Ordering Logic: To scale existing mandates with tiered credits and avoid redundant setup fees, please utilize our Payment Portal. Use this Catalog for new service enrollments and distinct structural orders only. To ensure absolute fiscal transparency, all hardware, cloud services, and VoIP usage are delivered as pure MSRP pass-throughs.
The Stewardship Model: Provision for a specific number of Personas that evolve with your organization, irrespective of the individuals assigned to them. Mix and match Mandates to suit your workforce (5-unit minimum per type). Annual Mandates provide one month of stewardship at no additional cost for your long-term core, while Monthly Mandates maintain an operational buffer for contractors and temporary staff.
Marginal Scaling: We apply Scaled Stewardship Credits to every progressive tier of your estate: 5% (units 10 to 25), 10% (units 26 to 100), and 15% (units 101 to 400). This ensures your average cost per unit decreases as your operational maturity increases, reflecting the architectural efficiencies gained as you scale.
The Genesis Mandate: Before a firm is accepted into a long-term residency, we must establish a Baseline of Sovereignty. This initial project consists of a Discovery Audit to detect and address technical debt. While our ongoing mandates focus on the buildup and evolution of your environment, the Genesis Mandate handles the initial cleanup and documentation. This is the first item to purchase in the Projects section below.
Foundation Fees: These one-time, organization-level engineering fees cover the architectural hardening of your primary tenants and virtual environments. Paid only once per organization, these fees ensure your governance and security are architected correctly from day one. If a foundation has already been established, apply the following waiver codes at checkout:
| Environment | Foundation Name | Waiver Code |
|---|---|---|
| Microsoft 365 | 365 Foundation Fee | 365-foundation-waived |
| Google Workspace | GWS Foundation Fee | GWS-foundation-waived |
| macOS | MOS Foundation Fee | mac-foundation-waived |
| ChromeOS | COS Foundation Fee | cos-foundation-waived |
| Azure Virtual Desktop | AVD Foundation Fee | AVD-foundation-waived |
| Virtual App Delivery | VAD Foundation Fee | VAD-foundation-waived |
Asset Hardening Fees: Unlike organization-level Foundations, these charges apply to each individual piece of hardware (physical or virtual). Every asset, new or pre-existing, must be hardened to cover provisioning, persona alignment, and architectural security. The quantity of hardening setups is not automatically tied to the number of mandates ordered; you must manually select the quantity in the dropdown to match your specific hardware count at the time of the order. These setups can also be procured individually in the Add-ons section below for subsequent adjustments or asset replacements.
Maintenance Absorption: Assets vetted by a Principal Steward qualify for our "One-In, One-Out" policy. This ensures that any standardized device replaced during a mandate is hardened and integrated at no additional cost for the remainder of that term.
Once you have deployed your order, please register and log into this site to manage your onboarding. Your Principal Steward will guide you through your first deployments, onboardings, and offboardings.
Core Stewardship Mandates (Cloud Personas)
Microsoft
Cross Platform / Multi-Cloud
Microsoft 365 + Google Workspace, Zoho, Proton...
Microsoft
Note: Base mandate includes stewardship for two standard virtual machines.
Note: Per‑user Windows 10/11 Business subscription included for Microsoft 365 Business Premium users.
Note: High-transaction or high-compliance workloads require a premium MRR to reflect increased monitoring labor.
Cross Platform / Multi-Cloud + Virtual Desktop
Microsoft
Virtual App Delivery
Persona Mandate Add-ons
Beyond resilience, these virtual desktops function as on‑demand, high‑performance workstations, providing scalable CPU and GPU resources for workloads like CAD without forcing costly local hardware upgrades. This unified model ensures consistent governance and identity‑driven access controls across both cloud‑hosted and self‑hosted infrastructure.
Note: A Virtual Desktop functions as a distinct, enterprise-grade endpoint within your environment. To maintain platform integrity, each instance requires the same rigorous security and management posture as a physical workstation. This fee is commensurate with the essential licensing and tooling required to secure and manage this secondary environment.
Note: This mandate is delivered using Azure Virtual Desktop (AVD) or a private VDI environment to meet your firm’s governance, security, and data residency requirements. See the HCI and Golden Image mandates below.
[Note: Windows Server and CALs not included. RDS CALs included
[Note: e.g. Licensing not included][Note: e.g. Licensing not included]
[Note: e.g. Licensing not included][Note: e.g. Licensing not included]
[Note: e.g. Licensing not included]Infrastructure Asset Mandates (Managed Assets)
[Note: e.g. Licensing not included]
[Note: e.g. Licensing not included]Note: Microsoft licensing and third-party hosting fees not included
Note: Virtual machines on managed HCI clusters qualify for a 25 percent reduction to account for host-level administration already covered by the HCI mandate.Note: No setup fee applies for robust, remotely manageable preexisting LANs
Note: This protection is included in the Managed Server mandate but is available as a standalone service for self-managed or Legacy Sustainment assets.
