Solanasis Website — Services Expansion Plan (Phase 3)

Created: 2026-03-05 Status: DRAFT — Awaiting approval on clarifying questions Scope: Add a /services page and update existing pages to clearly present the full range of offerings.

Master Documentation Permalinks:

Build plan: _solanasis/website-config/02-claude-build-plan.md

Decisions log: _solanasis/website-config/decisions-log.md

Approved copy (v3): _solanasis/website-content/solanasis_site_copy_v3_smartcuts.md

Brand style guide: _solanasis/brand-style/Matchkeyz_Brand_Style_Guide.md

Content strategy: _solanasis/website-config/03-content-creation-strategy.md

Design tokens: solanasis-site/design-tokens.md

ORB offer one-pager: _solanasis/playbooks/solanasis_orb_pack_v2/01_Offer_OnePager_Client.md

ORB pricing (INTERNAL ONLY): _solanasis/playbooks/solanasis_orb_pack_v2/03_Pricing_Packaging.md

Remediation/retainer options (INTERNAL ONLY): _solanasis/playbooks/solanasis_orb_pack_v2/16_Remediation_And_Retainer_Options.md

Mega playbook (service descriptions): _solanasis/playbooks/Mega_Playbook_Enterprise_SMB_Services.md

Marketplace sprints: _solanasis/playbooks/solanasis_consulting_marketplaces_playbook.md

Content strategy (pillars): _solanasis/Solanasis_AI_Native_Content_Strategy_2026.md

Phase 2 plan (prior phase): solanasis-site/PHASE2-PLAN.md

0. HARD RULES

NO PRICING ON THE WEBSITE. No dollar amounts, no “starting at”, no “from $X”, no pricing tables, no pricing signals, no ranges. Pricing is disclosed only during conversations. This is a firm business decision — do not add pricing to any page, section, card, or structured data. (See Decision 12 in decisions-log.md)
All copy sourced from approved master docs (no invention).
Permalinks to master docs in source code comments.
Test-driven: write tests alongside implementation.
DRY: shared data files, no duplicated markup patterns.

1. SERVICE ARCHITECTURE — The Key Insight

What changed from the original plan

The original plan treated Remediation Sprint and Fractional Resilience Partner as standalone service listings. That was wrong — they’re follow-on offers. It also completely missed the fractional executive services (fCISO/fCTO/fCOO) which are a CORE part of what Solanasis is.

The company is: “Security. Resilience. Operations.” (fCISO / fCTO / fCOO)

This tagline from About Solanasis.md maps directly to three service pillars:

PILLAR 1 — SECURITY (Assessment & Verification) Things a buyer actively searches for. Entry points into the relationship.

Service	Why it’s standalone	SEO keywords	Source
Cybersecurity Assessment	Every SMB exec knows they need this. Easy sell.	”cybersecurity assessment small business”, “security assessment”, “IT security audit”	Mega Playbook wedge, Marketplace Sprint B
Disaster Recovery Verification	”Backups don’t matter until you restore.” Differentiator.	”backup testing”, “disaster recovery testing”, “restore verification”	Mega Playbook wedge, Marketplace Sprint A
Resilience Checkup	The full 10-day package — security + DR + ops review. Flagship.	”operational resilience assessment”, “security baseline”	ORB Pack v2

PILLAR 2 — RESILIENCE (Ongoing Leadership) Fractional executive services. These are SEARCHABLE services, not just upsells.

Service	Why it’s standalone	SEO keywords	Source
Fractional CISO	People actively search for “fractional CISO.” High-intent keyword. Security leadership on retainer.	”fractional CISO”, “vCISO”, “virtual CISO”, “outsourced CISO”	Company positioning (fCISO/fCTO/fCOO), Mega Playbook
Fractional CTO/COO	Technology and operations leadership.	”fractional CTO”, “fractional COO”, “outsourced CTO”	Company positioning

PILLAR 3 — OPERATIONS (Implementation & Optimization) Project-based services. Buyer-driven needs.

Service	Why it’s standalone	SEO keywords	Source
Migrations	”Migration Without Regret."	"data migration services”, “cloud migration”	Mega Playbook wedge
CRM Setup	”A CRM That People Actually Use."	"CRM implementation”, “CRM setup”	Mega Playbook wedge
Systems Integration	”Integrations That Don’t Break Weekly."	"systems integration”, “API integration”	Mega Playbook wedge
Responsible AI	”Useful AI with guardrails."	"responsible AI implementation”, “AI consulting”	Mega Playbook

FOLLOW-ON OFFERS (NOT service cards — mentioned contextually):

Offer	When offered	Where it appears
Remediation Sprint	After any assessment readout	”What happens next” in Checkup section

