call-pricing-cheat-sheet

Solanasis — Call Pricing Cheat Sheet

Keep this open during every prospect call. No math, no fumbling. Last updated: 2026-03-10

Related docs:

• Market Pricing Research — Full competitive data with 100+ sources
• Competitor List — 22 named competitors with positioning notes
• ORB Pricing & Packaging — Internal ORB details
• Remediation & Retainer Options — Post-ORB offers
• ORB One-Pager (Client) — Send to prospects

---

The Mindset Going In

You’re not selling hours. You’re selling clarity, proof, and a plan.

When someone asks “what does this cost?” you give them a range anchored to what they get, not how long it takes. If they push for hourly, that’s fine for now, but always try to scope it as a project first.

Your competitive advantage: Most competitors sell either assessments OR managed services OR fractional leadership. You combine all three in one engagement lifecycle (assess + fix + stay). Nobody else in the SMB market does this with a productized entry point.

---

Offering Menu

1. Resilience Checkup (ORB) — THE WEDGE

What it is: 10-business-day assessment: security baseline + real restore test + 30/60/90 plan Who it’s for: SMBs and nonprofits, 10-500 users, M365/Google Workspace

Company Size	Price	50% Upfront
1-10 users	$5,000	$2,500
11-50 users	$7,500	$3,750
51-150 users	$12,500	$6,250
151-500 users	$19,500	$9,750

Market context (use if they push back or compare):

• A standalone security risk assessment runs $3K-$25K in the market (we bundle MORE into this range)
• A vCISO typically costs $3K-$7K/month ongoing; we give you a complete baseline for a one-time fee
• MSPs bundle lightweight “annual assessments” into $100-$200/user/month contracts; ours is a deep, independent review
• NIST CSF assessments alone run $5K-$115K; we deliver a practical baseline at the low end of that range
• The restore test alone is worth $2,500-$5,000; nobody else includes it by default

On the call, say: “For a company your size, the Resilience Checkup runs about [price]. You get five deliverables including a real restore test; not just ‘we looked at your settings.’ Half upfront, half when we deliver the readout on day 10.”

If they flinch at price: “We can talk about scope, but I’d rather show you what you actually get first. Want me to send the one-pager?”

Complexity add-ons (mention only if relevant):

• Hybrid/on-prem or multiple locations: +15%
• M&A, multi-tenant, messy vendor handoff: +25%
• Compliance-grade documentation needed: +35%

ORB add-ons (mention only if asked):

• Second restore test: +$2,500to+$5,000
• Executive tabletop exercise: +$3,000to+$6,000
• Policy mini-pack (5 policies): +$4,500to+$9,000

Nonprofits: Same scope. Optional 10% discount if needed; usually not necessary when you emphasize value.

---

2. Security Assessment Only (Standalone)

What it is: Subset of the ORB; config review, vulnerability scan, policy check. No restore test. When to offer: When they specifically ask “can you just do a security review?”

Company Size	Price
1-10 users	$3,000-$3,500
11-50 users	$4,500-$5,500
51-150 users	$7,500-$9,000

Market context:

• Basic automated vulnerability scans run $1K-$5K (we do more than scans; we review configs, policies, and provide a prioritized roadmap)
• Full IT security audits run $3K-$50K+; we sit at the practical, actionable end of that range
• “Pentests” under $4K are typically just automated scans repackaged. Ours includes real human review.
• Per-employee cybersecurity spend for 11-50 employees is ~$640/year;a$4.5K assessment for a 30-person company is $150/employee, well within range

On the call, say: “We can do a standalone security assessment; config review, vulnerability scan, policy check. For your size, that’s around [price]. But honestly, the full Resilience Checkup is only [ORB price] and you also get a real restore test and the 30/60/90 plan. Most people find the full checkup is the better value.”

Pro tip: Always anchor to the ORB. The standalone assessment is your “downsell.” Use it to upsell to the ORB.

---

3. Data Migration

What it is: Moving data between systems (CRM to CRM, legacy to cloud, etc.) When to offer: When they mention switching systems, messy data, or “we’ve outgrown [tool]“

Complexity	Price Range	Timeline
Simple (single system, <10K records, clean data)	$3,000-$5,000	1-2 weeks
Medium (2-3 systems, mapping needed, some cleanup)	$5,000-$12,000	2-4 weeks
Complex (multiple systems, data quality issues, custom logic)	$12,000-$25,000	4-8 weeks

Market context:

• Self-service CRM migration tools (MigrateMyCRM) charge $99-$2,999 by record count, but don’t include strategy, validation, or cleanup
• Consultant-led data migration runs $2K-$60K; $15K-$150K for full CRM migration projects (Salesforce implementations alone are $10K-$75K for SMBs)
• Budget overruns average 14-30% in the industry. Our fixed-fee model protects them from that.
• Downtime during migration costs SMBs $137-$427/minute. We plan to avoid it.

