Your security director — without hiring one full-time

We give your SME an expert part-time CISO from €600/month. We make you NIS2, ENS and ISO 27001 compliant, prepare you for audits, and respond when something happens.

Request a free diagnosis

Why SMEs need a vCISO

NIS2 requires companies within its scope to have a designated security officer. Hiring an in-house full-time CISO costs between €60,000 and €100,000/year in salary alone, not counting benefits or training. Most SMEs don’t need that full-time — but they do need the expertise.

A vCISO (virtual or external CISO) gives you access to an experienced cybersecurity professional at a fraction of the cost, with the flexibility to scale to your needs. We guide you through compliance, help implement controls, and conduct internal audits — with no need to hire anyone new.

vCISO Packages

🟢 Essentials — €600/month

  • Initial situation assessment
  • Basic documented security policy
  • Monthly control review
  • Urgent support channel (response within 4 business hours)
  • Quarterly report for management
Get started with Essentials

🔵 NIS2 — €1,700/month ⭐

  • Everything in Essentials
  • Personalised NIS2 compliance roadmap
  • Implementation of technical and organisational controls
  • Incident management and notification to INCIBE/AEPD when required
  • Preparation for client and supplier audits
  • Staff training (up to 2 sessions/year)
  • Monthly status and progress report
Get started with NIS2

How we work

  1. Free initial assessment (45 min) — we understand your current situation
  2. Personalised proposal — we present the plan and recommended package
  3. Onboarding (first month) — documentation, security policy, priorities
  4. Monthly follow-up — reviews, controls and ongoing support

Frequently asked questions

Does Funhelps hold ISO 27001 certification? We do not hold our own certification. We support SMEs in achieving compliance with the standard: we help implement the necessary controls and conduct a preparatory internal audit. Our team includes a Lead Auditor ISO 27001 currently in the accreditation process.

How is this different from a cybersecurity consultancy? A consultancy delivers a report and leaves. We are your external CISO: we respond when something happens, prepare you for audits, and support you month after month until compliance becomes a habit, not a one-off project.

Book your free diagnosis