Choose your stage. We'll install the missing compliance foundations, fast.
RLA helps AI and tech businesses launch, sell and scale without compliance debt. Fixed-scope packages, delivered with evidence you can defend.
What is Compliance Debt?
Compliance debt is what builds up when you launch fast without the basic privacy, risk and governance foundations.
It doesn't always break things today, but it shows up later as rework, delayed deals, customer scrutiny, and avoidable incidents.
Most clients don't need a meeting. Start with the package, then we deliver the decision pack + templates within days.
Choose your stage
Fixed-scope packages for startups, scale-ups and enterprise.
Launch Ready
Privacy + risk foundations, third-party provider checks and breach readiness.
- Launch Decision Pack (Fix now / Fix next)
- Breach response runbook + third-party provider checklist
- Trust Pack Lite for customers/investors
Scale Ready Partner
A working risk + compliance operating rhythm that stays current every month.
- Risk register + controls + compliance calendar
- Monthly Executive Snapshot + quarterly health check
- Third-party provider + incident governance cadence
Enterprise Assurance
Senior advisory and assurance for high-stakes governance, procurement/probity and compliance exposure.
- 2-week diagnostic + operating model + proposal
- Board-ready governance and reporting
- Procurement/probity support with independence safeguards
How it works
Designed for founders and operators. Clear scope. Fast delivery.
Purchase or Fit Check
Choose a package. If you're unsure, book a 15-minute Fit Check and we'll point you to the right starting line.
Complete intake (15 mins)
Share links, third-party providers, and a plain-English description of your product and data. This replaces long discovery calls.
We build your pack
RLA drafts your decision pack and working templates within the agreed turnaround. You get a Loom walkthrough and a clear action list.
Implement + optional Q&A
Apply the changes. Use the included Q&A slot only if something needs a decision. Scale Ready clients move into a monthly cadence.
Response times and scope are defined so delivery stays fast and predictable.
Launch Ready
Outcomes
- • Ship faster with the essentials in place (privacy, third-party provider checks, breach readiness).
- • Reduce future enterprise/customer friction by building an evidence trail early.
- • Know what to fix now vs next with a clear Launch Decision Pack.
Deliverables
- • Launch Decision Pack (Fix now / Fix next)
- • Breach response runbook + third-party provider checklist
- • Trust Pack Lite for customers/investors
- • Privacy & data-handling baseline, cookie/analytics checklist
Included
- • Review of website/app and data flows from intake
- • Operational templates and implementation guidance
- • One optional 20–30 min Q&A after delivery
Not included
- • Formal legal advice or drafting/sign-off
- • Pen testing / SOC / MDR
- • Full tender writing or enterprise procurement responses
Scale Ready Partner
Outcomes
- • Move from reactive compliance to a repeatable monthly operating system.
- • Give leaders clear visibility: top risks, overdue actions, decisions required.
- • Strengthen third-party provider and incident governance before enterprise customers demand it.
Deliverables
- • Risk register + controls + compliance calendar
- • Monthly Executive Snapshot + quarterly Health Check
- • Third-party provider + incident governance cadence
Included
- • 30-day setup: baseline registers, cadence, templates, reporting
- • Monthly: maintain cadence, updates, snapshot, quarterly reports
- • One 60-minute monthly governance call; ongoing support
Not included
- • Enterprise GRC platform implementations
- • 24/7 incident response, SOC/MDR
- • Legal advice; full procurement/probity unless scoped
Enterprise Assurance
Senior assurance and advisory for high-stakes governance, procurement/probity and compliance. RFP-based delivery with independence safeguards.
Add-ons (when you need more depth)
Keep the core packages simple. Add-ons are only used when there's a clear requirement.
- • Enterprise customer readiness pack (questionnaires + evidence folder)
- • Contract compliance mapping (one key customer contract)
- • AI tool/third-party provider intake workflow (approval + evidence plan)
- • Essential cyber governance baseline (controls + evidence plan)
Add-ons are scoped separately. Contact us to discuss.
FAQs
Is this legal advice?
No. RLA provides governance and compliance management guidance. For legal interpretation or sign-off, we recommend review by qualified legal counsel.
Do we need lots of meetings?
No. The intake replaces long discovery calls, and delivery is supported by a Loom walkthrough.
What is a third-party provider?
We review your key third-party providers (hosting, analytics, payments, email, and AI tools) to ensure you have the right basics in place including data handling, access, evidence, and incident readiness.
What if we're not sure which package?
Book a 15-minute Fit Check. If you're early-stage, Launch Ready is the fastest starting point. If you're selling to enterprise, Scale Ready is typically next.
Can you work with our existing tools?
Yes. Where practical, we operate within your environment (e.g., M365/Google).
How do you handle independence for probity/assurance work?
Where formal independence is required, we scope to avoid 'design and audit' conflicts and can coordinate an independent assurer if needed.
Ready to remove compliance debt?
RLA is led by Rechelle Leahy, 25 years' experience in risk, governance, probity and procurement. Practical, defensible compliance for modern technology businesses.
RLA provides governance and compliance management guidance and does not provide legal advice.