NOT ON THE PUBLIC SITE:

Compliance platform implementation (Vanta/Drata/Secureframe) — partner channel
PE portfolio services — partner channel
Marketplace sprints — sold on Catalant/BTG/Upwork

Key architecture decisions

Cybersecurity Assessment is a distinct, simpler entry point — not just the ORB rebranded. Faster, lower commitment. The “easy sell.”
DR Verification is standalone — the differentiator nobody else leads with.
Resilience Checkup bundles both + more — the flagship. Upsell path from either standalone.
Fractional CISO is a real, searchable service — not the branded “Fractional Resilience Partner.” People Google “fractional CISO.” This replaces the old “Fractional Resilience Partner” label.
Fractional CTO/COO — the ops/integration side of fractional leadership. Can be combined with or separate from fCISO.
Remediation Sprint is NOT a service listing — it’s a follow-on execution offer after an assessment.

2. SPECS — What Done Looks Like

When Phase 3 is complete, ALL of the following must be true:

2.1 New `/services` Page

Desktop + mobile nav: “Services” links to /services (not /#services)
“Resilience Checkup” removed from top-level nav (it’s on the homepage and services page)
Footer: “Services” link updated to /services
Homepage section id="services" renamed to id="what-we-do" to avoid route collision

2.3 Homepage Updates

Services section restructured into assessment services + implementation services
Remediation Sprint and Fractional Partner removed as service cards (they’re follow-on offers, shown in “What happens next”)
Cybersecurity Assessment and DR Verification added as service cards
No pricing on any card or section
Service cards link to /services#[anchor]
Section id changed from services to what-we-do

2.4 Contact Form Enhancement

Client-side JS reads ?service= query param and pre-selects dropdown
Dropdown options updated to match new service list (add cybersecurity-assessment, dr-verification; remove remediation, fractional-partner)
Query param values match <option value> attributes exactly

2.5 About Page Update

“What Solanasis Delivers” list updated to match actual service names
Link to /services page added

2.6 DRY Fixes (pre-existing debt)

BOOKING_URL constant from constants.ts used everywhere (currently hardcoded in 8+ places)
Service data extracted to src/lib/services.ts — shared between homepage and services page

2.7 Tests

/services added to smoke test page list (returns 200, no console errors)
/services added to SEO test page list (unique title, description, OG, canonical)
/services added to unique-title and unique-description tests
Services page navigation test: Nav “Services” link goes to /services
All service section anchors are present
Contact form pre-selection test: /contact?service=cybersecurity-assessment selects correct option
All existing tests still pass (no regressions)

3. FINDINGS — Current State Analysis

3.1 Current Site Structure

Pages (10):
  /                  Homepage (single-page design with 7 sections)
  /about             Founder bio + differentiators
  /contact           Contact form + sidebar
  /blog              Blog list
  /blog/[slug]       Blog post (4 posts, scheduled publishing)
  /newsletter        Newsletter signup
  /privacy           Privacy policy
  /terms             Terms of service
  /thank-you         Form confirmation (noindex)
  /404               Not found

Components (5):
  Nav.astro           Sticky header, desktop + mobile, hash anchors
  Footer.astro        Newsletter bar + 3-col grid + phone obfuscation
  FAQ.astro           10-item accordion (details/summary)
  NewsletterSignup.astro  Email form w/ Turnstile (inline/full variants)
  icons/LinkedInIcon.astro, XTwitterIcon.astro

Layouts (1):
  BaseLayout.astro    Head (SEO/OG/Cal.com) + Nav + slot + Footer

Libraries (2):
  src/lib/constants.ts     SENDER_EMAIL, SITE_NAME, SITE_URL, BOOKING_URL
  src/lib/api-helpers.ts   getEnv, validateEmail, verifyTurnstile, brevoHeaders, escapeHtml, jsonResponse

API Routes (2):
  /api/send-email           Contact form handler
  /api/newsletter-subscribe Newsletter handler

3.2 Current Homepage Services (index.astro lines 31-68)

// CURRENT — will be replaced
const services = [
  { title: 'Remediation Sprint', ... },      // REMOVE — follow-on offer, not a service
  { title: 'Fractional Resilience Partner', ... }, // REMOVE — follow-on offer
  { title: 'Migrations', ... },               // KEEP
  { title: 'CRM Setup', ... },                // KEEP
  { title: 'Integrations', ... },             // KEEP
  { title: 'Responsible AI', ... },           // KEEP
];
// MISSING: Cybersecurity Assessment, DR Verification — the easy-sell entry points

3.3 Contact Form Option Values (contact.astro lines 91-99)

Current options — needs updating:

