All legal documents

Terms of Service

Effective date: May 1, 2026

The terms governing your use of the vCISO.com site and any engagements you enter into with vCISO Services, LLC.

1. Acceptance of these terms

These Terms of Service ("Terms") govern your use of vciso.com and any related products or services we provide. By accessing the site, requesting a discovery call, purchasing an engagement, or signing a Statement of Work, you agree to be bound by these Terms.

2. Who we are

vCISO Services, LLC ("vCISO.com", "we", "us", "our") is a Pennsylvania-based limited liability company providing virtual CISO consulting services, including SOC 2 readiness Sprints, the 90-Day vCISO Foundation, and ongoing vCISO retainers. Contact: info@vciso.com.

3. Engagements and Statements of Work

Every consulting engagement runs under a written Statement of Work (SOW) signed by both parties. The SOW controls scope, deliverables, fees, payment schedule, term, and termination. To the extent the SOW conflicts with these Terms, the SOW governs the engagement.

Self-serve checkout for productized offerings (SOC 2 Sprint, 90-Day Foundation) constitutes acceptance of these Terms plus the productized scope published on the corresponding marketing page at the time of purchase. A confirmation email follows checkout with the next steps and SOW where applicable.

4. Fees and payment

Fees are stated on the marketing pages for productized offerings:

  • SOC 2 Sprint: $2,500 flat, charged at engagement start.
  • 90-Day vCISO Foundation: $24,000 flat, charged at engagement start.
  • Strategic vCISO retainer: $5,000 per month, billed monthly in advance.
  • Embedded vCISO retainer: custom-scoped and quoted on application.

Founding Cohort pricing (50% off for 12 months) applies only to clients formally accepted into the Cohort and is documented in the SOW. After the 12-month Cohort period, pricing reverts to then-current list rates with 30 days notice; you may cancel rather than continue at list pricing.

Late payments more than 30 days past due may suspend ongoing services until current. We do not charge late fees for first occurrences.

5. Cancellation and refunds

All retainer engagements are month-to-month with 30 days notice to cancel. There are no termination fees and no penalties.

Productized engagements (Sprint, Foundation) are refundable in full if cancelled before kickoff. After kickoff, refunds are pro-rated against work performed and deliverables produced. Cohort-priced engagements follow the same refund posture.

6. Intellectual property

Deliverables produced specifically for you under an SOW (policies, gap analyses, pentest reports, board decks, runbooks) are licensed to you for unrestricted internal use upon payment. We retain ownership of our pre-existing methodologies, templates, frameworks, and tooling.

We may use anonymized engagement details (industry, size band, frameworks, generic outcomes) in case studies, marketing, or training materials. Anything that could reasonably identify you, your customers, or your systems is excluded unless explicitly authorized in writing (e.g., a Founding Cohort case study release).

7. Confidentiality

We sign your NDA on first call as standard practice. Absent a separate NDA, all non-public information shared during an engagement is treated as confidential and used only to perform the work, retained per the Privacy Policy, and disclosed only to subprocessors bound by equivalent confidentiality.

8. Insurance

vCISO Services, LLC carries professional liability and errors and omissions insurance sized for growth-stage engagements. Coverage certificates are available on request during procurement review.

9. Limitations of liability

To the maximum extent permitted by law, vCISO Services, LLC is not liable for indirect, incidental, special, consequential, or punitive damages arising out of or related to the services. Our aggregate liability for any claim is capped at the fees paid for the specific engagement giving rise to the claim. Nothing in this section limits liability for fraud or willful misconduct.

Security consulting reduces risk; it does not eliminate it. We do not guarantee that any framework certification will issue, that any audit will pass, or that any system will be free of vulnerabilities or successful attacks.

10. No professional or legal advice

Content on the site (blog posts, scorecards, FAQs, landing pages) is informational and reflects our practitioner experience. It does not constitute legal advice, regulatory advice, or a substitute for engagement-specific counsel. Engagements run under SOW provide tailored recommendations and are the right path for decisions that affect your business.

11. Acceptable use of the site

You agree not to use the site to:

  • Violate applicable laws or regulations.
  • Submit forms with knowingly false information or with the intent to abuse our systems.
  • Attempt to gain unauthorized access to any non-public area of the site or any of our systems.
  • Disrupt, overload, or impair the site (e.g., automated scraping at scale, denial-of-service traffic).
  • Use the site to harass, defame, or impersonate others.

Good-faith security research is welcome. Email security@vciso.com before testing any non-public surface. We will respond within one business day.

12. Changes to these terms

We may update these Terms. Material changes will be announced via the site and will update the "effective date" at the top. Continued use of the site after a change constitutes acceptance of the updated Terms. Engagements already running under signed SOWs continue under the Terms in effect at the time of signing unless an amendment is mutually agreed.

13. Governing law

These Terms are governed by the laws of the Commonwealth of Pennsylvania, without regard to conflict-of-laws principles. Any dispute arising under these Terms is subject to the exclusive jurisdiction of the state and federal courts located in Allegheny County, Pennsylvania.

14. Contact

Questions about these Terms: info@vciso.com. Security disclosures: security@vciso.com.