On the call, say: “Data migrations depend a lot on what you’re moving and how clean your current data is. Simple migrations run $3-5K,butifther{e}^{\prime }salotofmappingorcleanupinvolveditcanbe$5-12K. I’d need to see both systems to give you a firm number. Can we do a quick 30-min scoping call?“

---

4. CRM Setup & Consulting

What it is: Setting up or optimizing their CRM (HubSpot, Salesforce, Pipedrive, Zoho, etc.) When to offer: When they mention “we don’t have a CRM” or “our CRM is a mess”

Scope	Price Range	Timeline
Basic setup (fields, pipelines, imports)	$2,500-$5,000	1-2 weeks
Full setup (workflows, integrations, training)	$5,000-$12,000	2-4 weeks
Optimization (audit existing + rebuild)	$4,000-$8,000	2-3 weeks

Market context:

• HubSpot’s own onboarding fees are $1,500-$7,000; their implementation partners charge $3K-$75K depending on complexity
• Salesforce implementations for SMBs run $10K-$75K (we’re significantly cheaper for basic/mid setups)
• CRM consultant hourly rates: $100-$250/hr (independent), $150-$300/hr (HubSpot specialists)
• SMBs typically spend 1.5x-2x their CRM license cost on implementation
• Each integration typically adds $5K-$20K at a Salesforce shop; we bundle integrations into our pricing
• Ongoing CRM retainers run $2K-$5K/month at HubSpot agencies; our optimization is a one-time project

On the call, say: “CRM setup really depends on how complex your sales process is. A clean setup with your pipelines, fields, and data import usually runs $2,500-$5K. If you need integrations with your other tools and workflow automation, it’s more like $5-12K. What CRM are you on or considering?“

---

5. Systems Integration

What it is: Connecting their tools so data flows properly (Zapier, APIs, middleware) When to offer: When they describe manual processes, copy-pasting between tools, “our systems don’t talk to each other”

Scope	Price Range
2-3 simple integrations (Zapier-level)	$2,000-$4,000
Custom API integrations	$5,000-$15,000
Full systems audit + integration roadmap + implementation	$8,000-$20,000

Market context:

• Zapier automation consultants charge $100-$200/hr; a $4K project is 20-40 hours of expert work
• Enterprise iPaaS platforms (MuleSoft, Workato) cost $50K-$180K/year just for the software
• SMB iPaaS spend averages $12.8K-$25.5K/year; our one-time project replaces ongoing platform costs
• Custom API integrations at Salesforce shops run $5K-$15K each; we’re in range but with broader systems knowledge
• 58% of mid-sized businesses cite rising integration costs as a barrier; our fixed-fee approach removes that risk

On the call, say: “It depends on what you’re connecting and how custom it needs to be. Simple integrations through tools like Zapier run $2-4K.IfweneedcustomAPIwork,tha{t}^{\prime }smorelike$5-15K. Let me look at your current stack and I’ll scope it properly.”

---

6. Responsible AI Implementation

What it is: Helping them adopt AI tools safely; policy, training, tool selection, governance When to offer: When they mention AI, ChatGPT, “we want to use AI but don’t know where to start”

Scope	Price Range
AI Readiness Assessment (policies, risks, opportunities)	$3,000-$5,000
AI Implementation Sprint (tool selection, setup, training, policy)	$5,000-$15,000
Ongoing AI Governance (monthly advisory)	$1,500-$3,000/mo

Market context:

• AI consulting rates run $150-$500/hr; our $3K-$5K readiness assessment is 10-20 hours of senior AI work at market rates
• Agency AI pilot projects start at $5K-$20K for SMBs; full implementations run $50K-$150K (we’re at the practical end)
• AI governance platform spending is projected to hit $492M in 2026; demand is surging due to EU AI Act and US regulations
• 78% of enterprises now prioritize “ethical AI implementation” when choosing consultants; SMBs will follow
• Off-the-shelf AI tools cost $20-$100/user/month; without governance, they become a liability
• Staff AI training alone costs $500-$4,000 per employee at agencies; we bundle it into the sprint

On the call, say: “We help companies adopt AI without the chaos. Most of our clients start with an AI Readiness Assessment for $3-5K; we look at where AI actually makes sense for your business, what policies you need, and what risks to watch for. Then if you want us to help implement, that’s a separate engagement.”

