The original post: /r/cybersecurity by /u/Low_Technology1891 on 2024-09-05 21:42:38.

so a startup wants me as a contractor to implement everything required for soc2 type 2 compliance. i have done this before in a fulltime role but not a solo contractor. obvs they have their own internal IT but they are not well versed in compliance operations and dont really have the time to go about it other than being directed by me in my capacity as a contractor. ill be able to request evidence from them to start putting things together or if evidence does not exist create some policy or tech mechanism in place to align with soc2 type 2 requirements.

here is my problem, how much do i charge for this? originally it was only going to be some soc2 type2 related artifacts policy wise, but not it spiraled into handling a full on implementation so that when they go to the real deal auditors they pass relatively quickly. essentially i am handling this from start to finish. preliminary stage, gap analysis, evidence gathering, filling in the gaps whether by directing their internal IT or creating a policy document, etc.

how much should i charge for this? how many hours would this entail?