Can technical analyses be carried out under the retainer?

Yes, within the pool of hours I perform analyses, consultations and verification of technical reports and expert opinions.

Cybersecurity Retainer • Advisory & Expert Support | Wichran – Cybersecurity, Digital Forensics, Court Expert

Why it’s worth working in a retainer model:

Ongoing access to an expert (digital forensics specialist, court IT expert, cybersecurity specialist, licensed detective)
SLA and rapid response to incidents and urgent queries
Verification of expert reports and technical documentation (counter-opinions)
Support for IT and OT/ICS environments, including NIS2, GDPR and ISO/IEC 27001
Predictable costs – subscription model instead of one-off projects
Full confidentiality, NDA and protection of evidence

The retainer model is a form of long-term cooperation in which your organisation has guaranteed ongoing access to an expert in digital forensics and cybersecurity – without having to commission a new project each time.
It is designed for law firms, companies and institutions that need rapid consultation, incident review or expert report verification without unnecessary delay.

How the retainer model works

A retainer is an agreement that guarantees a defined pool of advisory or technical hours per month.
You gain guaranteed access to expertise and support while keeping costs predictable and ensuring priority service.

The scope may include:

ongoing advisory in digital forensics and cybersecurity,
verification of expert reports and technical documentation (counter-opinions),
security incident analysis and response guidance,
review of system configurations, logs and security controls,
support in developing security policies and procedures,
vendor audits and third-party risk assessment,
preparation of periodic reports and recommendations.

Level 1 Retainer – 15 Cybersecurity Steps (FAR 52.204-21)

The first retainer level covers cybersecurity fundamentals, aligned with
FAR 52.204-21 – Basic Safeguarding of Covered Contractor Information Systems.
It is a set of 15 practical controls that every company – regardless of industry – should implement to provide a basic level of protection for systems and data.

This package is part of the retainer cooperation and allows you to quickly raise your organisation’s security baseline.

15 Basic Safeguarding Steps (Level 1)

Access control for authorised users
Review of user accounts, removal of inactive accounts, no shared logins.
Least privilege access (“need-to-know”)
Role- and responsibility-based access assignments.
Control and verification of external devices
USB policy, restriction or monitoring of removable media.
Secure operation of publicly accessible systems
Verifying what may be exposed to the Internet – and what absolutely must not.
Identification of users and devices
Asset inventory and tracking who uses what.
User and device authentication
Password policy, screen lock, multi-factor authentication (MFA where possible).
Encryption and destruction of media
Secure disposal of disks, USB drives and phones.
Physical protection of systems and premises
Controlled access, locked rooms, no unauthorised presence of third parties.
Visitor log and visit control
Verification of external visitors, supervision and recording of entries.
Securing communications at network boundaries
Firewalls, traffic filtering, protection against scanning and basic attacks.
Segregation of public and internal systems
Separation of public-facing servers from the internal corporate network.
System updates and vulnerability remediation
Patch management, configuration reviews, rapid remediation of critical issues.
Protection against malicious software
Antivirus/EDR, monitoring of suspicious activity.
Regular updating of protection mechanisms
Signature updates, automated fixes, keeping controls current.
Scanning systems and verifying external files
Scheduled scans and real-time scanning of downloaded and opened files.

What the client receives within Level 1 Retainer

assessment of compliance with each of the 15 requirements,
a list of weakest points and quick-win recommendations,
ready-to-use mini procedures (Access Control, Password Policy, USB/Media Policy),
implementation of basic safeguards (on-site or remote),
monthly security status report.

This is a fast way for your company to reach a safe operational minimum and align with commonly expected cybersecurity standards.

Level 2 Retainer – Security Maturity (NIST SP 800-171)

The second retainer level is intended for organisations that need
more advanced protection, visibility and control –
for example companies processing customer data, operating critical processes,
manufacturing plants, law firms or institutions with elevated risk.

Level 2 is based on the NIST SP 800-171 framework (CUI), in a simplified,
practical version that can be implemented realistically in SMEs.

