832-304-1850

Three Service Levels, Built Around How Regulated You Are

Every Briggs IT engagement is a monthly program, not a project — predictable pricing, no multi-year lock-in, and the same named point of contact every time. The right level for your firm depends on the rules you answer to and the protection you want. Here’s how the three compare.

How to read the

three levels

The tiers aren’t arbitrary bundles — each one is built to meet a specific level of regulatory obligation, and each builds on the one below it.

The first level is the floor: the essential security foundation that qualifies a smaller Texas firm for state safe-harbor protection. The second level adds the broader controls, training, and reporting that a larger firm — or any firm that wants more protection regardless of size — needs to meet a fuller set of frameworks. The third level adds the formal written programs, documentation, and examination-ready evidence that firms under federal regulators require.

A useful way to think about it: the lower levels keep you protected, and the higher levels prove it — in writing, to the people who can ask. And these levels are reference points, not rigid packages — we build the actual scope around what your firm already has and what you’re ready to hand off. Most firms find the right fit quickly once they’ve had a Compliance Readiness Review, because the answer comes straight from the rules that actually apply to them.

THE TIER CARDS

What you’re paying for at every level is the work, not the tools — the expertise to build and run your program, the availability to support your people, and the accountability to keep it all current and documented. Pricing is per user because that’s what drives the workload: every person is more to protect, support, and account for. Any third-party software your program needs is billed separately from the per-user price. All levels: 10-user minimum, 12-month term with a 60-day exit available after month six.

These three levels are reference points, not rigid packages. They show what a typical engagement looks like at each level of regulatory need — but every firm is different. Some already have pieces in place; some want to start with less and add over time; some need something between two levels. We build the actual scope around what your firm has, what it needs, and what you’re ready to hand off. The Compliance Readiness Review is where we figure that out together.

Safe Harbor Essential —
The compliance floor for a Texas professional firm

The essential foundation that qualifies your firm for state safe-harbor protection — set up, managed, and kept current by Briggs IT. We align you to the baseline security controls the law expects for a firm your size, keep your systems monitored and patched, make sure your data is backed up and recoverable, and give your team a direct line for support.

what this level includes:

  • We implement and manage the baseline security controls the law expects for a firm your size
  • We keep your systems monitored, patched, and protected against ransomware around the clock
  • We make sure your data is backed up and that recovery actually works
  • Your team gets a ticketing portal, a monthly health report, and business-hours support
  • A block of our remediation time is included each month
  • We visit your office quarterly

Starting at $95 per user / month

Safe Harbor Plus —
Broader protection and documented compliance

Everything we do at the Essential level, plus the deeper work a firm facing a broader set of frameworks — or simply wanting fuller protection — needs. This is where the program grows from solid security into documented, trained, and reported compliance. Many firms choose this level for the broader coverage, regardless of size.

what this level adds:

  • We align your firm to a full recognized security framework
  • We put email security and anti-phishing protection in place and manage it
  • We set up and manage identity controls — multi-factor authentication and access policies
  • We deliver security-awareness training to your staff each quarter
  • We monitor the dark web for your firm’s exposed credentials
  • We commit to faster response, and include more of our time each month
  • We deliver a written risk report and review every quarter

Starting at $175 per user / month

Safe Harbor Federal —
For firms answering to a federal regulator

Everything we do at the Plus level, plus the formal written programs and examination-ready evidence a firm under a federal regulator — the SEC, the FTC — or facing AI-governance requirements needs to demonstrate compliance. A small firm can absolutely carry this exposure; this is the level built to stand up to a federal examiner.

what this level adds

  • We build your Written Information Security Program, aligned to the FTC Safeguards Rule
  • We build your Regulation S-P incident response and customer-notification program
  • We develop your AI Acceptable Use Policy and governance documentation
  • We conduct a formal risk assessment each year and deliver a written report
  • We document your incident response plan and run an annual practice exercise with you
  • We support your vendor risk management and third-party oversight
  • We assemble your audit and examination evidence package
  • We provide our fastest response and on-call coverage for confirmed security events
  • Remediation time is unlimited, within fair use

Starting at $295 per user / month

The three levels at a glance

Same foundation underneath all three — the difference is how much regulatory weight your firm carries, and how much we document and prove.

what this level adds

Safe Harbor Essential

Starting at $95 per user / month
  • The essential foundation that qualifies your firm for state safe-harbor protection — set up, managed, and kept current by Briggs IT. We align you to the baseline security controls the law expects for a firm your size, keep your systems monitored and patched, make sure your data is backed up and recoverable, and give your team a direct line for support.
  • We implement and manage the baseline security controls the law expects for a firm your size. We keep your systems monitored, patched, and protected against ransomware around the clock. We make sure your data is backed up and that recovery actually works.
  • Your team gets a ticketing portal, a monthly health report, and business-hours support. A block of our remediation time is included each month. We visit your office quarterly.
  • Standard business-hours support and a monthly block of standard remediation time.

