50% invoiced on engagement commencement, 50% on delivery of final report. Both invoices due within 14 days of issue.

03

Monthly Retainers

Invoiced monthly in advance. First invoice covers the first month plus a setup fee of one month's retainer. 30 days cancellation notice after minimum term.

04

Digital Products

100% invoiced at point of purchase. Digital materials delivered within 2 working days. Annual licences auto-renew unless cancelled 30 days in advance.

05

Currency & VAT

All fees in EUR. Irish VAT at 23% for Irish clients. EU business clients supply VAT number for zero-rating. Non-EU invoices issued VAT-exempt.

06

Accepted Payment Methods

SEPA bank transfer (preferred), SWIFT international transfer, and credit card via Stripe. Online payment links included on all invoices.

Credit Card
SEPA Transfer
SWIFT / Wire
Stripe Secure
Frequently Asked Questions

Pricing
Questions Answered

The most common questions we receive about our fees, before an engagement begins.

How do you determine the final fee where a range is shown? +
Where a price range is shown, the final fixed fee is determined at a free scoping call before you commit to anything. We assess your organisation's size, technical complexity, number of regulatory frameworks in scope, SAP environment size (if applicable), and jurisdiction spread. The scoping call takes 30–45 minutes, and you receive a written engagement letter with a single fixed price within 48 hours. You never pay more than that figure, regardless of how long the work takes us.
Do you offer any flexibility for smaller companies or early-stage businesses? +
Yes. For companies under 50 employees or early-stage businesses where the 3-Day Maturity Assessment represents a significant spend, we offer a reduced introductory rate of €3,500 for a scoped version covering the two most pressing regulatory areas. This is a genuine assessment — not a cut-down one — and the full deliverable set is maintained. Please mention your company size when booking a discovery call.
What happens if the scope changes during an engagement? +
Scope changes are handled through a formal change request process. If additional work is identified that falls outside the agreed scope, we will issue a written change request detailing the additional work, fee, and timeline impact before proceeding. You will never be presented with an unexplained invoice for more than the agreed amount. In practice, our scoping calls are thorough enough that scope changes are rare.
How does Yamasuki's pricing compare to the Big Four or large consultancies? +
Large consultancies and the Big Four typically charge on a day-rate or hourly basis — commonly €300–€600 per hour for senior advisory, which means a three-week engagement can easily reach €60,000–€80,000 before travel and expenses. Our fixed-fee model delivers the same calibre of outcome at a predictable cost that reflects mid-market budgets, not enterprise billing rates. We also don't rotate junior consultants into the actual delivery — the senior specialist who scopes your engagement is the same person who delivers it.
Can I pause or reduce a retainer if my needs change? +
Yes. After the minimum 3-month term, retainers can be paused for up to 60 days (once per 12-month period) or downgraded to a lower tier with 30 days notice. We actively review retainer scope with clients every quarter and will recommend a downtier ourselves if the engagement intensity genuinely no longer justifies the current level. Our goal is a long-term relationship, not a maximum monthly invoice.
Is there a free initial consultation? +
Yes. Every engagement begins with a complimentary 30-minute discovery call. This call is not a sales presentation — it is a working session where we assess your situation, ask about your specific regulatory exposure, and determine whether and how we can help. If we can't add value, we'll tell you. If we can, you'll receive a written scope and fixed fee within 48 hours. You can book this directly through the site or by emailing contact@yamasuki.ie.
Do you work internationally, and does that affect pricing? +
Yes. We deliver engagements across the EU and internationally for organisations with EU compliance obligations. Travel within Ireland is included in all project fees. International travel is charged at cost — economy class, standard accommodation — and agreed in writing in advance. For most engagements involving clients outside Ireland, we work primarily remotely with scheduled on-site sessions only where genuinely necessary, keeping travel costs low. We do not uplift fees for international scope — the complexity of the regulatory challenge drives the fee, not the geography.

Not Sure Which Tier Is Right for You?

Book a free 30-minute scoping call. We'll assess your situation honestly and tell you exactly which engagement — if any — makes sense. No sales pressure, written scope and fee within 48 hours.