Option Value	Display Text	Status
`resilience-checkup`	Resilience Checkup (10-day baseline)	KEEP
`remediation`	Remediation Sprint	REMOVE (follow-on offer)
`fractional-partner`	Fractional Resilience Partner	REMOVE (follow-on offer)
`migrations`	Migrations	KEEP
`crm-setup`	CRM Setup	KEEP
`integrations`	Integrations	KEEP
`responsible-ai`	Responsible AI	KEEP
`general`	General inquiry	KEEP

New options to add:

Option Value	Display Text
`cybersecurity-assessment`	Cybersecurity Assessment
`dr-verification`	Disaster Recovery Verification

Nav.astro (desktop lines 17-32; mobile lines 50-67):

/#why — Why
/#resilience-checkup — Resilience Checkup ← REMOVE
/#services — Services ← CHANGE TO /services
/#how-we-work — How We Work
/#faq — FAQ
/blog — Blog
/contact — Contact
Cal.com CTA button

Footer.astro (lines 41-47):

/#why — Why Solanasis
/#resilience-checkup — Resilience Checkup ← REMOVE
/#services — Services ← CHANGE TO /services
/blog — Blog
/about — About
/contact — Contact

3.5 CTA Button Pattern (DRY violation — 8+ instances)

The identical CTA markup with hardcoded href="https://go.solanasis.com/intro" appears in:

index.astro (3x), about.astro (1x), contact.astro (1x), Nav.astro (2x), Footer.astro (1x)

BOOKING_URL constant exists in constants.ts but is NOT imported or used anywhere. Fix: use the constant everywhere.

3.6 Section Pattern

<section id="anchor" class="py-16 md:py-24 bg-[parchment|warm-stone]">
  <div class="max-w-content mx-auto px-6">
    <h2 class="text-2xl md:text-3xl font-bold text-primary mb-8 text-center">Title</h2>
    <!-- content -->
  </div>
</section>

Sections alternate: bg-parchment / bg-warm-stone. Hero/CTA use bg-hero-gradient or bg-primary.

3.7 Card Pattern

<div class="bg-white rounded-card p-6 shadow-card hover:shadow-card-hover transition-shadow border border-warm-stone">

3.8 Checklist Item Pattern

<li class="flex items-start gap-2">
  <span class="text-accent mt-1 flex-shrink-0">&#10003;</span>
  <span>Text</span>
</li>

Not worth extracting to a component (3 lines, simple).

3.9 Test Infrastructure

File	Tests	Coverage
`smoke.spec.ts`	9	All pages return 200 + no console errors + 404
`seo.spec.ts`	6	Meta tags + unique titles/descriptions + noindex
`contact-form.spec.ts`	11	Form fields, validation, API, errors, loading states
`newsletter.spec.ts`	15	Footer + page forms, validation, API, errors
`cal-embed.spec.ts`	10	Booking buttons on all pages, modal, no old URLs
`mobile-nav.spec.ts`	3	Hamburger, toggle, link navigation
Total	49	All passing

Test patterns:

Page arrays in smoke.spec.ts line 3 and seo.spec.ts line 3 — add /services
test.describe() grouping, test.beforeEach() for nav
API mocking via helpers/api-mocks.ts
Selectors: #id for form fields, .class for components, data-* for Cal.com
Assertions: .toBeVisible(), .toContainText(), .toHaveAttribute(), .toHaveCount()

3.10 Pricing Policy

HARD RULE: No pricing on the website. All pricing data is in internal docs only. The website mentions “fixed-fee” as a trust signal but never shows dollar amounts, ranges, or “starting at” language.

3.11 Offerings Inventory

Offering	Pillar	Show on Site?	How?
Cybersecurity Assessment	Security (easy sell)	YES	Service card with problem-first hook
Disaster Recovery Verification	Security (differentiator)	YES	Service card with problem-first hook
Resilience Checkup (ORB)	Security (flagship)	YES	Featured section + comparison table
Fractional CISO	Resilience (ongoing leadership)	YES	Service card — high-SEO-value keyword
Fractional CTO/COO	Resilience (ongoing leadership)	PENDING Q1	May combine with fCISO or separate card
Migrations	Operations	YES	Service card
CRM Setup	Operations	YES	Service card
Systems Integration	Operations	YES	Service card
Responsible AI	Operations	YES	Service card
Remediation Sprint	Follow-on	Mentioned only	”What happens next” in Checkup section
Compliance Services	Partner channel	NO	—
PE Portfolio Services	Partner channel	NO	—
Marketplace Sprints	Platform channel	NO	—