Safe Harbor Plus

Starting at $175 per user / month
  • Everything we do at the Essential level, plus the deeper work a firm facing a broader set of frameworks — or simply wanting fuller protection — needs. This is where the program grows from solid security into documented, trained, and reported compliance. Many firms choose this level for the broader coverage, regardless of size.
  • We align your firm to a full recognized security framework. We put email security and anti-phishing protection in place and manage it. We set up and manage identity controls — multi-factor authentication and access policies. We deliver security-awareness training to your staff each quarter.
  • We monitor the dark web for your firm’s exposed credentials. We commit to faster response, and include more of our time each month. We deliver a written risk report and review every quarter.
  • We commit to faster response, and include more of our time each month.

Safe Harbor Federal

Starting at $295 per user / month
  • Everything we do at the Plus level, plus the formal written programs and examination-ready evidence a firm under a federal regulator — the SEC, the FTC — or facing AI-governance requirements needs to demonstrate compliance. A small firm can absolutely carry this exposure; this is the level built to stand up to a federal examiner.
  • We build your Written Information Security Program, aligned to the FTC Safeguards Rule. We build your Regulation S-P incident response and customer-notification program. We develop your AI Acceptable Use Policy and governance documentation. We support your vendor risk management and third-party oversight.
  • We conduct a formal risk assessment each year and deliver a written report. We document your incident response plan and run an annual practice exercise with you. We assemble your audit and examination evidence package.
  • We provide our fastest response and on-call coverage for confirmed security events. Remediation time is unlimited, within fair use.

Not sure which column describes your firm? That’s exactly what the Compliance Readiness Review answers — we map your firm to the level the rules actually require, and build from there.

The terms, in plain language

What the price covers

Your per-user price covers the work — our expertise, management, availability, and the documentation that keeps your program current. Any third-party software your program needs is billed separately from the per-user price.

The term

Engagements run on a 12-month term, with a 60-day termination for convenience available after the sixth month. The reason for that six-month floor is straightforward: the heaviest work comes first. Setting up and deploying your program in the early months is the bulk of the effort, and the six-month minimum makes sure that front-loaded work is seen through before either side can walk. After that, termination for convenience is available — predictability and a real commitment on both sides, without a multi-year lock-in.

The user minimum

All levels start at a 10-user minimum. Pricing is per user because that’s what drives the work — every person is more to protect, support, and document.

How the engagement runs

The first few months are the heavy lift — setting up and deploying your program across the firm. That early effort is the bulk of the work, which is why the engagement carries a six-month floor before termination opens up. After that, things settle into a steady rhythm: keeping your documentation current and handling the day-to-day as it comes up. Each level includes a monthly block of our time for that ongoing work. If a month runs beyond it, the additional time is quoted and trued up — never a surprise charge. Larger one-off projects — a migration, a new office, an acquisition — are scoped and quoted on their own, separate from your monthly time.

Common questions

It’s a process, and it starts before anyone signs anything. Here’s the whole arc:
First, we gather the details — we come out and learn how your firm actually works, what systems you have, and where things stand. We don’t scope from a phone call; we look first.
Then we review your environment against the rules that apply to your firm, and we present what we found — a written report, in plain English, walking through what’s in place, what’s missing, and what it would take to close the gaps. This is the honest moment: now that we’ve looked, we can talk specifics. It’s a lot like a good repair shop — the inspection is free, but nobody quotes the out-the-door number until they’ve actually put it on the lift, because that’s the only number worth trusting.
If your environment needs prep work before we can deploy cleanly, we scope that with you — plainly, up front, before any ongoing engagement begins. Then we plan the engagement around what your firm needs, deploy your program across the firm, and document everything as we build it. From there, it settles into the ongoing rhythm: keeping your program current and handling the day-to-day.
You’ll know what’s happening at every step, and you’ll never get a surprise. The whole point is that nothing about working with us is a mystery — including what it costs and when.

You don’t have to figure that out on your own — that’s what the Review is for. The right level comes straight from the rules your firm actually answers to, and we’ll point you to it. Some firms know they’re under a federal regulator and land at Safe Harbor Federal; many start at Essential or Plus. After the Review, you’ll have a clear recommendation built on your firm’s real situation, not a guess.

Because an honest number doesn’t exist until we’ve looked. Every firm’s environment is different — some need real prep work before anything else, some are nearly ready. Quoting before the Review would mean either padding the number to be safe or lowballing to win the work, and we won’t do either. We give you a real number once we know what we’re actually dealing with. Same as that free inspection: the price comes after the look, not before.

Start with the Review

You don’t pick a level from this page — you start with the Review. It’s a working session where we look at where your firm actually stands against the rules that apply to it. Afterward, once we’ve worked through what we found, you get a written report in plain English: what’s in place, what’s missing, and the level that fits your firm. No pressure, no obligation. The report is yours to keep, whether or not you ever hire Briggs IT.