Frequently Asked Questions

 
 

How do our consulting projects work and what can you expect from the process?

Have Other Questions? Contact Us »

 

how do your fixed price projects work?

We have literally done hundreds of consulting engagements over the last decade, so we know the level of effort it takes to bring a project to a successful conclusion within a specified timeframe. We start by discussing the current state of your program, what work you want to get done, what existing work can be leveraged to accelerate the engagement, etc. We pull all these details together and define the scope of the engagement.

What if we discover that the scope was not accurate?

In each proposal, we lay out how we have arrived at the scope — what activities, business units, products and services, etc. We also identify areas where we suspect there may be greater issues lurking and we build in some “wiggle room” in the scope to account for that. Because we have done so many of these projects, we are confident that our estimates are realistic, however we always assume there may be as much as 10-20% “wiggle room” in terms of time and effort, and we absorb the risk of that potential overage.

Occasionally the scope of a project is discovered to be beyond even our best estimates, so we have regular check-ins with you to see where things are and whether the project has uncovered anything that is beyond the pre-defined scope. If we need to expand the scope, our proposal and agreement will spell out how we handle such change orders and you’ll be asked to agree in advance before we embark on any expanded activities that could impact your costs.

Do you provide Security consulting (Pen tests, ethical hacking, pci audits, iso 27001 certifications, etc.)?

No, we do not provide security-related services. Privacy and Information Security have significant overlap in some areas, but security operations require technical skills that are not within the scope of the privacy-centered services we offer. We have relationships with security experts who can provide such services, and we can work in conjunction with those providers to support the privacy-related components of many security-focused audits for compliance programs like PCI-DSS, SOC 1 & 2, ISO 27001, NIST, etc.

How do your Hourly-rate projects work?

There are times when you only need assistance for very short projects, someone to sit in on some meetings and help your product team work through an issue. Sometimes you just want the comfort of having an expert “on-call” for that question about a DPA or for help in answering a customer’s risk assessment questionnaire. We offer a variety of pre-arranged retainer-base or straight hourly work on an ad hoc basis. Our “rack rate” is USD $450.00 per hour, however we can discount the rate through a retainer or minimum monthly arrangement tailored to your expectations of how much work you’ll need in a given period. So if you need assistance in ways that don’t make sense for a fixed price project, we still have ways to serve you that make your costs more predictable.

Do you provide legal advice?

In short: No. While our principal consultant is a trained attorney and practiced law for many years, we do not provide legal advice. To determine the applicability of specific laws or regulations to your organization, you are advised to seek qualified legal guidance from attorneys licensed in the specific jurisdictions in which you have questions. Our consultant’s legal background helps to ensure that your privacy-related consulting projects are aligned with the guidance you have received from your counsel, but our consultant cannot and will not provide you with legal advice.

If you don’t provide legal advice, what services are you providing?

Depending on the specific services you require, we may be able to help you assess the activities within your organization that may fall within the scope of a variety of data protection laws, making it easier (and cheaper) for you to get the answers you need from your legal counsel. Once you have been advised by counsel, we can then help you implement appropriate policies and practices based on your counsel’s guidance. We can also work with your product and engineering teams to translate those legal or regulatory requirements into product requirements, engineering specifications, or operating procedures.