Transparent Pricing

Choose the engagement model that fits your organisation's needs. All services can be customised based on your unique environment and number of protected assets.

Quantum Resilience & Managed Estate Transformation

Pricing based on the number of Protected assets. A protected asset is a server with running applications, a container, and a repository containing source code, in your environment.

Free CBOM

Understand your current cryptographic exposure with a self-service source code scan.

Ideal for: Developers and security teams who want to understand their quantum exposure before committing to a full assessment.

£0 | €0 | $0
  • Self-Service Upload: Upload your source code through our secure portal.
  • Automated CBOM Generation: Receive a Cryptographic Bill of Materials identifying crypto usage.
  • Exposure Overview: Understand which algorithms and protocols are in use.
  • Results by Email: Get your analysis delivered to your inbox.
  • No commitment required.
Generate Free CBOM

Tier 1: Foundations

Achieve visibility and baseline compliance for medium businesses.

Ideal for: Mid-sized organisations (50-500 employees) that need a baseline assessment for board reporting or regulatory compliance.

£4,875 | €5,590 | $6,500
  • Rapid Estate Discovery: We generate a full Cryptographic Bill of Materials (CBOM) to identify cryptographic usage and dependencies in your protected assets.
  • Algorithm & Certificate Inventory: A detailed registry of your current cryptographic estate.
  • Quantum Risk Classification: Prioritising assets based on data shelf-life and "Harvest Now" risk.
  • Executive Summary & Roadmap: A strategic overview for the board.
  • Coordinated Project Delivery: A dedicated Project Coordinator to manage the assessment timeline and deliverable handovers.
  • Fully remote.
Up to 100 Protected Assets
Get Started

Tier 2: Assurance

Deep technical validation and aligned resilience strategy for large organisations.

Ideal for: Larger organisations with complex infrastructure that need a thorough audit and actionable migration plan.

£20,625 | €23,650 | $27,500
  • Full Cryptographic Audit: A comprehensive review of your cryptographic security posture, including a full Cryptographic Bill of Materials (CBOM)
  • Key Management & HSM Review: Assessing the lifecycle and storage of your most sensitive keys.
  • Protocol Configuration Audit: Review of TLS/SSH/VPN PQC-resistance across access points.
  • Findings Workshop: Collaborative technical deep-dive with your internal Security and DevOps teams.
  • Advanced Migration Roadmap: A multi-phase transition plan tailored to your specific infrastructure dependencies.
  • End-to-End Project Management: A dedicated Project Manager to lead workstreams, manage internal stakeholders, and ensure technical milestones align with regulatory deadlines.
  • Fully remote.
Up to 500 Protected Assets
Get Started

Tier 3: Transformation

Full-scale operational transition and continuous supply chain protection.

Ideal for: Enterprises with 1,000+ assets requiring hands-on implementation support and programme management.

Let's talk about your unique requirements
  • Full CBOM & Global Audit Package: Enterprise-wide visibility across all business units and third-party dependencies.
  • Periodic Validation & Governance: Scheduled re-scans to detect "shadow crypto" drift and validate ongoing PQC compliance.
  • Migration Implementation Support: Hands-on engineering assistance to integrate PQC algorithms into your CI/CD pipelines.
  • Executive & Technical Training: Bespoke workshops to upskill developers and brief the C-suite on liability.
  • Strategic Programme Management: A senior Programme Manager to oversee the entire cryptographic transformation. This includes:
    • Risk & Issue Management: Managing complex system interdependencies and migration sequencing.
    • Resource Orchestration: Aligning third-party vendors and internal departments.
    • Supply Chain Governance: Managing the PQC readiness of your critical IT service suppliers.
  • Can be on site or remote.
1,000+ Protected Assets
Contact Sales

Feature Comparison

Compare what's included in each tier to find the right fit for your organisation.

Feature Free CBOM Tier 1 Tier 2 Tier 3
Discovery & Inventory
Source Code CBOM Generation
Algorithm & Certificate Inventory
Infrastructure Scanning (Servers, Containers)
Third-Party Dependency Analysis
Risk Assessment
Quantum Risk Classification
Key Management & HSM Review
Protocol Configuration Audit (TLS/SSH/VPN)
Reporting & Strategy
Executive Summary & Roadmap
Findings Workshop
Advanced Migration Roadmap
Ongoing Support
Periodic Validation & Re-scans
Migration Implementation Support
Executive & Technical Training
Supply Chain Governance
Delivery
Dedicated Project Coordinator
Dedicated Project Manager
Senior Programme Manager
On-site Option
Protected Assets 1 repo Up to 100 Up to 500 1,000+

What We Scan

Our comprehensive scanning covers all aspects of your cryptographic estate across all tiers.