[Note: e.g. Licensing not included]This platform is purpose‑built to host stateful line‑of‑business applications and persistent virtual desktops with predictable performance. By replacing volatile, consumption-based cloud billing with a durable, fixed-cost asset, this sovereign architecture reduces long-term spend while providing a resilient foundation for projecting these workloads across the local network and the global edge.
Note: While HCI typically becomes more cost‑effective than public cloud equivalents at approximately 75 persistent desktops, this threshold is often lower when the infrastructure also supports legacy, specialized, or CPU/GPU‑intensive workloads requiring dedicated and predictable resources.
Note: For VDI use, a separate Golden Image Stewardship mandate is required to manage shared desktop images and control platform‑wide changes.
Zero Trust
Note: To satisfy SOC 2 Chain of Custody, we fund and manage the ZTNA provider directly
Zero Trust
Note: To satisfy SOC 2 Chain of Custody, we fund and manage the ZTNA provider directly
Credential Governance
[Note: e.g. Licensing not included]
[Note: e.g. Licensing not included]Legacy Asset Mandates (Business Continuity)
Note: Per Microsoft Specification, 3 Domain Controllers are required for high Availability.
Note: foundation fee waived for preexisting server. Microsoft Licenses not included.
Note: Per Microsoft Specification, 2-node Failover cluster is required for high Availability.
Note: Setup fee waived for preexisting server. Microsoft Licenses not included.
Strategic Project Mandates (Prepaid Blocks)
Note: to ensure a comprehensive transition, the Genesis Mandate requires a minimum 10-hour commitment for the initial Discovery Audit and a 40-hour Strategic Mandate for the subsequent hardening phase.
Note: Use Code INNET for 15% off project labor, reflecting the management overhead already satisfied by your monthly mandate.Note: Initial user migrations are included in our Cloud Productivity Suite mandates with yearly commitments.
Note: for the virtualization of legacy servers or specialized applications, please call to discuss your specific architecture.Note: Strategic Mandates of 40 hours or more qualify for a 10% Governance Credit, providing a pre-paid value bonus and priority scheduling for large-scale advisory and engineering projects.
Note: Use Code INNET for 15% off project labor, reflecting the management overhead already satisfied by your monthly mandate.Note: Strategic Mandates of 40 hours or more qualify for a 10% Governance Credit.
Note: Use Code INNET for 15% off, reflecting that we already own the documentation and access through your monthly mandate.Note: Remediation services are strictly excluded from all discounts and volume credits.
Note: If you transition to a Genesis Mandate within 30 days of your Snapshot, the $1,500 fee is fully credited toward your first month of service.
Note: Strategic Mandates of 40 hours or more qualify for a 10% Governance Credit.
Note: Use Code INNET for 15% off, reflecting that we already own the documentation and access through your monthly mandate.Note: to ensure a comprehensive transition, the Genesis Mandate requires a minimum 10-hour commitment for the initial Discovery Audit and a 40-hour Strategic Mandate for the subsequent hardening phase.
Note: Use Code INNET for 15% off project labor, reflecting the management overhead already satisfied by your monthly mandate.The Stewardship Toolkit
[Note: e.g. Licensing not included]
[Note: e.g. Licensing not included][Note: e.g. Licensing not included]
[Note: e.g. Licensing not included][Note: e.g. Licensing not included]
[Note: e.g. Licensing not included]Auxiliary mandates and stewardship extensions.
[Note: e.g. Licensing not included]
[Note: e.g. Licensing not included]Note: the $10/user monthly fee is waived for Full Concierge Enterprise and Federated Enterprise mandates.
Note: the $150 Identity Initialization is a mandatory one‑time requirement for every Atelier user.[Note: e.g. Licensing not included]
[Note: e.g. Licensing not included]Service catalog (3)
Invest only in the architecture your firm requires. Our model allows you to provision for a specific number of personas that can evolve with your organization, irrespective of the individuals assigned to them. You may mix and match mandates to suit your workforce, provided that a minimum of 5 users applies for each mandate type.
Establish a stable foundation for your Long-Term Core of employees or contractors with Annual Mandates to receive two months of stewardship at no additional cost. Maintain an Operational Buffer with Monthly Mandates for contractors, temporary staff, probationary hires, and staff contractions. Every engagement begins with one of our core Concierge Stewardship Mandates; all additional units are optional extensions of your environment.
