Directive Tier
Strategic security leadership — without the CISO salary.
vCISO advisory, managed detection and response, and readiness programs for HIPAA, SOC 2, and ISO 27001. Delivered as a managed service, powered by Klaravex AI.
$295 / user / month
What Directive includes
vCISO Advisory
Quarterly strategy reviews, security roadmap development, and board-level risk reporting where applicable. You get a senior security advisor on call — without a full-time hire.
Klaravex AI AI Agent — First-Line Support
Klaravex AI — handles triage and common issue resolution instantly, 24/7. When escalation is needed, a senior engineer takes over with full context already in hand. No ticket queue. No cold handoffs.
Managed Detection and Response (MDR)
Renewal coming up? Start with our Cyber Insurance Readiness Assessment — fixed fee, credited toward Directive.>
Continuous monitoring, threat detection, and response management across your environment. Tooling and vendor selection aligned to your stack — M365/Azure, Google Workspace, AWS, or hybrid.
Readiness Programs
Gap analysis, remediation planning, and documentation across the following frameworks — as applicable to your business:
- HIPAA Security Rule (covered entities and business associates)
- SOC 2 Type II readiness
- ISO 27001:2022 readiness
Policy and Procedure Development
Security policies, acceptable use policies, incident response procedures, and supporting documentation — built to your environment, not generic templates.
M365 / Azure, Google Workspace, and AWS Security Hardening
Conditional access management, Defender configuration, audit log review, and identity posture management across M365/Azure. Admin console hardening, DLP rules, and Vault configuration in Google Workspace. IAM policy review, S3 bucket audits, CloudTrail, and GuardDuty management in AWS.
Ubiquiti UniFi Network and Firewall Management
Firewall rule management, VLAN segmentation, network monitoring, and firmware management for UniFi environments.
Incident Response Planning + Tabletop Facilitation
A documented IR plan aligned to your regulatory context. Annual tabletop exercise facilitated by a senior engineer.
Risk Register Maintenance
Living risk register updated quarterly, aligned to applicable frameworks.
We manage your security posture across your entire cloud footprint — M365/Azure, Google Workspace, and AWS. Platform coverage and scope are confirmed during the discovery call and defined in your Statement of Work.
Directive is built for situations like these
Healthcare-adjacent firm
Your organization handles protected health information — as a covered entity or business associate — but doesn’t have a dedicated security team. A HIPAA Security Rule gap analysis is overdue. Directive gives you the technical and operational readiness program without hiring a full-time position.
Healthcare-adjacent firm with HIPAA obligations
HIPAA’s Security Rule requires covered entities and business associates to implement administrative, physical, and technical safeguards. Directive builds the documentation, policies, and technical controls your BAA partners will ask for — and your auditor will verify.
Legal or financial firm with high-value client data
Your clients trust you with sensitive financial, legal, or personal data. State privacy laws apply to how you handle it. You need proactive monitoring, incident response readiness, and documented policies — not a reactive break-fix provider.
Professional services firm pursuing SOC 2 Type II
Enterprise customers are asking for SOC 2 reports before signing contracts. Directive takes you through the gap analysis, control implementation, and audit readiness process — so you have the report when the deal requires it.
Growing SMB with no internal CISO
You’ve scaled past the point where “the IT person handles security” is good enough. Your stack spans M365, Google Workspace, and AWS. You need a security advisory layer, ongoing monitoring, and a real escalation path — without the $200K+ cost of a full-time CISO hire. Directive is built for exactly this.
Readiness advisory services described on this page are advisory and preparatory in nature. Klaravex does not issue compliance certifications, conduct formal audits, or serve as a third-party assessor. HIPAA compliance determinations require legal counsel. ISO 27001 certification requires engagement with an accredited certification body. SOC 2 reports are issued by licensed CPAs. All scope and deliverables are defined in a signed Statement of Work.
Talk to us about Directive.
A 30-minute discovery call is enough to understand your environment, your regulatory exposure, and what a Directive engagement looks like for your business. No commitment required.
Buy or Subscribe
Subscribe to Directive now — quantity = number of seats. Secure checkout via Stripe.
Secure checkout via Stripe. Need help scoping or a contract first? Talk to us →
Have a question? Ask Loki — our AI assistant answers instantly.