4. SENIOR REVIEW — Issues & Resolutions

MUST FIX

#	Issue	Resolution
S1	”Resilience Checkup” in nav creates UX bounce between pages	Remove from top-level nav. Featured on homepage + services page.
S2	Homepage `id="services"` collides with `/services` route	Rename to `id="what-we-do"`
S3	`?service=` query param values must match contact form `<option value>`	Use option values as source of truth. Document the mapping.
S4	Query-param pre-selection must be client-side JS (static page)	Add to existing `<script>` block in contact.astro
S5	Mobile cards must be 1-col (2x2 overflows on 375px)	1-col mobile, 2-col `sm`, 4-col `lg`
S6	Any flow diagrams must be vertical on mobile	Flex-col below `md`

SHOULD FIX

#	Issue	Resolution
S7	`BOOKING_URL` constant unused (hardcoded 8+ places)	Fix during this phase
S8	Service data hardcoded in index.astro	Extract to `src/lib/services.ts`
S9	No trust signals on services page	Add trust section
S10	Missing JSON-LD for services page	Add `OfferCatalog` structured data (no pricing)
S11	`scroll-margin-top` needed for sticky nav anchors	Add CSS rule
S12	Missing SEO metadata for /services	Define title + description

CUT

#	Issue	Resolution
S13	”Why” section card grid redesign	CUT. Scope creep.
S14	Separate component for flow diagram	CUT. Build inline.

5. PLAN — Implementation Checklist

5.0 Pre-work: DRY fixes

5.0.1 Create src/lib/services.ts:

// @see _solanasis/website-config/03-services-expansion-plan.md (service architecture)
// @see _solanasis/playbooks/Mega_Playbook_Enterprise_SMB_Services.md
export interface Service {
  id: string;           // matches contact form option value
  title: string;
  tagline: string;
  icon: string;
  img: string;
  category: 'assessment' | 'implementation';
}
export const SERVICES: Service[] = [
  // Assessment services (entry points)
  { id: 'cybersecurity-assessment', title: 'Cybersecurity Assessment', tagline: 'Know where you stand', icon: '🛡️', img: '/images/stock/service-remediation.jpg', category: 'assessment' },
  { id: 'dr-verification', title: 'Disaster Recovery Verification', tagline: 'Prove your backups actually work', icon: '🔄', img: '/images/stock/service-partner.jpg', category: 'assessment' },
  { id: 'resilience-checkup', title: 'Resilience Checkup', tagline: 'The complete 10-day baseline', icon: '✓', img: '/images/stock/offer-checkup.jpg', category: 'assessment' },
  // Implementation services
  { id: 'migrations', title: 'Migrations', tagline: 'Controlled moves with validation', icon: '📦', img: '/images/stock/service-migrations.jpg', category: 'implementation' },
  { id: 'crm-setup', title: 'CRM Setup', tagline: 'A CRM that matches reality', icon: '📊', img: '/images/stock/service-crm.jpg', category: 'implementation' },
  { id: 'integrations', title: 'Systems Integration', tagline: "Secure workflows that don't silently break", icon: '🔗', img: '/images/stock/service-integrations.jpg', category: 'implementation' },
  { id: 'responsible-ai', title: 'Responsible AI', tagline: 'Useful AI with guardrails', icon: '🤖', img: '/images/stock/service-ai.jpg', category: 'implementation' },
];

5.0.2 Update index.astro to import from services.ts (remove inline services array)
5.0.3 Update all pages to import and use BOOKING_URL from constants.ts instead of hardcoded URLs: index.astro, about.astro, contact.astro, Nav.astro, Footer.astro
5.0.4 Run tests — all 49 must pass
5.0.5 Add scroll-margin-top: 5rem to global.css:
```
[id] { scroll-margin-top: 5rem; }
```

5.1 Create `/services` page

5.1.1 Create src/pages/services.astro
5.1.2 Add BaseLayout with SEO metadata:
- Title: "Services | Solanasis"
- Description: "Cybersecurity assessments, disaster recovery verification, data migrations, CRM setup, and more. Operational resilience services for growing organizations."
5.1.3 Add JSON-LD OfferCatalog schema (NO pricing)

5.1.4 Add source permalink:

<!-- @see _solanasis/website-config/03-services-expansion-plan.md -->

Hero Section (bg-primary):

5.1.5 H1 + subline (see Copy Spec §6.1)

Assessment Services Section (bg-parchment, id="assessment-services"):

5.1.6 Section heading: “Assessment & Verification”
5.1.7 3 cards in a row (grid sm:grid-cols-2 lg:grid-cols-3):
- Cybersecurity Assessment — tagline + 3 bullets + “Get started →” link to /contact?service=cybersecurity-assessment
- Disaster Recovery Verification — tagline + 3 bullets + “Get started →”
- Resilience Checkup — marked as “Flagship” — tagline + 3 bullets + “Get started →”
5.1.8 Below the Checkup card or as a subsection: brief “What happens next” text mentioning remediation sprint and fractional partner as follow-on options (NOT as service cards, just a sentence or two)