---

7. Hourly / Ad-Hoc Consulting (THE BRIDGE)

Use sparingly. This is your bridge revenue, not your business model.

Type	Rate
General consulting / advisory	$175/hr
Technical hands-on work	$200/hr
Minimum engagement	4 hours ($700-$800)
Day rate (8 hrs)	$1,400-$1,600

Market context (your rates are competitive):

• Senior IT consultants: $150-$250+/hr
• Cybersecurity specialists: $200-$500/hr (you’re at the low end of this)
• vCISO hourly: $200-$300/hr average (US consensus)
• Break-fix MSP support: $175-$350/hr
• AI consulting: $150-$500/hr (you’re at the low end)
• Your $175-$200/hr is competitive for the value you bring. Do not go lower.

On the call, say: “I can absolutely do that on an hourly basis. My rate is $175-200/hr depending on the work, with a 4-hour minimum. That said, if the scope is clear, I usually find that a fixed-price project ends up being better for both of us. Want me to scope it out and give you a project price?”

Pro tip: Always try to convert hourly asks into project scope. Hourly work doesn’t scale and doesn’t build case studies. But saying yes to hourly RIGHT NOW is fine; it builds the relationship and gets revenue in the door.

---

Post-Engagement Upsells (Don’t Mention on First Calls)

Remediation Sprint (after ORB)

• 2-week sprint: $9K-$18K
• 4-week sprint: $18K-$35K
• “We found the problems in the Checkup; now we fix the top 5-10 items fast.”

Market context:

• Comparable to a short consulting engagement at $200-$300/hr x 40-160 hours
• FRSecure (closest competitor) charges $35K-$250K/year for their assess-plan-remediate cycle; our sprint model is more accessible
• MSPs would charge $100-$250/user/month ongoing to address these items piecemeal over months; we compress it into weeks

Fractional Resilience Partner (monthly retainer — THE GOAL)

Company Size	Monthly Range
11-50 seats	$2,500-$5,000/mo
51-150 seats	$5,000-$9,000/mo
151-500 seats	$9,000-$15,000/mo

What’s included: Monthly posture review, quarterly restore drill, quarterly tabletop, vendor hygiene, roadmap ownership

Market context (this is where you anchor hard):

• Full-time CISO costs $250K-$700K/year ($20K-$58K/month total comp). You’re 70-85% cheaper.
• vCISO retainers in the market: $3K-$7K/month for SMBs; $5K-$12K for mid-market. You’re right in range.
• Comparable fractional leadership (Compass ITC tiers):
  • Advisory Starter: $2K-$4.5K/mo (quarterly strategy)
  • Balanced Program: $5K-$9K/mo (monthly steering)
  • High-Touch: $9K-$20K+/mo (weekly cadence)
• But you offer MORE than a vCISO: you blend CISO + CIO + COO into one “Resilience Partner” role. That’s $500K+ in full-time salaries they’re replacing with one retainer.
• Fractional CTO alone runs $3K-$18K/month in the market. Combined with CISO and ops, you’re a bargain.

On the call (when the time is right): “After we finish the Checkup, most clients want someone to own the plan going forward. That’s our Resilience Partner retainer; think of it as a fractional CISO, CTO, and ops lead rolled into one. For your size, that’s [price]/month. Compare that to hiring even one of those roles full-time at $250K+ a year.”

---

Market Anchoring Quick Reference

Use these numbers to build confidence when talking to prospects. Full data in market-pricing-research.md.

What They’re Comparing To	Market Price	Solanasis Price	Your Advantage
Full-time CISO	$250K-$700K/yr	$30K-$108K/yr (retainer)	70-85% savings; no recruiting, no benefits
vCISO retainer (security only)	$3K-$7K/mo (SMB)	$2.5K-$9K/mo	Same range but broader scope (DR, CRM, ops)
MSP monthly (managed IT)	$100-$250/user/mo	One-time $5K-$19.5K	Not a monthly commitment; independent view
Security risk assessment	$5K-$50K	$5K-$12.5K	Includes restore test + 30/60/90 plan
Salesforce implementation	$10K-$75K	$2.5K-$12K (CRM setup)	CRM-agnostic; faster; less overhead
Cybersecurity consultant (hourly)	$200-$500/hr	$175-$200/hr	Competitive rate; will scope as project
Pentest	$5K-$50K	Refer out	We do baseline assessments; pentesting is separate

---

Objection Handling Quick Reference

“That’s more than I expected”

“I get it. What were you budgeting for this? Let me see if we can adjust scope to fit.” Anchor: “For context, a standalone security assessment in the market runs $5K-$25K. We’re giving you more, including a real restore test and a 30/60/90 plan, at the lower end of that range.”

