FAQs:
What if we have more than 50 employees?
No problem!
Our standard packages are designed for small and midsize businesses, but we routinely work with larger teams as well.
If you have more than 50 employees, we can provide a custom quote based on your size, complexity, and needs.
Reach out to us for a personalized consultation.
Do you work with businesses that have multiple office locations?
Yes — but multi-location setups typically require a custom assessment.
Our Quick Audit and Readiness Package pricing assumes one primary office location.
For businesses with multiple sites, we offer add-on assessments or bundled packages based on scope.
Contact us to discuss your setup.
What if we already have an IT support provider?
That’s great!
We’re not here to replace your IT team — we complement them by focusing specifically on cybersecurity risks that IT support teams sometimes miss (like phishing resilience, user access risks, or policy gaps).
We’re happy to work alongside your existing providers.
Can we purchase individual services instead of a full package?
Absolutely.
You can engage us for just Phishing Resilience Testing, just a Cyber Hygiene Audit, or the full Readiness Package — whatever fits your current needs.
We believe cybersecurity should be scalable as your business grows.
Are there any ongoing monthly fees?
No.
Our standard services are fixed-price, one-time engagements.
You only pay for what you need — when you need it.
(If you're interested in ongoing security support, we offer flexible quarterly retesting and advisory services by custom quote.)
Do you work with businesses outside the United States?
At this time, we serve U.S.-based businesses only.
We are unable to engage with companies that:
Operate offshore offices or international branches
Handle personal data subject to international regulations like GDPR, LGPD, or similar
Are governed under GLBA (Gramm-Leach-Bliley Act) financial privacy rules
Our focus is on helping domestic U.S. businesses grow safely and compliantly.
If you're unsure whether you qualify, contact us — we're happy to clarify!
Does the person booking a consultation or service need to have authority to purchase services?
Yes.
We ask that anyone scheduling consultations or purchasing services from Blue Oak Cyber has the authority to enter into agreements and financial commitments on behalf of their organization.
If you're unsure whether you have the appropriate authority, we recommend involving your company owner, CFO, or other decision-maker before proceeding.
Do you work with businesses subject to SOX (Sarbanes-Oxley) compliance?
At this time, we do not offer services designed for publicly traded companies or companies regulated under SOX.
We specialize in helping privately held, U.S.-based small and midsize businesses that are not under GLBA, GDPR, LGPD, SOX, or similar regulatory frameworks.
If you're unsure whether your company falls under these regulations, please contact us — we're happy to help clarify.
Do your services guarantee that my business will be completely secure?
While our services are designed to greatly reduce your cybersecurity risks, no service or technology can guarantee 100% security against every possible threat.
Our goal is to help you build stronger defenses, smarter practices, and more resilient systems to greatly lower your risk of incidents.
What happens if the scope of my project changes after we start?
We work hard to provide clear pricing and scope before beginning any engagement.
If your business situation changes significantly (such as adding more locations, users, systems, or discovering unknown risks),
We’ll discuss a fair and transparent adjustment to your service scope and pricing.
We’re flexible — but we believe clear expectations help everyone succeed.
Do you work with healthcare providers or businesses subject to HIPAA?
Currently, Blue Oak Cyber does not offer services specifically designed for HIPAA-regulated environments. If your business handles Protected Health Information (PHI), please contact us to discuss suitability.