Resilience Checkup Detail Section (bg-warm-stone, id="resilience-checkup"):

5.1.9 Expanded view of the flagship: what we assess (6 areas), what you get (5 deliverables), quick wins, timeline
5.1.10 “What happens next” — 3 paths: self-execute, remediation sprint, or fractional partner (same as homepage)
5.1.11 CTA button: Book intro call

Implementation Services Section (bg-parchment, id="implementation-services"):

5.1.12 Section heading: “Implementation & Optimization”
5.1.13 4-card grid (grid-cols-1 sm:grid-cols-2 lg:grid-cols-4):
- Migrations, CRM Setup, Systems Integration, Responsible AI
- Each: title + tagline + 3 bullets + text link to /contact?service=[id]

Trust Signals Section (bg-warm-stone):

5.1.14 4 items: “23+ years hands-on experience” | “Based in Boulder, CO” | “Mutual NDA before any access” | “Fixed-fee — no hourly surprises”

Final CTA Section (bg-hero-gradient):

5.1.15 H2 + sub + CTA button + email link

5.2 Update Homepage

5.2.1 Rename id="services" to id="what-we-do" in index.astro
5.2.2 Replace the current 6-card services grid with the correct service list from services.ts:
- Assessment services (3 cards): Cybersecurity Assessment, DR Verification, Resilience Checkup
- Implementation services (4 cards): Migrations, CRM Setup, Systems Integration, Responsible AI
- Each card: icon + title + tagline + link to /services#[section-anchor]
- Group with subheadings or visual separator
5.2.3 Remove Remediation Sprint and Fractional Partner from the services grid (they’re not standalone services)
5.2.4 Keep the existing Resilience Checkup detail section (#resilience-checkup) as-is — it’s the primary homepage conversion piece

5.3 Update Contact Form

5.3.1 Update dropdown options in contact.astro:
- ADD: cybersecurity-assessment → “Cybersecurity Assessment”
- ADD: dr-verification → “Disaster Recovery Verification”
- REMOVE: remediation → “Remediation Sprint”
- REMOVE: fractional-partner → “Fractional Resilience Partner”
- Keep all others

5.3.2 Add query-param pre-selection JS to <script> block:

const params = new URLSearchParams(window.location.search);
const serviceParam = params.get('service');
if (serviceParam) {
  const select = document.getElementById('service') as HTMLSelectElement;
  if (select) {
    const option = select.querySelector(`option[value="${serviceParam}"]`);
    if (option) select.value = serviceParam;
  }
}

5.4.1 Nav.astro desktop: Remove “Resilience Checkup” link, change /#services to /services
5.4.2 Nav.astro mobile: Same changes
5.4.3 Footer.astro: Change /#services to /services, remove /#resilience-checkup

5.5 About Page Update

5.5.1 Update “What Solanasis Delivers” list (about.astro lines 43-60):
- Cybersecurity assessments + disaster recovery verification
- Data migrations
- CRM setup + systems integration
- Responsible AI implementation
5.5.2 Add link: “See all services →” pointing to /services

5.6 Tests

5.6.1 Add /services to smoke.spec.ts pages array
5.6.2 Add /services to seo.spec.ts pages array

5.6.3 Create tests/e2e/services.spec.ts:

test.describe('Services Page', () => {
  test('nav Services link goes to /services', async ({ page }) => {
    await page.goto('/');
    await page.locator('.hidden.lg\\:flex a:has-text("Services")').click();
    await page.waitForURL('**/services');
  });
 
  test('all service sections have anchors', async ({ page }) => {
    await page.goto('/services');
    for (const id of ['assessment-services', 'resilience-checkup', 'implementation-services']) {
      await expect(page.locator(`#${id}`)).toBeVisible();
    }
  });
 
  test('contact links include service query param', async ({ page }) => {
    await page.goto('/services');
    const link = page.locator('a[href*="contact?service="]').first();
    await expect(link).toBeVisible();
  });
});

5.6.4 Add to contact-form.spec.ts:

test('query param pre-selects service dropdown', async ({ page }) => {
  await page.goto('/contact?service=cybersecurity-assessment');
  const select = page.locator('#service');
  await expect(select).toHaveValue('cybersecurity-assessment');
});

5.6.5 Update existing contact form tests if they reference removed dropdown options (remediation, fractional-partner)
5.6.6 Run full test suite — all pass

5.7 Final Checks

5.7.1 Mobile responsive (375px) — all sections readable, no overflow
5.7.2 All internal links resolve
5.7.3 JSON-LD validates
5.7.4 Sitemap auto-includes /services
5.7.5 Commit + push to prod

6. COPY SPEC — Content for Services Page

All copy derived from approved source docs.