Scope of Level 2 – 17 Security Domains (NIST-inspired)

Level 2 focuses on the key elements of 800-171 that significantly increase security:

Advanced access control (AC)
Roles, privileges, least privilege, delegations.
Security policies & governance (PL)
Coherent security rules, documented roles and responsibilities.
Systematic incident detection & handling (IR)
Early alerts, Incident Response Plan (IRP), quick triage and analysis.
Network segmentation & system isolation (SC/CM)
Security zones, segmentation – especially in IT/OT hybrid environments.
Protection of data at rest and in transit (SC)
Disk encryption, VPN, TLS, elimination of insecure protocols.
Endpoint security (SI)
EDR/antivirus, malware blocking, onboarding checks for new devices.
Patch & vulnerability management (RA/CM)
Patch cycles, vulnerability scanning, prioritised remediation.
Activity & log monitoring (AU)
Event logging, anomaly analysis, monthly reviews.
Secure system configuration (CM)
Baselines, hardened configurations, change control.
Media management & backup strategy (MP/CP)
3-2-1 backup strategy, encryption, recovery tests.
Email security & phishing defence (SC/IA)
DMARC, SPF, DKIM, advanced filtering and policies.
Privileged account security (AC/IA)
Admin controls, change tracking, mandatory MFA.
Risk assessment & quarterly reporting (RA)
Risk identification, criticality assessment, remediation plans.
Vendor & cloud service management (SA/SC)
Security evaluation of vendors, third-party risk management.
Physical security & third-party access (PE)
Entry control, monitoring, visitor policies.
BCP/DRP foundations – readiness for disruptions (CP)
Recovery planning, critical functions, prioritisation of restoration.
Technical training & security awareness (AT)
Scenario-based exercises, phishing simulations, role-based training.

What the client gains with Level 2 Retainer

a compact security framework based on NIST 800-171,
a map of risks and weak points in the organisation,
hardened configurations of key systems,
improved monitoring and log analysis,
readiness for NIS2, GDPR, ISO 27001 and similar audits,
quarterly security report with recommendations,
ongoing expert support, including operational guidance.
focus on the critical ~40–50 controls that bring
~80% of the benefit for ~20% of the effort.

Who Level 2 is for

industrial and manufacturing companies with IT/OT environments,
law and audit firms,
technology companies and software houses,
organisations processing large volumes of customer data,
SMEs preparing for NIS2 / ISO 27001.

Example cooperation model

Defining scope and monthly hours
We clarify needs, priorities and communication channels.
Signing a framework retainer agreement
Guaranteed response times and availability (SLA).
Service delivery and consultations
Requests handled via a secure communication channel.
Monthly report and recommendations
Summary of used hours and key findings from consultations.
Continuous development of cooperation
Option to extend the scope (e.g. trainings, audits, expert opinions).

Typical use cases

law and advisory firms – rapid consultation on IT, cyber and digital evidence issues,
industrial companies – oversight of OT/ICS security, incident analysis, audit support,
public institutions – technical advisory in proceedings and during inspections,
SMEs – ongoing guidance on security policies, data retention, incident response.

FAQ

How is a retainer different from a one-off engagement?

In a retainer model you have guaranteed, ongoing access to an expert and a defined number of hours per month, which shortens response times and eliminates formalities for each new request.

How long does a retainer agreement last?

Typically from 3 to 12 months, with an option to extend or adjust the scope and hours as cooperation evolves.

Can technical analyses be performed under the retainer?

Yes. Within the allocated hours I can perform short analyses, verify reports or expert opinions, prepare technical memos and provide consultations.

Does the retainer agreement include confidentiality?

Yes. The agreement includes a full NDA and commitment to protect all information and data provided during cooperation.

Contact

Interested in ongoing cooperation or expert support?

📞 Phone: +48 515 601 621
✉️ Email: biuro@wichran.pl

Schedule a cooperation call »