IT Security · Operations · Governance · AI

Ancient foundations.
Modern security.

IT security, operations and governance for small and mid-size companies across Europe. Structured methodology. Senior expertise. Accountable delivery.

Explore Services Get in Touch
0Years enterprise IT experience
0ISO 27001 controls we assess
8–48hResponse SLA by retainer tier
SMEFocus: small & mid-size companies
The Situation We Solve

Growing companies that have outgrown
ad-hoc IT.

You are a small or mid-size company with a product that works and clients who are starting to ask hard questions about security. Your IT is held together by whoever has time.

No risk register. No incident response plan. No internal lead who owns it — and no board-ready answer when someone asks. The NIS2 or ISO 27001 deadline is not abstract. It is already affecting deals.

We bring a decade of production IT security and infrastructure experience to companies that need it most. No agency overhead. No account manager layer. No enterprise price tag.

One specialist. One point of contact. Every deliverable built and owned by the same person who scoped it.

"Three hills built Plovdiv over 8,000 years — one stone at a time. Deep foundations outlast everything built on sand."
See how we work →
01
NIS2 & ISO 27001 deadlines
Enforcement is active across the EU. Clients and auditors are asking for documented compliance. Most small companies have nothing to show.
Address this →
02
No internal IT or security lead
No one owns it. No risk register. No incident response plan. No board-ready reporting. Just the hope that nothing goes wrong.
See retainer options →
03
Rapid growth, no governance
New people, new tools, new clients — with no identity governance, no device management, and no security baseline keeping pace.
Fix the foundations →
04
A breach or phishing incident
Something happened, or nearly happened. Now the question is: what do we actually have in place, and who is responsible for fixing it?
Get an audit →
Industries we commonly work with
💻
SaaS & Tech
Client security questionnaires, SOC 2 / ISO 27001 requirements, investor due diligence
Talk to us →
⚖️
Professional Services
Legal, accounting and consulting firms handling sensitive client data under GDPR and NIS2
Talk to us →
🏭
Manufacturing
Supply chain security audits, OT/IT boundary controls, NIS2 obligations for critical sector suppliers
Talk to us →
🏥
Healthcare & MedTech
Strict data handling obligations, device security, and sector-specific compliance requirements
Talk to us →
🏦
Fintech & Regulated Services
DORA, PCI-DSS adjacent controls, and the security posture that regulated clients demand before onboarding
Talk to us →
The Three Hills

Three pillars. One consultancy.

Named after Trimontium — the Roman name for Plovdiv, meaning "Three Hills." Every service we deliver maps to one of three pillars. Every retainer spans all three.

I
Security
The citadel. The first line of defence.
CrowdStrike Falcon EDR — policy, triage, remediation
Microsoft Defender Suite — Endpoint, Identity, Office 365, Cloud Apps
Email security — SPF/DKIM/DMARC, anti-phishing, Safe Links
NIS2 readiness — gap analysis, risk register, roadmap
IT Security Audits — endpoint, identity, access, cloud
WiFi site surveys (EMEA) — Ekahau Sidekick
II
Operations & Infrastructure
The engine room. Where things get built.
Azure Entra ID — identity lifecycle, conditional access, MFA
Microsoft Intune / MDM — enrolment, compliance, Autopilot
On-premises & hybrid Active Directory — AD DS, GPO, security tiering
Azure Virtual Machines — deployment, backup, Site Recovery, migration
Azure Networking — VNet, VPN Gateway, Firewall, App Gateway, Bastion, Private Link
Patch management, onboarding/offboarding SOPs
III
Governance & AI
The framework that makes everything else defensible.
M365 & Copilot governance — admin controls, DLP, lifecycle
AI Governance Frameworks — EU AI Act mapping, risk classification
ISO 27001 — full ISMS build, internal audit, certification preparation
NIS2 / ISO 9001 alignment and audit preparation
IT operations frameworks — escalation maps, RACI, SOPs
Monthly board-ready leadership & security summaries
Monthly Retainers

Four tiers. Cancel anytime.

Monthly rolling contracts. Async-first delivery. Structured outputs delivered on a fixed schedule — not when you ask, when they are due. All three pillars. One relationship.

Tier 01 · Oversight

Security Watch

Visibility without the overhead

€800/month
  • Monthly security posture report — executive-ready PDF
  • Patch compliance summary, gaps ranked by severity
  • Endpoint health overview (Defender / CrowdStrike)
  • 2 async Q&A sessions per month
  • IT hygiene checklist with action priorities
Up to 50 users · ~1.5h/month · Response: 48h
Most Popular
Tier 02 · Active

IT Co-Pilot

Ongoing IT operations, handled

€1,600/month
  • Everything in Security Watch
  • M365 & Copilot governance oversight
  • Microsoft Defender Suite monitoring
  • 1 policy document per quarter
  • NIS2 compliance gap tracking
  • Quarterly IT roadmap call (30 min)
Up to 100 users · ~4h/month · Response: 24h
Tier 03 · Leadership

Fractional IT Lead

Your IT lead, on retainer

€2,800/month
  • Everything in IT Co-Pilot
  • Azure infrastructure advisory
  • On-prem / hybrid AD oversight
  • Monthly board-ready leadership summary
  • NIS2 / ISO 9001 alignment support
  • IT operations framework maintenance
Up to 100 users · ~7h/month · Response: 16h
Tier 04 · Enterprise