6.1 Hero

H1: “Services built around proof, not promises.”
Sub: “We help growing organizations know where they stand, prove they can recover, and build systems that actually work.”

6.2 Assessment & Verification Section

Section intro: “Whether you need a focused security review, proof your backups work, or a complete operational baseline — we start with the facts.”

Cybersecurity Assessment

Source: Mega Playbook “Security Posture Reality Check” wedge + Marketplace Sprint B
Tagline: “Know where you stand.”
Bullets:
- Environment inventory and risk mapping
- Top risks mapped to business impact
- Prioritized remediation roadmap
Note: This is a standalone assessment. For the full package including DR and operational review, see Resilience Checkup.

Disaster Recovery Verification

Source: Mega Playbook “Restore or Die” wedge + Marketplace Sprint A
Tagline: “Prove your backups actually work.”
Bullets:
- Real restore test (not just a checkbox)
- Time-to-restore measurement
- Recovery runbook + next drill cadence

Resilience Checkup (Flagship — visually prominent)

Source: orb_pack_v2/01_Offer_OnePager_Client.md
Tagline: “The complete 10-day baseline.”
Bullets:
- Combines security assessment + restore verification + operational review
- 5 deliverables: executive summary, risk register, 30/60/90 plan, maturity scorecard, restore runbook
- Up to 4 hours of quick wins included

6.3 Resilience Checkup Detail (expanded section)

What we assess (6 areas):

Identity & Access — Admin roles, MFA, shared accounts, least privilege
Email & Collaboration — Phishing controls, external forwarding, file sharing
Endpoints — Inventory, patching, disk encryption, AV/EDR
SaaS Posture — Admin access, orphaned accounts, key configuration risks
Backups & Restore — Coverage, retention, ransomware protections, real restore test
Operational Resilience — Critical workflows, vendor dependencies, incident roles

What you get (5 deliverables):

Executive summary (1-2 pages)
Risk register — prioritized, evidence-backed, with owners
30/60/90 action plan
Maturity scorecard (1-5 scale)
Restore verification runbook

Quick wins: Up to 4 hours of safe, reversible fixes.

Timeline: “10 business days. 3 calls (kickoff, mid-check, readout).”

What happens next (3 paths):

You run the plan (we hand off cleanly)
We implement the top fixes via a remediation sprint
We stay on as your fractional Resilience Partner

6.4 Implementation & Optimization Section

Section intro: “Beyond assessments, we help you move, build, connect, and automate — with the same rigor.”

Migrations

Tagline: “Controlled moves with validation.”
Migration architecture + rollback strategy
Data mapping + validation checks
Day-2 operations runbook

CRM Setup

Tagline: “A CRM that matches reality.”
Platform selection + workflow design
Training + adoption support
Dashboards leadership actually checks

Systems Integration

Tagline: “Secure workflows that don’t silently break.”
API and iPaaS evaluation
Retry logic, alerting, runbooks
Source-of-truth rules + data quality

Responsible AI

Tagline: “Useful AI with guardrails.”
Use-case identification + prioritization
Implementation with proper access controls
Accountability framework

6.5 Trust Signals

“23+ years hands-on experience”
“Based in Boulder, CO”
“Mutual NDA before any access”
“Fixed-fee — no hourly surprises”

6.6 Final CTA

H2: “Not sure where to start?”
Sub: “Book a quick intro call and we’ll figure out the right first step together.”
CTA: Book a 30-min intro call + email link

7. FILES CHANGED

File	Action	What Changes
`src/lib/services.ts`	CREATE	Service data array + types (7 services)
`src/pages/services.astro`	CREATE	Full services page
`src/pages/index.astro`	EDIT	Import services.ts, rename id, restructure services grid
`src/pages/contact.astro`	EDIT	Update dropdown options + add query-param JS
`src/pages/about.astro`	EDIT	Update service list + add /services link
`src/components/Nav.astro`	EDIT	Remove Resilience Checkup link, change Services href
`src/components/Footer.astro`	EDIT	Update Services href, remove Resilience Checkup link
`src/styles/global.css`	EDIT	Add scroll-margin-top rule
`tests/e2e/smoke.spec.ts`	EDIT	Add `/services` to pages array
`tests/e2e/seo.spec.ts`	EDIT	Add `/services` to pages array
`tests/e2e/services.spec.ts`	CREATE	Services page tests
`tests/e2e/contact-form.spec.ts`	EDIT	Add pre-selection test, update for changed options

Total: 12 files (3 new, 9 edited)

8. WHAT DOES NOT CHANGE

Blog structure, content, and template
Newsletter functionality
Privacy/Terms pages
API endpoints
Deployment pipeline / CI/CD
Tailwind config / design tokens
Cal.com booking integration (mechanism unchanged, using constant)
FAQ component content
How We Work section content
Homepage Hero section
Homepage Resilience Checkup detail section (the 2-column layout stays)
BaseLayout structure
Turnstile / phone obfuscation

9. CLARIFYING QUESTIONS

Instructions: Pick a letter for each question and add any notes. Once all 6 are answered, implementation begins.

