Saltar al contenido

Most companies start here

Architecture & Compliance Review

A 2 to 4 week assessment of your current architecture and compliance posture. We review your codebase, infrastructure, security practices, and processes against the regulatory frameworks that affect your business. You receive a detailed, prioritized roadmap your auditor will respect and your engineering team can actually execute.

From USD 5,000 · 2 to 4 weeks

01

Best for

VP Engineering or CTO at mid-market regulated company

Companies preparing for audit (SOC2, SOX, PCI-DSS, etc.)

Engineering leaders who inherited legacy systems

Pre-acquisition technical due diligence

Pre-fundraising engineering credibility


02

What is included

Comprehensive end-to-end assessment, from kickoff to leadership presentation. Fixed scope, defined timeline, senior engineer leading.

01

2 to 4 weeks of senior engineering review

02

Architecture assessment of current state

03

Compliance gap analysis vs. relevant frameworks

04

Security review of critical paths

05

Performance and scalability assessment

06

Prioritized roadmap of recommendations (15-30 page document)

07

Effort estimates per recommendation

08

Live 90-minute presentation with leadership

09

30-day follow-up consultation included


03

How it works

01

Week 1

Discovery + access

Discovery interviews with key stakeholders. Codebase and documentation access setup.

02

Week 2

Architecture review

Deep architecture, infrastructure, and security review. Compliance audit against relevant frameworks.

03

Week 3

Synthesis

Roadmap synthesis. Recommendations document draft. Validation with technical stakeholders.

04

Week 4

Delivery

Live 90-minute presentation with leadership. Final document delivered. 30 days of follow-up consultation.


04

Frameworks we cover

Compliance we have lived on real projects — not learned in a certification course.

SOX

Sarbanes-Oxley — internal controls over financial reporting

PCI-DSS

Payment Card Industry — payment card data handling

HIPAA

Health Insurance Portability — US healthcare data

SOC2

Service Organization Control — security, availability, confidentiality

GDPR

General Data Protection Regulation — EU privacy

SARLAFT

Anti-money laundering system (Colombia) — relevant for LATAM fintech

Habeas Data

Colombian personal data protection regime

LGPD

Lei Geral de Proteção de Dados (Brazil)


05

Frequently asked questions

How much does it cost exactly?

Pricing starts at USD 5,000 for simple scopes (single-system review). Complex engagements with multiple systems or frameworks can reach USD 15,000. We charge fixed per project, not hourly — no surprises.

Why is it not free?

Charging filters serious clients and reflects the value of the deliverable. Most clients who do the Architecture Review go on to implementation projects. If you need to convince your CFO, we can share references from prior engagements.

What if you find issues we cannot fix internally?

We can execute the recommendations with you — Custom Development, System Modernization, or Senior Team Augmentation. But the roadmap is yours: execute it with your team, another agency, or us.

Do you sign NDAs?

Yes, we sign NDAs before discovery starts. We also work in isolated environments if your compliance requires it (staging-only access, anonymized data, etc.).

Will the report work for our external auditor?

Yes. The document is structured in a format SOC2/SOX auditors recognize. We explicitly identify gaps against relevant controls. It does not replace a formal audit, but serves as a pre-audit assessment.

How fast can we start?

After the discovery call and SOW signature, we typically start within 1-2 weeks. If you have urgency (upcoming audit, investment in discussion), we can prioritize.


Start with a discovery call?

30 minutes. No commitment. I give you honest recommendations — even if you decide not to engage.