Access Control & Offboarding
Identity & Access Management
MFA, SSO, RBAC, quarterly access reviews.
3 services · Fixed price · 14-day warranty · Senior engineers only
NIS2CR-NIS2-09
MFA & Access Control Implementation
MFA + RBAC implementation covering 5 compliance frameworks at once: NIS2, ISO 27001, SOC 2, PCI DSS, DORA. $249, delivered in 2-3 days.
€229 2–3 business days
14-day warranty
ISO 27001CR-ISO-05
Access Control Policy & Implementation
ISO 27001 access control policy + technical implementation. Covers A.5.15-5.18, NIS2, and SOC 2 in one engagement. Least-privilege enforced across all systems. $349.
€319 3–5 business days
14-day warranty
SOC 2CR-SOC-04
Access Review Process Setup
Formal quarterly access review process for SOC 2 CC6.1-6.3. Automated workflow, reviewer matrix, evidence templates. First review executed as part of delivery. $299.
€279 2–3 business days
14-day warranty
Compare Services
| Service | Price | |
|---|---|---|
NIS2 MFA & Access Control Implementation | €229 | Details → |
ISO 27001 Access Control Policy & Implementation | €319 | Details → |
SOC 2 Access Review Process Setup | €279 | Details → |
Frequently Asked Questions
Which MFA methods do you support?+
TOTP (Google Authenticator, Authy), hardware tokens (YubiKey), push notifications (Microsoft Authenticator, Duo), and SMS (not recommended but supported). We recommend TOTP or hardware tokens for highest security.
Will this disrupt employees' daily work?+
Minimal disruption. We phase the rollout: admin accounts first (day 1), then critical services (day 2), then remaining accounts (day 3). Employees receive setup instructions before their MFA is enforced.
Does this satisfy PCI DSS Requirement 8?+
Yes. MFA for all administrative access to the cardholder data environment (CDE) plus the RBAC policy document satisfy PCI DSS Requirement 8.3. We document the mapping for your QSA.
What if we already have MFA on some systems?+
We audit what you have, identify gaps, and fill them. Many companies have MFA on email but not on AWS console, GitHub, or VPN — those are the gaps attackers exploit.
How does this cover 5 frameworks with one service?+
MFA is required by NIS2 Art.21(2)(j), ISO A.8.2-8.5, SOC CC6.1, PCI Req.8, and DORA Ch.II. We implement once and document compliance for all five. Our report maps each control to each framework.
Also in Access Control & Offboarding
$5
Not Sure Where to Start?
Our IT Health Check finds every compliance gap in your infrastructure. 1 business day. You get a prioritized list of what to fix.
Not sure which service you need?