“Can you do a discount?”

“I’d rather adjust the scope than the price. What’s most important to you; the security review, the restore test, or the plan? We can start with what matters most.” Never discount price. Adjust scope instead.

“We already have an IT person/MSP”

“That’s great; we’re not replacing them. We’re the second pair of eyes. We actually work well alongside MSPs because we catch the things they’re too close to see.” Anchor: “MSPs charge $100-$250/user/month for day-to-day support. We do a one-time deep assessment for a fraction of that annual spend.”

“We’re too small for this”

“Small companies are actually at the highest risk; 43% of cyberattacks target businesses under 50 employees. The smaller you are, the less you can afford to lose a week of operations.” Anchor: “The average cost of a data breach for an SMB is $140,000. The Checkup is less than 5% of that.”

“Can we do this later?”

“Totally. Just know that the average cost of a data breach for an SMB is over $140K, and that’s before the reputation damage. The Checkup is basically insurance. But I’m here whenever you’re ready.”

“We just need someone on an hourly basis”

“I can do that; $175-200/hr,4-hourminimum.Butbeforewegohourly,tellmewhatyo{u}^{\prime }retryingtosolve.Imightbeabletoscopeitasaprojectandgiveyouafixedpricesotherearenosurprises."\ast Anchor:\ast "Seniorcybersecurityconsultantstypicallycharge$200-$500/hr. I’m giving you enterprise experience at a competitive rate.”

“Your competitor [X] is cheaper”

If MSP: “They’re doing something different. MSPs manage your day-to-day IT. We’re doing a deep, independent assessment with proof artifacts. It’s like comparing a mechanic to a vehicle inspector.” If vCISO: “What are they including? Most vCISO retainers start at $3-7K/month ongoing. We’re offering a one-time deep dive for [price] with no monthly commitment.” If pentest shop: “Pentesting is one piece of the puzzle. We do a broader baseline that includes security, disaster recovery, and a prioritized action plan. Pentesting can come later.”

“We already did an assessment”

“Great. When was it? And did it include a real restore test, not just ‘we have backups’? Most assessments are checkbox exercises. Ours includes verifying that your recovery actually works.”

---

Payment Terms Cheat Sheet

Engagement Type	Terms
ORB / Project work > $2,500	50% upfront, 50% at delivery
Project work < $2,500	100% upfront
Hourly/ad-hoc	Invoice weekly, net-15
Monthly retainer	Monthly invoice, due on 1st

Payment method: Invoice via Xero, accept ACH/wire/check. Credit card possible but prefer ACH.

---

Referral Program (When Someone Asks)

• Network referrals: 10% of engagement fee, capped at $1,500
• MSP/Partner referrals: 15%, capped at $2,500
• Paid after the first client payment clears
• Alternative: Donate the same amount to a nonprofit of their choice

On the call: “If you send someone our way and they become a client, I’ll send you 10% of the engagement fee, up to $1,500. Or if you’d prefer, I’ll donate that to a nonprofit of your choice.”

---

The Golden Rule for Calls

Lead with curiosity, not with a pitch.

Ask these questions. Let them talk. The sale happens when they realize they have a problem.

1. “When was your last real restore test; not just ‘we have backups’?”
2. “If your main system went down right now, how long until you’re fully back?”
3. “Who actually owns security and disaster recovery at your company?”
4. “Have you had any incidents, even small ones, in the last year?”
5. “What keeps you up at night about your technology?”

If they can’t confidently answer #1 and #2, you have the opening.

---

Quick Confidence Builders (Stats to Drop on Calls)

Keep 2-3 of these ready. Don’t dump them all at once.

• 43% of cyberattacks target businesses under 50 employees
• 60% of small businesses fail within 6 months of a breach
• $140,000 average breach cost for SMBs
• $1.38 million average downtime cost
• 28 days average recovery time from ransomware
• 300% surge in reported cybercrime (FBI)
• 3.4 million unfilled cybersecurity positions globally
• 63% of SMBs increased cybersecurity budgets in 2025
• Employee security training has 425% ROI with 6-9 month payback
• Proactive investment saves $437K over 3 years vs. doing nothing

Sources for all stats in market-pricing-research.md.