The SECURE Program
SECURE is a structured approach to security maturity built around six guiding principles that scale with your organization.
The SECURE Framework
- Strategy — Security aligned with business goals
- Education — Awareness and training for staff and leadership
- Compliance — Regulatory alignment (HIPAA, NIST CSF, SOC 2, PCI, etc.)
- Updates — Continuous oversight and risk register management
- Resilience — Incident response, vendor review, and business continuity
- Evaluation — Ongoing measurement, reporting, and executive visibility
Learn what’s included on Deliverables and how tiers map to outcomes in Foundations, Pillars, and Spire.
The SECURE Path
Start anywhere, grow over time:
- Aware — One‑time assessment and roadmap
- Foundations — Establish the essentials and quarterly reviews
- Pillars — Ongoing oversight, reporting, training, vendor & incident management
- Spire — Executive‑level leadership, resilience, and audit readiness
SECURE Aware — Intro & Annual Baseline
One‑time engagement — From $7,500
A standalone Security Risk Assessment (SRA) for immediate visibility into risks and compliance gaps. Also included annually in every tier to keep pace with business and regulatory change.
Deliverables:
- NIST CSF Security Risk Assessment (mapped to HIPAA or your framework)
- Discovery & Onboarding Questionnaire
- Prioritized Risk Register
- Executive Summary Report
- Quick Wins Checklist
SECURE Foundations — Entry‑Level Tier
From $2,000/month
Establish the essentials with policies, assessments, and a 90‑day quick wins plan; quarterly check‑ins keep progress on track.
Includes:
- Annual Security Risk Assessment (SECURE Aware)
- Policy Starter Kit
- Initial Risk Register setup (updated annually with SRA)
- Quarterly security reviews (1 hour each)
- Quick Wins implementation roadmap
SECURE Pillars — Growth Tier
From $5,000/month
Strengthen your program with ongoing oversight, structured reporting, annual training, and vendor and incident management.
Includes everything in Foundations, plus:
- Monthly risk register updates
- Fractional analyst support
- Quarterly executive reporting deck
- Annual staff training + vendor reviews
- Annual incident response tabletop exercise
- Semi‑annual board briefing deck
SECURE Spire — Executive Tier
From $12,000/month
Elevate security to an executive‑level business function with CISO leadership, enterprise resilience, and strategic alignment.
Includes everything in Pillars, plus:
- Fractional CISO engagement + board presence
- Advanced architecture reviews (cloud, network, endpoint)
- Regulatory and audit readiness (HIPAA, SOC 2, PCI, etc.)
- BC/DR planning + annual exercises
- Advanced vendor risk management
- Annual red team/penetration test coordination
- ROI and performance reporting for renewal
- Documented success case study
See Pricing for typical ranges or book a call to request a quote: https://cal.com/secvara/pre-sra
| Feature / Deliverable | SECURE Foundations | SECURE Pillars | SECURE Spire |
|---|---|---|---|
| Annual Security Risk Assessment (SECURE Aware) | ✔︎ | ✔︎ | ✔︎ |
| Policy Starter Kit (AUP, InfoSec, IR, Vendor, BCP) | ✔︎ | ✔︎ | ✔︎ |
| Discovery & Onboarding Questionnaire | ✔︎ | ✔︎ | ✔︎ |
| Risk Register | ✔︎ (initial setup, updated annually) | ✔︎ (monthly updates) | ✔︎ (strategic oversight) |
| Quarterly Security Check-Ins | ✔︎ (quarterly, 1 hour) | ✔︎ (quarterly) | ✔︎ (executive presence) |
| 90-Day Quick Wins Checklist | ✔︎ | ✔︎ | ✔︎ |
| Security Team Support | — | ✔︎ (fractional analyst hours) | ✔︎ (analysts + CISO leadership) |
| Quarterly Security Report Deck | — | ✔︎ | ✔︎ (enhanced with ROI metrics) |
| Incident Response Tabletop Exercise | — | ✔︎ (annual) | ✔︎ (annual; CISO-led) |
| Vendor Risk Review | — | ✔︎ (basic) | ✔︎ (advanced, contractual, ongoing) |
| End-User Awareness Training | — | ✔︎ (annual) | ✔︎ (customized enterprise program) |
| Board Briefing Deck | — | ✔︎ (semi-annual) | ✔︎ (executive-level reporting) |
| Advanced Security Architecture Reviews | — | — | ✔︎ (network, cloud, endpoint) |
| Regulatory & Audit Readiness | — | — | ✔︎ (HIPAA, SOC 2, PCI, others) |
| Business Continuity / Disaster Recovery (BC/DR) | — | — | ✔︎ (plans + annual exercise) |
| Red Team / Penetration Test Coordination | — | — | ✔︎ (annual; vendor-managed) |
| ROI & Performance Renewal Proposal | — | — | ✔︎ (measurable program value) |
| Case Study & Success Story | — | — | ✔︎ (documented maturity achievement) |
| Starting Price | From $2,000/month | From $5,000/month | From $12,000/month |