Our mandates incorporate Scaled Stewardship Credits that align your investment with the operational maturity of your firm. Efficiency credits of 5% (26–100 users) and 10% (101–400 users) are applied automatically to our core service offerings. Every Full Concierge mandate includes the 1.20 Readiness Standard, which maintains a 20 percent hardware buffer of pre-configured Ready Units to ensure a 15-minute return to billability in the event of equipment failure. Initial deployments are subject to a one-time Setup Fee per unit to cover the provisioning, persona alignment, and architectural hardening of the user’s environment. To benefit from tiered pricing and avoid recurring setup fees when enrolling additional users into an existing mandate, please use our payment portal. For new service enrollments or distinct orders, utilize this Catalog.
Once you have deployed your order or adjusted a mandate, the next step is to initiate the onboarding or offboarding process. You must be registered and logged into this site to manage these transitions. Your Principal Steward will guide you through your first deployments, onboardings and offboardings.
ooooooooooooooo
oooooooooooooo
| Service/Mandate | Description | Price | Commitment |
|---|---|---|---|
| Full Concierge Single-Cloud Microsoft | The Executive Standard. A bespoke protective shield for your primary team, ensuring uninterrupted billability and durable performance through permanent, high-trust stewardship. | $225 per unit / month Check our Service Blueprints for more information. | |
| Full Concierge Enterprise Cross Platform / Multi-Cloud Microsoft 365 + Google Workspace, Zoho, Proton... | The Multi-Cloud Standard. Advanced governance for teams operating across fragmented cloud ecosystems and diverse hardware platforms. This mandate eliminates administrative islands, keeps systems aligned, and supports a frictionless experience while mitigating orphaned data and identity risks. | $300 per unit / month Check our Service Blueprints for more information. | |
| Full Concierge Single-Cloud | The Hardened Baseline. This mandate is designed for firms seeking to harden their perimeter and reduce capital hardware costs for task-oriented and cloud-native teams. It combines the near-impenetrable, "ransomware-proof" security of Google Chromeboxes with seamless, browser-based access to essential Windows applications via an optional Virtual App Delivery (VAD) layer. | $160 per unit /month Check our Service Blueprints for more information. | |
| Concierge Cloud Workspace Microsoft | The Digital Clean Room. Secure virtual workspaces for contractors and BYOD users. A controlled, on‑your‑soil digital environment delivered through Azure Virtual Desktop that enables external talent to work within your firm’s ecosystem and security standards without the need for company‑owned hardware. | $160 per unit /month Check our Service Blueprints for more information. | |
| Full Concierge Federated Enterprise Cross Platform / Multi-Cloud + Virtual Desktop | This is the apex of stewardship, unifying multi‑cloud governance with full‑stack virtualized resilience. Built for high‑compliance sectors like FinTech and Defense, it combines federated identity across all SaaS platforms with the isolation of a Digital Clean Room. This integrated mesh enables zero‑day productivity on any platform or device while maintaining a Zero‑Trust posture that meets SOC 2 standards. | $160 per unit /month Check our Service Blueprints for more information. | |
| Concierge Frontline Microsoft | Frontline Mobility Governance. Many field-based roles operate entirely on mobile phones, tablets, and web apps. This mandate delivers secure, efficient productivity for your mobile team without the licensing or management overhead of a primary desk workstation. It protects the communication silos where institutional intelligence resides and applies identity-driven governance to maintain firm-wide standards. | $160 per unit /month Check our Service Blueprints for more information. | |
| Concierge Cloud Workroom Virtual App Delivery | The Surgical Clean Room. Secure virtual application delivery for contractors and BYOD users. A surgical, on‑your‑soil digital environment delivered natively through the Chrome browser that enables external talent to access critical Line‑of‑Business apps within your firm’s high‑governance ecosystem on any device, company‑owned or not, without the complexity of a full virtual desktop. | $110 per unit /month Check our Service Blueprints for more information. |
| Service/Mandate | Description | Price | Commitment |
|---|---|---|---|
The Managed Asset Add-on device stewardship beyond your 20% buffer | "Shields Up" Stewardship for the "silent infrastructure" that anchors your office: hot spares, secondary workstations, lobby terminals, conference room hardware, and home office. This mandate ensures every unmanned device remains fully patched, hardened, monitored, documented, and ready for work the moment it is activated. | $100 per unit/month with annual commitment 5 units min. on first order $1200 one-time setup fee/org Check our Service Blueprints for more information. | |
The Managed Server Server stewardship for on-site or cloud-hosted systems | Comprehensive oversight for your firm's server infrastructure. This mandate covers the setup, cyber-protection, and administration of physical or virtual Windows and Linux systems, on-site or in the cloud. Stewardship applies to systems such as Line of Business applications, databases, and backup infrastructure. Expert management of the technical layer ensures data remains accessible and under your total control. | login Note: Microsoft licensing and third-party hosting fees not included Note: Virtual machines on managed HCI clusters qualify for a 25 percent reduction to account for host-level administration already covered by the HCI mandate. | login |
