Service Bundles & Pricing

Each Service (Risk, Certification, etc) and each Level (Essentials, Essentials Plus, Comprehensive) is priced individually.

Explore the below packages to begin creating your plan - you can pick and choose between services and levels based on your organisation’s priorities. Koyrel will build out a plan with you, with your context, guidance, concerns, risks, and reporting obligations front and centre - and most importantly priced to your budget.

At Koyrel, we understand that not everyone has time to do a detailed RFQ/RFP. So while the below is designed to build out a modular pricing structure based on each organisation’s unique GRC needs, let’s get straight to the point so you have somewhere to start.

Pricing depends on how much support your organisation needs.

We offer everything from a simple self-service, GRC starter pack (policy suite, gap analysis, templates) right through to full framework developments and digital implementation — including regulatory reporting, legal and insurance support, and enterprise-wide risk transformation. And yes, there’s a whole range of flexible options in between.

Koyrel doesn’t abandon our values-first North Star at the pricing page - organisations with a micro headcount (e.g. start-ups <10 staff) and ACNC-registered NFPs can discuss pricing plans under our “Social Enterprise” discount.

Risk

  • Basic Pack: Risk policy, register, and operational plan

  • Risk policy, framework and register review and re-write, risk tolerance and appetite template, basic dashboard

  • Full Risk Framework incl. register, policy, risk tolerance and risk appetite workshops to establish risk profile, risk personas © workshops and, risk dashboard and integration throughout the org and into both Corporate governance and Operational incident reporting

Policy & Regulatory Compliance

  • Self-service template pack with agreed scope of support to implement

    Order Now

  • Custom policy development, legal website notices, form templates, data flow and privacy review and updates

  • Comprehensive policy review, drafting and updates, full regulatory gap analysis, full data privacy review including review of data retention policies with system and operational review. Corporate Governance policy reviews. Additional policy requirements as are contextually relevant.

Certification Readiness

  • Pre-certification checklist, self-service, gap analysis

  • Audit preparation, gap analysis, and technical and documentation support. All requirements and controls audit-ready. Pre-certification Internal Audit option. Org-managed audit on site.

  • All included in Essential and Advanced as well as on-the-ground Audit Lead services. Auditors also able to be sourced from partnerships

Incident Management & BCP/DR

  • Incident & BCP/DR review with recommendation report including regulatory gap analysis

  • All Essentials plus org-wide Incident mapping and process re-design

  • All Essential and Essentials Plus activities plus full RAPID™ Incident Framework implementation, staff training, Incident monitoring and reporting review, Incident testing, BCP audits, Infrastructure vulnerability review, post-incident reviews and “Circle Back” plan

Internal Audit, Communication, & Training

  • Third-Party GRC training support and Internal Audit self-serve tools

  • Implementation, configuration, and integration of third-party GRC training system, internal audit configuration for self-serve

  • Full annual training plan. Full, bespoke Internal Audit Schedule across all Regulatory, industry-specific, and Certification requirements. Audit and Risk Committee, Security Committee, or Certification Committees established as required including ToRs and KPIs. Integrated back into board reporting as required