Compliance platform · vCISO advisory · Monitoring · Helpdesk · Pentest

Your entire security program. One vendor. One number. A real human who signs his name to it.

Trustivum gives 10–100 person healthcare and AI companies everything an enterprise security review demands — the platform, the evidence, the monitoring, the ticketing, the pentest, and a 30-year practitioner as your fractional CISO. Buy the pieces you need, or the whole program for a tenth of a full-time hire.

$250–350K
Fully-loaded cost of the full-time CISO you don't need yet
≤ $59.9K/yr
The complete program, everything included
1,450+ days
Continuous uptime on infrastructure our founder built and runs
À la carte

Five pieces. Each one stands alone. Together they close the audit.

Every entry below maps to something an auditor or an enterprise security questionnaire will actually ask you for. Start with one; add the rest when the next deal demands it.

PLT-01Platform

Trustivum Compliance Platform

HIPAA & SOC 2 readiness without the enterprise-GRC price tag. Weekly evidence prompts keep you audit-ready year-round instead of panicking every twelve months.

  • Policy library with guided customization
  • Evidence vault with auditor-ready export
  • Trusty, your AI compliance guide, trained on the frameworks
  • Vendor & BAA tracking
$400–750per month, by framework count
ADV-02Advisory

Fractional CISO (vCISO)

A named security executive — not a portal. William Janness owns your risk register, runs your audit, sits in on the enterprise prospect's security review, and answers the 2 a.m. incident call.

  • Named Security Officer for HIPAA / SOC 2 programs
  • Security questionnaire & RFP response ownership
  • Quarterly board-ready security reporting
  • Audit-day representation with your assessor
$1,500–6,500per month, by tier (below)
SEN-03Monitoring

Sentry Continuous Monitoring

The appliance that watches your environment between audits. Control drift — a disabled MFA policy, an exposed bucket, an unpatched host — gets flagged the day it happens, not the day the auditor finds it.

  • Vulnerability scanning mapped to CC7.1 evidence
  • Drift alerts feed the evidence vault automatically
  • Monthly posture report, plain-English
$295–450per month, by environment size
DSK-04Helpdesk

Trustivum Desk (ITSM)

A standalone helpdesk that doubles as a compliance engine. Every access request, change approval, incident, and offboarding ticket becomes SOC 2 / HIPAA evidence automatically — the paper trail writes itself.

  • Change management → CC8.1 evidence
  • Incident tickets → CC7.x records
  • Access & offboarding workflows → CC6.x proof
  • Works standalone or wired into the vault
$199–399per month, unlimited agents
PEN-05Assessment

Penetration Testing

The annual test your customers' security teams ask for by name — scoped honestly for companies your size, with findings triaged into a remediation plan instead of a 90-page PDF nobody reads.

  • External & web-app testing, retest included
  • Attestation letter for customer security reviews
  • Findings imported straight into your remediation queue
from $2,495per engagement, annual
Packages

Three ways to buy. One honest anchor.

A full-time CISO costs $250,000–$350,000 fully loaded — and most companies under 100 people don't have full-time CISO problems. They have an audit deadline and a deal on hold. Price accordingly.

Foundation

You need to get compliant and stay organized. You'll drive; we'll navigate.
$895
per month
  • Compliance platform (PLT-01)
  • Trustivum Desk helpdesk (DSK-04)
  • Monthly office-hours call
  • Continuous monitoring
  • Named vCISO
  • Annual pentest
Start with Foundation

Complete Program

Everything an enterprise security review or auditor will ask for — plus the executive who answers for it.
$4,995
per month · annual · ≈ 2% of a full-time CISO's output cost per dollar
  • Everything in Foundation & Growth
  • William Janness as your named vCISO
  • Audit ownership, start to attestation
  • Enterprise questionnaire & RFP responses
  • Annual pentest included (PEN-05)
  • Incident response leadership
  • Quarterly board security report
Book a fit call

Growth

Audit is coming, customers are asking questions, and drift is your enemy.
$2,495
per month
  • Compliance platform (PLT-01)
  • Trustivum Desk helpdesk (DSK-04)
  • Sentry monitoring (SEN-03)
  • vCISO Lite: monthly strategy call + questionnaire support
  • Named Security Officer role
  • Annual pentest
Start with Growth
Project pricing, if you'd rather not subscribe: SOC 2 Type I readiness sprint from $15,000 · HIPAA program build from $12,000 · SOC 2 Type II full-cycle ownership from $25,000. Every project credits 20% toward a Complete Program subscription if you convert within 90 days.
Who this is for

Built for the companies caught between HIPAA law and enterprise procurement.

Our center of the target: healthcare-adjacent software and AI companies, 10–100 people. Telehealth platforms, health-data analytics, clinical AI tools, digital health SaaS — any company where PHI makes HIPAA a legal obligation on day one, and where the first hospital, payer, or enterprise deal makes SOC 2 Type II a commercial obligation shortly after.

These companies face both frameworks at once with no security hire on the org chart — and the regulatory floor is rising: the updated HIPAA Security Rule moving through HHS makes formerly "addressable" safeguards mandatory and explicitly pulls AI tools into required risk analysis. If your product is AI touching patient data, your compliance program now has to understand machine learning infrastructure. Ours does — our founder runs GPU fleets at an enterprise AI company for a living.

Second fit: B2B AI and SaaS startups whose enterprise pipeline just hit the security-review wall. Third: Chicagoland professional services firms (RIAs, healthcare practices, agencies) that outgrew their IT guy but will never hire a CISO — we serve them directly or through their existing MSP.

WHY-THIS-NICHE / EVIDENCE FILE
SOC 2 = table stakes
Enterprise buyers in North America now treat a SOC 2 report as a precondition to signing — compliance acts as a gatekeeper to revenue, not a nice-to-have.
64% of SMBs
operate with no CISO of any kind — the demand behind the fastest-growing managed security category.
79% of MSPs
report high SMB demand for vCISO services; retention in well-run practices exceeds 90% because compliance never ends.
$7.42M
average cost of a healthcare data breach — the highest of any industry for 14 straight years. Health-data buyers vet vendors accordingly.
Mid-2026
expected finalization of the strengthened HIPAA Security Rule — mandatory safeguards, AI in scope, ~240 days to comply.
The name behind the program

Your vCISO has actually built the thing he's securing.

William Janness has run production infrastructure since 1992 — three decades as the outsourced technology leader for up to 50 small and mid-sized companies, and today the Head of Information Security & Compliance at an enterprise AI company, where systems he designed have run 1,450+ consecutive days without unplanned downtime.

He writes the policies and the code that enforces them. When your auditor asks how a control works, your vCISO shows them the implementation — not a slide about it.

wjanness.com → full record of work

Next step

Bring us the deal that's stuck on security review.

A 30-minute fit call. You describe the audit deadline, the questionnaire, or the customer requirement — we tell you exactly which pieces you need and which you don't. No charge, no deck.

Book the fit call