The Managed Network Stewardship for sites beyond your primary office | Office Connectivity Stewardship. Comprehensive oversight for your office connectivity infrastructure. This mandate covers the setup and administration of the stateful gateway, firewalls, and switching fabric. Stewardship applies to services such as Multi-WAN routing, VLAN segmentation, VPN access, and IDS/IPS for one physical /24 subnet. Expert management of the gateway ensures the network remains secure, optimized, and under your total sovereignty. | $350 per network/month with annual commitment log in for details Check our Service Blueprints for more information. Note: No setup fee applies for robust, remotely manageable preexisting LANs | login |
Cloud Workload Protection Provisioned within The Managed Server mandate | Active compliance and hardening for Linux and Windows systems. This mandate provides the specialized tools and OSSEC rules required to satisfy stringent data security and privacy standards. Stewardship ensures infrastructure remains audit-ready through continuous monitoring and defensive hardening. Supported frameworks include NIST 800-171, JSIG, PCI DSS, GLBA, GDPR, HIPAA, and others. | login Note: This protection is included in the Managed Server mandate but is available as a standalone service for self-managed or Legacy Sustainment assets. | login |
The Hyperconverged Cluster (HCI) | Comprehensive oversight for on-premises data center infrastructure. This mandate provides a resilient, software-defined platform for workloads where the cloud is not cost-effective or suitable. Stewardship applies to multi-node hardware, typically a 2U 4-Node architecture, integrating compute, storage, networking, and backups. This infrastructure achieves operational cost-efficiency at four concurrent virtual machines, with total capital break-even typically occurring within a thirty-eight month hardware lifecycle. | $60 per node/month Check our Service Blueprints for more information. | login |
Sovereign Mesh ZTNA | The Dark Network. An optional network‑level encapsulation layer required only for firms maintaining a SOC 2 compliant posture. This ZTNA extension "cloaks" your critical servers, applications, and endpoints, removing their visibility from the public internet entirely. Access is restricted to certificate‑validated devices running the Sovereign Mesh client, which enforces immutable logging and kernel‑level device posture checks. | login Note: Requires client installation on all end‑user devices | login |
The Concierge Cloud Vault Provisioned within any of our Full Concierge mandates | Collaborative enterprise vault. Self‑hosted and single‑tenant, this multi‑user system provides secure, shared password management for your entire team. The zero‑knowledge OpenPGP architecture ensures passwords remain private even from your Steward, while allowing for instant user revocation. GDPR compliant, tracker‑free, and accessible via any device or browser. | login | login |
| Service/Mandate | Description | Price | Commitment |
|---|---|---|---|
| Active Directory Domain Controller(s) and Member(s) | Stewardship of your legacy AD/DS or hybrid AD Domain Controller(s). On-premises or cloud-hosted. Administration and cyber-protection while we move your environment to M365 or as a permanent solution when M365 is not suitable. FOSS option available. | login | login |
| Legacy File Server | Stewardship of your legacy workgroup on-premises File Server. Administration and cyber-protection while we move your files to SharePoint or Google Drive or as a permanent solution when cloud storage is not suitable. Microsoft Licenses not included. FOSS option available. | login Note: HCI required for High Availability. Note: Setup fee waived for preexisting server. Microsoft Licenses not included. | login |
| Service/Mandate | Description | Price | Commitment |
|---|---|---|---|
| Proton Cloud Add-on | Mail, File Shares, Calendar, Proton Mail Bridge, and VPN for your administration, R&D, or entire organization. User accounts setup, administration, and support only. | login | login |
| Cryptpad Collaborative Suite Add-on | Real-time editing & collaboration: Sheets, Docs, Slides, Kanban, Code, Drive, etc. User accounts setup, administration, and support only. | login | login |
| Cryptpad Server | Optional Self-hosted single-tenant Cryptpad server setup, hosting, cyber-protection, and administration. | login | login |
| Service/Mandate | Description | Price | Commitment |
|---|---|---|---|
| Standalone Team Password Manager | Enterprise Password Manager hosted in a single-tenant server. User-owned secret keys and 100% asymmetric end-to-end security backed by OpenPGP. GDPR Compliant. No tracker. Easy user revocation. Runs on any device and browser. | login | login |
Project and Other Services
Service/MandateDescriptionPriceCommitmentCloud MigrationsMigration of mail, calendars, and drives to the Cloud, from one Cloud platform to another, or back to HCI cluster. For the virtualization of legacy servers and applications, please call. (Note: the initial user migration is included in our cloud productivity suites plans.)loginloginIT ConsultingTechnology reviews, road-mapping, enterprise application implementation, whenever out of the scope of our standard plans (rate available to plan holders only)loginloginAdvanced Networking ConsultingDesign, setup, protection, and administration of networks with complex topological features: multi-locations, hybrid networks, large scale, load-balancing, etc.loginloginAdvanced Virtualization ConsultingDesign, setup, protection, and administration of complex HCI environments: high availability storage requirements (e.g.: CEPH), complex migrations, networking, etc.loginloginBreak/Fix
Our default rate for out-of-scope work, reactive, or work resulting from the client's neglect of any provisions of our terms (or disregard of our recommendations) that would result in damage. Service offered on a best effort basis.