Q1: Fractional CISO / CTO / COO — how do we present this?

(a) One card: “Fractional CISO” — the security-leadership angle is the most searchable. Fractional CTO/COO is implied or mentioned as “we also provide technology and operations leadership.”
(b) Two cards: “Fractional CISO” + “Fractional CTO/COO” — separate offerings, separate descriptions, both on the services page.
(c) One card: “Fractional Leadership (CISO / CTO / COO)” — combined, explains we offer all three as needed.
Context: “fractional CISO” is a high-value SEO term on its own.

Answer:

Q2: Cybersecurity Assessment vs. Resilience Checkup — how distinct?

(a) Different scopes: Cybersecurity Assessment is lighter/faster (security-only, no restore test). Resilience Checkup is the full 10-day package.
(b) Same engagement, different framing: “Cybersecurity Assessment” is the SEO-friendly name for the same thing.
(c) Subset: Cybersecurity Assessment is what we do in the first few days of a Checkup, but can be sold standalone.

Answer:

Q3: DR Verification — standalone or always bundled?

(a) Fully standalone — just the restore test + runbook.
(b) Listed separately but steered to Checkup — on the page for SEO, but in practice we upsell.

Answer:

Q4: Competitive positioning section — include on services page?

(a) Yes — a short “Where Solanasis fits” section: not an MSP, not Big 4, not a freelancer.
(b) No — let the service descriptions speak for themselves.

Answer:

Q5: “Who this is for” specificity — how explicit?

(a) Explicit on the services page: “For professional services firms, nonprofits, and growing teams with 10-150 people on Microsoft 365 or Google Workspace.”
(b) Keep it general — don’t narrow the funnel too early.

Answer:

Q6: Blog-to-service CTAs — add now or defer?

(a) Now — add a contextual service CTA to each of the 4 existing blog posts (free conversion boost).
(b) Defer — keep Phase 3 focused on the services page.

Answer:

10. MARKETING ENHANCEMENTS (expert-level additions)

These go beyond “list the services” into what a senior B2B marketer would insist on:

10.1 Problem-First Framing (each service)

Don’t lead with what we do — lead with the pain the buyer feels.

Service	Pain-first hook
Cybersecurity Assessment	”Your last IT person left and nobody knows the admin passwords.”
DR Verification	”You’re paying for backups you’ve never tested.”
Resilience Checkup	”You’re one bad week away from finding out what’s actually broken.”
Fractional CISO	”You need security leadership but can’t justify a $250K hire.”
Migrations	”Your migration is six months behind and nobody wants to own it.”
CRM Setup	”Your team built workarounds on top of workarounds.”
Systems Integration	”Your integrations break every time someone updates something.”
Responsible AI	”Your team is using AI tools with no guardrails or policies.”

These appear as the first line of each service description, before the solution.

10.2 “Who This Is For” Section

A short, specific section on the services page (after the hero, before services):

We work with professional services firms, nonprofits, and growing teams (10-150 people) running Microsoft 365 or Google Workspace. Based in Boulder, CO — working nationwide.

This does three things:

Qualifies the visitor immediately (saves everyone time)
Builds trust through specificity
SEO signal for local + industry keywords

10.3 Technology Signals

Somewhere on the services page (could be a compact strip or part of trust signals):

Microsoft 365 / Google Workspace / AWS / Azure
Common SaaS platforms (Salesforce, HubSpot, QuickBooks, etc.)
Compliance frameworks (SOC 2, HIPAA, PCI where relevant)

This is what SMB buyers look for — “do they know our tools?“

10.4 Competitive Positioning

A brief section (4 compact cards or a single paragraph):

Not an MSP — we don’t manage your systems day-to-day. Not a Big 4 firm — no six-figure minimums or 200-page reports. Not a freelancer — we’re a team with process and accountability. We’re the operational resilience partner for organizations that have outgrown luck.

