← All assessments
For teams standing up governance for SOC 2, ISO or a raise · fixed-fee assessment

The policy set an auditor or investor expects.

An auditor or investor asks for your policy set — and you’ve got a folder of half-finished Google Docs.

Your current policies reviewed against the suite a software company actually needs, the gaps rated by risk, and a board-ready set mapped to how you work — with a rollout plan, delivered in about a week.

✓ Money-back guarantee. Fixed scope, fixed fee · report in about a week · Enterprise (multi-entity) scoped on a call.

What you get

Two ways to run it.

Standard is a fixed price you buy directly. Enterprise covers multiple entities and hands-on rollout, scoped on a short call.

Standard · €2,500

The policies you’re missing

  • Your current policies reviewed against the suite a software company actually needs
  • A gap list — what’s missing, outdated or unenforceable — each rated by risk
  • Your 5 priority policies marked up against the standard — the 5 that matter most
  • A rollout plan: who owns each policy, how it’s signed off and where it lives
  • A written report and a walkthrough call

Fixed scope — one company, the core policy suite · report in about a week

Buy now — €2,500

✓ Money-back if you’re not happy

Enterprise · from €4,500

Org-wide rollout

  • Everything in Standard, plus:
  • Multiple entities, products or business units
  • Hands-on rollout, training and sign-off tracking
  • Ongoing upkeep as your business and the rules change

Scoped to your estate

Book a scoping call
How it works

From access to roadmap in about a week.

How every assessment runs
01 · intake
Scope confirmed

You share access and context; we agree the scope in writing before any work starts.

02 · analysis
Classified & scored

We assess against the rules that actually apply to you and pinpoint every gap.

03 · report
Board-ready findings

A written report: findings, a scored rating and a prioritised fix-first roadmap.

04 · walkthrough
Live call

We talk through the findings, the priorities and your questions.

05 · follow-up
Yours to keep

The report, roadmap and relevant kit templates — plus a review a month on.

Working with your team

Where it helps, we run the engagement in a shared Slack or Microsoft Teams channel — so questions and hand-offs happen where your team already works. Available on Enterprise and retained engagements; correspondence on our side stays on Proton.

The deliverable

A report you can take to the board.

representative layout
Internal Policies Review

Your policy review

  • Findings & summary1 p
  • Gap listrisk-rated
  • Priority mark-upsboard-ready · ×5
  • Rollout planowner · sign-off
  • ISO 27001 / SOC 2 mappingincluded
  • Walkthrough call30 min
SCORE · Gaps foundcurrent as of July 2026

What lands in your inbox.

A written, board-ready report — score, findings rated by risk and effort, and a fix-first roadmap you can act on. Plus the relevant kit templates and a walkthrough call.

Representative layout · real sample on request

A consultant building your policy suite from scratch bills for weeks.

The review, the gap list and a board-ready set mapped to ISO 27001 and SOC 2 — mapped to how you work — as a fixed €2,500, in about a week. Money-back if you’re not happy.

Who does the work
SENIOR
SPECIALIST

Handled directly by a senior compliance and contracts practitioner with 15 years across contracts, GDPR, IP and the EU AI Act — 10,000+ contracts and corporate documents reviewed, 1,000+ deals across the table, both sides of M&A, and a recent USD 40M+ software exit, expertly managed.

Fixed scope, fixed fee, agreed up front · not legal advice · no lawyer–client relationship · reserved-market work co-delivered with admitted local counsel

Want the DIY version first? The Internal Policies Pack — the same substance, done yourself for a fraction of the price.

See the kit
Scope — what €2,500 buys, and the limits

Limits — 15 documents in, deep redlines on 5. Not included — writing new policies from scratch (that's the Internal Policies Pack).

The policy menu

Wherever you are with your policies, here’s what fits.

Pick the one that matches where you are — each stands alone, buy in any order or on its own. Your team does the work with our templates; that’s why this costs a fraction of a consultancy.

Check yourself — free
Internal Policies Gap-CheckScores your policy pack and points to the fix, free.Open ›
Get assessedyou’re here
Internal Policies Review · €2,500Up to 15 policies reviewed, 5 marked up, ISO/SOC 2 mapped.On this page
Get the documents
Internal Policies Pack · €690Thirteen board-ready policies, register and rollout playbook.Open ›
Get it done, keep it current
Fractional · Founder on CallOngoing upkeep, or a policy-set briefing call.Open ›
Questions

Before you book.

We have some policies already — is this still useful?

Yes — that’s the starting point. We review what you have against the suite a software company needs, tell you what’s missing, outdated or unenforceable, and fill the gaps with a coherent, board-ready set.

Will this satisfy a SOC 2 or ISO auditor?

The set is mapped to ISO 27001 and SOC 2, and the rollout plan is built to evidence approval and adoption — which is what auditors actually test.

Is this restricted legal advice?

No. This is a fixed-scope commercial compliance assessment — structured information and expert analysis of your posture — not legal advice, a formal legal opinion, or representation before a regulator. It’s run by a senior practitioner; no lawyer–client relationship or privilege is created, and Xprofesso LLC is not a law firm.

What we’ll do: assess your setup against the policy set procurement and investors expect, score it, and hand you a prioritised, fix-first roadmap plus the templates to close the gaps — where you stand, and what to do next.

What we won’t: give jurisdiction-specific employment-law opinions, handle HR casework, act for you before a supervisory authority or regulator, or give an opinion on whether a measure is legally sufficient under a specific law. Where you need a regulated professional, we say so and point you to a licensed lawyer.

What if I’m not happy with it?

Money-back guarantee — if you’re not happy with what you receive, you don’t pay.

Hand the auditor a real policy set.