$350 per hour
1 hour min.
USD Order Now
EUR Order Now
Written Information Security Plan (WISP)Definition of the objectives, purpose, and scope of your plan, assessment of risks, hardware inventory, documentation of safety measures in place, drafting of implementation clause, and compilation of ancillary attachments following GLBA and IRS guidelines.loginloginHIPAA ProcedureDefinition of the purpose, and scope of your procedure, definition of roles, documentation of safety measures in place, standards of conduct, internal monitoring and auditing, disciplinary guidelines and corrective actions, following the Department of Health and Human Services (HHS) Privacy Rule.loginloginAdvanced Compliance ConsultingLet us help you liaise with select specialized vendors and achieve full compliance in a way that is commensurate with the needs and means of a midsize business.loginloginStructured Cabling SystemDesign and installation of Ethernet LAN Cat 6+ cabling systems according to IEEE 802.3 standard. For complex or large networks, please call.loginlogin| Service/Mandate | Description | Price | Commitment |
|---|---|---|---|
| GWSL + OpenInWSL | GWSL lets you run graphical Linux applications on Windows 10/11 whether these applications run locally on WSL or remotely on a Linux server. Licenses and support. | $10 per user/device/month 5 users min. on first order | USD Yearly EUR Yearly |
| Time Squeeze | Track your computer activity, improve your productivity, and bill every moment with Time Squeeze. Time Squeeze tracks the time spent on apps, tabs, and file names, and it lets you associate this data with clients and project without interfering with your work. Licenses and support. | $20 per user/device/month with annual commitment 5 users min. on first order |
New Cloud Onboarding
Registration and login required to display content.
Cloud Collaboration Success Map
Navigating the Frontier of Third-Party Environments
At Concierge CIO Partners, we believe professional collaboration shouldn't come at the cost of firm sovereignty. This Success Map is your guide to integrating new third-party platforms into your firm’s secure ecosystem.
Before any third-party platform is introduced to the "Mainland," it must undergo a formal audit. To begin this process, please submit a Pre-Flight Checklist . This registration allows the Principal Steward to vet the environment for security, insurance compliance, and the architectural fit required to reach the milestones below.
The Five Milestones of Professional Participation
Goal: Seamless login using your Managed Work Identity (Microsoft Entra ID).
Benefit: A single, secure entry point. No new passwords; no fragmented identities.
Goal: Guard professional credentials with Enterprise Multi-Factor Authentication.
Benefit: Primary defense against Identity Hijacking and a "Hard-Fail" insurance requirement.
Goal: Ensure "Final Work Product" is never trapped on external servers.
Benefit: Your intellectual property remains safely within your firm’s "Mainland."
Goal: Instant access revocation when a project or partnership concludes.
Benefit: Eliminates "Ghost Risks" from ex-employees or contractors.
Goal: Maintain a professional record of activity for compliance.
Benefit: Provides "Proof of Control" for insurance audits and legal discovery.
Choosing Your Integration Lane
Native enterprise compliance. Automated and fully covered under standard service.
Requires the Enterprise Multi-Cloud Plan to engineer a custom Governance Bridge.
Requires a Liability Waiver acknowledging unmanaged risk and potential claim denial.
Thank you!
Your form was successfully submitted. We have received it and will respond shortly.
For helpful resources, to track the status of your request, and to view closed tickets, please visit our customer support portal.