10.5 Service Comparison Helper

For the assessment services specifically — help confused visitors:

	Cybersecurity Assessment	DR Verification	Resilience Checkup
Focus	Security posture	Backup & restore	Security + DR + operations
Scope	Risk map + plan	Restore test + runbook	Full baseline + 90-day plan
Best for	”We need a security review"	"Do our backups actually work?"	"Give us the complete picture”

Lightweight HTML table or card comparison. Helps buyers self-select without needing a call.

10.6 Blog-to-Service CTAs

The 4 existing blog posts map directly to services:

Blog Post	Maps to Service	CTA
”What to Expect From a Security Assessment”	Cybersecurity Assessment	”Ready for your assessment? →"
"How to Build a Disaster Recovery Plan”	DR Verification	”Let us test your recovery →"
"Password Manager for Growing Organizations”	Cybersecurity Assessment	”Get a full security review →"
"Why Your CRM Is a Bigger Risk Than You Think”	CRM Setup	”Let’s fix your CRM →”

Add a brief CTA block at the end of each blog post linking to the relevant service. This is free conversion optimization.

10.7 Team Expertise Reference

Now that we have Dmitri + Patrick on the About page, reference their expertise on the services page trust section:

Instead of generic “23+ years experience”, link to the people:

“Led by Dmitri Sunshine (23+ years enterprise architecture) and Patrick McHeyser (NOLS leadership + software engineering)” with a “Meet the team →” link to /about.

10.8 Typical Engagement Outcomes

Even without named client testimonials, describe what a typical engagement produces:

Typical Resilience Checkup result: 15-25 risks identified and prioritized. 4-6 quick wins implemented same week. Restore time validated. A 90-day plan your team can actually execute.

This gives the buyer a concrete picture of what they’re getting.

11. RISK & ROLLBACK

Risk: Removing Remediation Sprint / Fractional Partner from contact dropdown could lose some inbound leads → Low risk (these are offered during conversations, not searched for)
Risk: Homepage id rename breaks bookmarked /#services links → Low risk (site is new, minimal external links)
Risk: Nav changes may affect Cal.com test counts → Mitigated by running test suite after changes
Rollback: Single git revert of the merge commit

Solanasis Docs

Explorer

03-services-expansion-plan

Solanasis Website — Services Expansion Plan (Phase 3)

0. HARD RULES

1. SERVICE ARCHITECTURE — The Key Insight

What changed from the original plan

The company is: “Security. Resilience. Operations.” (fCISO / fCTO / fCOO)

Key architecture decisions

2. SPECS — What Done Looks Like

2.1 New /services Page

2.2 Navigation Updates

2.3 Homepage Updates

2.4 Contact Form Enhancement

2.5 About Page Update

2.6 DRY Fixes (pre-existing debt)

2.7 Tests

3. FINDINGS — Current State Analysis

3.1 Current Site Structure

3.2 Current Homepage Services (index.astro lines 31-68)

3.3 Contact Form Option Values (contact.astro lines 91-99)

3.4 Navigation Links

3.5 CTA Button Pattern (DRY violation — 8+ instances)

3.6 Section Pattern

3.7 Card Pattern

3.8 Checklist Item Pattern

3.9 Test Infrastructure

3.10 Pricing Policy

3.11 Offerings Inventory

4. SENIOR REVIEW — Issues & Resolutions

MUST FIX

SHOULD FIX

CUT

5. PLAN — Implementation Checklist

5.0 Pre-work: DRY fixes

5.1 Create /services page

5.2 Update Homepage

5.3 Update Contact Form

5.4 Update Navigation

5.5 About Page Update

5.6 Tests

5.7 Final Checks

6. COPY SPEC — Content for Services Page

6.1 Hero

6.2 Assessment & Verification Section

6.3 Resilience Checkup Detail (expanded section)

6.4 Implementation & Optimization Section

6.5 Trust Signals

6.6 Final CTA

7. FILES CHANGED

8. WHAT DOES NOT CHANGE

9. CLARIFYING QUESTIONS

Q1: Fractional CISO / CTO / COO — how do we present this?

Q2: Cybersecurity Assessment vs. Resilience Checkup — how distinct?

Q3: DR Verification — standalone or always bundled?

Q4: Competitive positioning section — include on services page?

Q5: “Who this is for” specificity — how explicit?

Q6: Blog-to-service CTAs — add now or defer?

10. MARKETING ENHANCEMENTS (expert-level additions)

10.1 Problem-First Framing (each service)

10.2 “Who This Is For” Section

10.3 Technology Signals

10.4 Competitive Positioning

10.5 Service Comparison Helper

10.6 Blog-to-Service CTAs

10.7 Team Expertise Reference

10.8 Typical Engagement Outcomes

11. RISK & ROLLBACK

Graph View

Table of Contents

Backlinks

2.1 New `/services` Page

5.1 Create `/services` page