Category What We Analyse
Source Code 24 programming languages supported (see below)
Third-Party Dependencies Libraries, packages, and external dependencies referenced in your source code repositories
Linux Systems Operating system configuration and running applications on Linux servers
Windows Systems Operating system configuration and running applications on Windows servers
Containers Docker, Kubernetes, and other containerised environments
Protocol Implementations TLS, SSL, and SSH configurations across your infrastructure
Keys & Certificates Cryptographic keys, X.509 certificates, and certificate chains

Supported Programming Languages

Go
Python
C
C++
Java
JavaScript
TypeScript
C#
Rust
Ruby
PHP
Kotlin
Swift
Scala
Perl
Objective-C
Haskell
Lua
Elixir
R
Julia
Verilog
SystemVerilog
VHDL
Go
Python
C
C++
Java
JavaScript
TypeScript
C#
Rust
Ruby
PHP
Kotlin
Swift
Scala
Perl
Objective-C
Haskell
Lua
Elixir
R
Julia
Verilog
SystemVerilog
VHDL

Training Programs

Invest in your team's quantum readiness with expert-led education.

Executive Briefing

1 hour session for leadership

From £1,500

  • Up to 10 participants
  • Quantum threat overview
  • Business implications
  • Strategic planning guidance
Request Info

Technical Workshop

Half-day technical deep dive

From £3,000

  • Up to 10 participants
  • NIST standards deep dive
  • Threat modeling exercises
  • Migration planning methodology
Request Info

Auditors Training

Half-day risk assessment course

From £3,000

  • Up to 10 participants
  • Quantum threat overview
  • Audit work paper development
  • Test and risk evaluation
Request Info

Frequently Asked Questions

What happens after my free CBOM?

Your free CBOM shows what cryptographic algorithms are in your source code and which are quantum-vulnerable. It's a starting point. A Tier 1 assessment takes this further: we scan your full estate (servers, containers, certificates), analyse third-party dependencies, and deliver a prioritised migration roadmap your team can execute. Think of the free CBOM as the X-ray; a Tier 1 assessment is the full diagnosis and treatment plan.

What if my scope exceeds my tier limit?

If discovery reveals assets beyond your tier limit, we'll discuss options before proceeding — we never bill unapproved work. Typically, a small overage is accommodated within the existing engagement. For larger overages, we'll present options and agree a path forward together.

What if the Tier 1 assessment doesn't find anything?

If our Tier 1 assessment doesn't identify at least one actionable finding, we'll refund your fee. In practice, we've never encountered an organisation with zero cryptographic findings — but we stand behind our work.

What is a Protected Asset?

A Protected Asset is a server with running applications, a container, or a repository containing source code within your environment.

How long does a typical engagement take?

Tier 1 (Foundations) typically runs 2-3 weeks. Tier 2 (Assurance) comprehensive audits are 2-4 weeks. Tier 3 (Transformation) programmes are tailored to your organisation's scale and complexity.

Do you work remotely or on-site?

Tier 1 and Tier 2 engagements are delivered fully remote. Tier 3 (Transformation) can be delivered on-site or remote depending on your requirements.

Can you help with implementation?

Yes, our Tier 3: Transformation package includes migration implementation support and hands-on engineering assistance. Implementation guidance can also be provided as a separate engagement.

Do you offer discounts for non-profits?

Yes, we offer special pricing for qualifying non-profit organisations, educational institutions, and government agencies. Contact us to discuss.

What payment terms do you offer?

We typically work on a milestone-based payment schedule: 50% at project start, 50% on delivery. Tier 3 engagements have flexible terms tailored to programme milestones.

Do I need to do anything about public certificates?

Not at present. Public-facing TLS certificates will be updated by your web server vendors, network equipment manufacturers, and browser vendors as part of their standard upgrade cycles. Your action items will emerge once those ecosystem updates are available. Focus your current efforts on identifying and addressing cryptographic usage in your own applications and infrastructure.

How should we handle our current PKI solution?

This is one of the more challenging aspects of PQC migration. Your existing PKI infrastructure will need to be upgraded and all certificates re-issued with quantum-resistant algorithms. There's no way around it. The good news is that this can be planned and phased, but it does require investment in both technology upgrades and operational changes. Our assessments help you understand the scope and sequence this work appropriately.

Does your assessment provide a real-time dashboard?

No, and that's by design. Real-time dashboards showing PQC compliance status tend to create noise rather than action. Most cryptographic issues require coordinated remediation efforts that take weeks or months, not quick fixes. Constant alerts about problems you can't immediately resolve don't improve security posture — they just cause fatigue. We provide actionable reports with clear prioritisation that your teams can work through systematically.

Where do CI/CD pipeline integrations fit in?

We work with development teams, but blocking pipeline runs for PQC non-compliance isn't practical today. The reality is that most cryptographic dependencies come from third-party libraries and frameworks that your developers don't control. Vendors are still working through their own PQC upgrades. Failing builds for issues developers can't fix creates frustration without improving security. Our approach focuses on visibility and prioritised remediation plans that align with vendor timelines and business realities.

Need a Custom Solution?

Every organisation is different. Let's discuss your specific requirements and create a tailored engagement.

Contact Us