Do you do compliance audits or just operate the tooling?

Both. Operations is the baseline. At Mid-Market and above we run vCISO hours that produce evidence packs ready to hand to a SOC 2, HITRUST, or HIPAA auditor. The AiT Trust Portal add-on automates evidence collection so quarterly reviews stop being a fire drill.

Home / Pricing

Pricing built for regulated industries.

SentinelOne EDR and Adlumin MDR are in every tier. 24/7 SOC and a signed BAA at the top. Add Hosted Agents, Voice Concierge, Avatar Studio, Trust Portal, or Phishing Sim only when you actually need them.

HIPAA 42 CFR Part 2 FERPA GLBA SOC 2 evidence BAA included (Enterprise)

Three tiers. One operating model.

Every tier ships our control plane — SentinelOne EDR, Adlumin MDR, Trustify email security, and our incident runbook library. What changes between tiers is coverage hours, depth of governance, and how isolated your tenant lives. No surprise per-seat creep, no “quarterly true-up” invoice that doubles your bill.

SMB Managed

Up to 25 endpoints

Starting at $1,500 / mo

Sized in discovery. Annual commit; quarterly invoicing.

SentinelOne EDR + Adlumin MDR bundled
M-F 9am-6pm ET helpdesk
Email + ticket support, 4-hour business response
Quarterly business review
Microsoft 365 or Google Workspace tenant management
Monthly patch + vulnerability scan report

Onboarding 2-3 weeks · one-time setup

Book a strategy call

Mid-Market

Up to 250 endpoints

Starting at $4,500 / mo

Sized in discovery. Annual commit; quarterly invoicing.

Everything in SMB Managed, plus:
24/7 SOC — AiT SOC Sentinel correlation + analyst escalation
Monthly tabletop with documented playbook updates
Dedicated CSM — named contact, monthly cadence
vCISO 8 hrs / mo — policy, audit prep, vendor reviews
1-hour P1 / 4-hour P2 / 1-day P3 SLA
Quarterly external phishing test included

Onboarding 4-6 weeks · SOC tuning included

Book a strategy call

Enterprise / Regulated

250+ endpoints · HIPAA / 42 CFR / FERPA / GLBA

Custom

Scoped against your compliance posture and incident history.

Everything in Mid-Market, plus:
Dedicated tenant in a per-customer GCP subproject
24/7 SOC + IR retainer — named incident commander on call
BAA included — signed before any PHI lands
Continuous evidence collection on AiT Trust Portal
vCISO scaled to your audit calendar (HITRUST, SOC 2, HIPAA)
Quarterly DR drill + annual red-team exercise
Custom data-residency pinning available

Onboarding 8-12 weeks · dedicated GCP subproject

Talk to founder

Add-ons — mix and match against any tier

Quoted per tenant per month unless noted. Most adds activate inside 5 business days because the control plane is already there.

Add-on	Available on	Starting price
AiT Hosted Agents Compliant AI copilots running inside your tenant. Bring-your-own knowledge base, full audit trail, DLP filters on every prompt.	All tiers	$499 / tenant / mo
AiT Voice Concierge 24/7 AI voice front door for helpdesk and reception. ElevenLabs voice, custom playbooks, ticket creation on hang-up.	Mid-Market & Enterprise	$799 / tenant / mo
AiT Avatar Studio Branded video avatars for onboarding, training, and exec broadcasts. Quarterly script refresh included.	All tiers	$1,200 / tenant / mo
AiT Trust Portal Continuous evidence collection for SOC 2, HIPAA, and HITRUST. Customer-facing portal for prospect security reviews.	Mid-Market & Enterprise	$899 / tenant / mo
Phishing Sim Monthly randomized phishing simulations with reporting, training enrollment, and an executive risk heatmap.	All tiers	$8 / user / mo
vCISO hours beyond included For audit-heavy quarters. Block-of-hours pricing, used in 30-min increments, expires 12 months from purchase.	All tiers	$285 / hr

FAQ

Do you sign a Business Associate Agreement (BAA)?

Yes. A BAA is included at the Enterprise / Regulated tier at no additional cost and is signed before any PHI touches our environment. Mid-Market customers can add a BAA as a paid amendment when scope justifies it.

What is your support SLA?

SMB Managed responds within 4 business hours during M-F 9am-6pm ET. Mid-Market and Enterprise customers get 24/7/365 coverage with a 1-hour response on P1 (production down or active security incident), 4 hours on P2, and 1 business day on P3. SLAs are written into the MSA, not buried in a separate document.

How long does onboarding take?

SMB Managed onboards in 2 to 3 weeks: agent rollout, MDM enrollment, and SSO integration. Mid-Market is 4 to 6 weeks with SOC tuning and tabletop scheduling. Enterprise / Regulated runs 8 to 12 weeks because we stand up a dedicated GCP subproject, document the control plane, and complete pre-go-live audit collection.

What is the contract length and are there escape clauses?

Default term is 12 months. We include a 90-day satisfaction window: if we miss our published SLAs across two consecutive months in that window, you can terminate for cause with 30 days notice and pay only for services delivered. After month 12, the agreement renews month-to-month unless either party gives 60 days notice.

What are the escape clauses in plain English?

Three paths out: (1) For cause — documented SLA misses two months running inside the 90-day window, terminate with 30 days notice. (2) Material change — if we materially change the service definition or raise prices more than CPI at renewal, you can opt out without penalty. (3) Convenience — after month 12 either side can exit with 60 days notice. No early-termination fee on Mid-Market or Enterprise.

Where is our data stored? What about data residency?

All customer telemetry, ticket data, and AI workloads live in US-based Google Cloud regions (us-central1 by default). Enterprise / Regulated customers get a dedicated GCP subproject under our intelligentit.io org so there is zero data co-mingling with other tenants. We can pin to us-east4 or us-west1 on request, with a data-flow diagram delivered as part of onboarding.

Can we bring our own tooling (BYO EDR, MDM, SIEM)?

Yes, with a one-time integration credit applied against implementation. We have working integrations with CrowdStrike, Microsoft Defender, Intune, Jamf, Splunk, and Microsoft Sentinel. We will not operate tooling we cannot get vendor support for — that exclusion list is in the SOW so there are no surprises three months in.

What happens to our environment if we leave?

You own your data and your tenant. On termination we deliver: full export of all telemetry and ticket history (JSON + CSV), a documented runbook for every automation we built, transfer of any customer-owned licenses, and a 30-day read-only handover window. No ransomware-grade lockouts, ever. This is contractual, not goodwill.

Book a 30-minute strategy call.

We'll size the right tier, surface the add-ons that matter for your audit calendar, and give you a written quote inside 5 business days.

Book a strategy call See customer outcomes →

Pricing as of 2026-05-13. Starting prices assume annual commitment, quarterly invoicing, and discovery-validated scope. Final pricing finalized in a written quote. Manuel Ruiz, Founder · Intelligent Group · intelligentit.io