Three tiers, picked by what your business actually needs
SLAs your auditor will accept and your CFO will sign off. Pick the tier; we'll quote against the same controls regardless of size. Regulated buyers in banking, financial services and healthcare almost always want the Regulated tier.
| Foundations | Business | Regulated | |
|---|---|---|---|
| Best for | Small teams, no compliance load | Growing teams, sector-light compliance | Banking, finance, healthcare, regulated R&D |
| P1 response (service down / breach) | 1 working hour | 30 minutes | 15 minutes, 24×7 |
| P2 response (major degradation) | 4 working hours | 2 working hours | 1 hour, 24×7 |
| P3 response (minor / single user) | 1 working day | 4 working hours | 4 hours, 24×7 |
| Hours of coverage | UK business hours | UK extended (07:00–22:00) + on-call | 24×7 staffed |
| Named technical lead | Pooled service desk | Yes | Yes — with named deputy |
| Service review cadence | Quarterly | Monthly | Monthly — including auditor-ready evidence pack |
| RPO (recovery point) | 24 hours | 4 hours | 1 hour |
| RTO (recovery time) | 8 working hours | 4 hours | 1 hour |
| Off-site backup | Weekly | Daily, immutable | Hourly, immutable, tested quarterly |
| Breach credit | 5% of monthly fee per missed P1 | 10% per missed P1, 5% per missed P2 | 25% per missed P1, 10% per missed P2/P3 |
| NIST CSF evidence pack | On request | Quarterly | Continuous, audit-ready |
| FCA / PRA / DORA evidence support | Not included | Add-on | Included |
| NHS DSPT / DCB0129 support | Not included | Add-on | Included |
How priorities are classified
- P1 — service is down for one or more users, OR a confirmed security incident is in progress, OR a regulator-reportable event has occurred.
- P2 — significant degradation (slow application, partial outage), or a single critical user is blocked, or a backup has failed.
- P3 — minor issue, single non-critical user, password reset, low-impact request.
What the breach credit means
If we miss the response time on a ticket at your tier, you get a credit against the next month's invoice. Credits are issued automatically on the monthly service report — you don't have to chase.
Pricing
Per-user pricing varies with tier and the size of your fleet. We send a tailored quote after a 30-minute discovery call so we can size the on-call rota and the evidence-pack workload accurately.