Enterprise Guardian

Continuous oversight, full stack

€4,000/month
  • Everything in Fractional IT Lead
  • Multi-tenant governance
  • Full Azure networking & VM oversight
  • Continuous NIS2/ISO audit readiness
  • Priority 8-hour response SLA
  • Annual IT strategy roadmap
Up to 100 users · ~10h/month · Response: 8h

All retainers: Monthly rolling · 30 days written notice to cancel · Unused hours do not roll over · Overage at €120/hr standard · €180/hr emergency · Annual prepay: 10% discount · Project-to-retainer conversion: 50% off Month 1

Not sure which plan fits? Or need something different? Every company situation is different. If none of the packages above match what you need — or you want a custom scope — get in touch and we'll put together a tailored proposal.
One-Time Projects

Fixed scope. Defined deliverables.

No retainer required. Every project is a fixed-price engagement with a defined scope, defined deliverables, and a defined timeline — agreed in writing before work begins. Competitively priced for the EMEA market. 40% of project clients move to a monthly retainer within 30 days of delivery.

🔐
Preparing for ISO 27001 certification?
We deliver the complete ISMS build — gap analysis against all 93 Annex A controls, full risk register, 12+ policy documents, Statement of Applicability, internal audit, and Stage 2 certification preparation. Everything a certification body needs to see, built correctly the first time.
Bundle · Best Value

Security Audit + NIS2 Bundle

Two board-ready reports from one engagement. Security gaps mapped against both technical benchmarks and NIS2 regulatory requirements.

€10,000–18,000 6–9 weeks · Remote
Security

IT Security Audit

A structured review of your security posture — endpoints, identity, access, and cloud — with a prioritised remediation plan your team can act on.

€5,500–9,500 3–4 weeks
Compliance

NIS2 Readiness Assessment

Gap analysis against NIS2 requirements. Risk register, remediation roadmap, and board-ready documentation — delivered in plain language.

€6,500–12,000 3–5 weeks
Security

Endpoint & Threat Protection

Endpoint detection and email security properly deployed and tuned. Tool-agnostic — we work with your existing stack or recommend the right fit.

€2,800–6,500 2–3 weeks
Operations

Device Management

Every company device enrolled, compliant, and centrally managed — with full handover documentation your team can operate independently.

€3,500–9,000 2–4 weeks
Governance

Cloud Governance & AI Policy

Governance framework for your cloud environment and AI tools — including DLP, access controls, and an EU AI Act-aligned acceptable use policy.

€4,000–10,000 2–5 weeks
Infrastructure

Identity & Directory Modernisation

Active Directory and hybrid identity assessed, redesigned, and hardened — with full architecture documentation included.

€3,500–9,000 3–5 weeks
Infrastructure

Cloud Infrastructure Setup

Cloud infrastructure designed, deployed, and documented — VMs, storage, backup, disaster recovery, and networking, with an operations runbook.

€3,500–11,000 3–6 weeks
Operations

IT Operations Framework

IT operations documented and structured from scratch — escalation flows, incident procedures, SOPs, and leadership reporting. Everything editable.

€9,000–20,000 6–10 weeks
AI Governance

AI Governance Framework

Standalone AI governance for teams deploying AI tools — risk classification, data handling rules, approved tools register, and EU AI Act alignment.

€7,500–18,000 5–8 weeks
On-Site

WiFi Site Survey — EMEA

Professional wireless assessment using industry-standard RF tools — coverage heatmaps, interference analysis, and a full action plan. EMEA-wide.

€1,200–8,000 1–3 days on-site
Results

What clients actually achieve.

Specific outcomes from real engagements. No vague claims — every figure is tied to a specific project type and client profile.

18 weeks
ISO 27001 Certified
A 20-person SaaS startup with no prior ISMS documentation. Gap analysis to Stage 2 certification in under five months — on time, no major non-conformities at the certification audit.
20-person SaaS startup · Netherlands · Q4 2024
34% → 71%
Microsoft Secure Score
A 45-person company on Microsoft 365 Business Premium. Conditional Access policies, Defender configuration, DLP rules, DKIM and DMARC implemented across a four-week engagement. Documented before and after.
45-person company · EMEA · Q1 2025
6 weeks
NIS2 Gap Closed
A professional services firm with active regulatory pressure and an enterprise client requiring evidence of NIS2 compliance. Full risk register, policy library, and board-ready assessment delivered and presented to leadership.
Professional services firm · EU · Q2 2025

These represent typical outcomes for the project types shown. Individual results depend on the starting state of your environment, your team's availability, and the complexity of your infrastructure. We will give you a realistic assessment of what is achievable in your specific situation before any engagement begins — not an optimistic projection designed to win the sale.

How We Work

What we do —
and what we don't.

Clear boundaries protect both sides of the engagement. Read this before getting in touch — it will save everyone time if there is not a fit.

✓ What Trimontia does
IT security audits — endpoint, identity, access, cloud, email
NIS2 readiness — gap analysis, risk register, remediation roadmap
ISO 27001 — complete ISMS build, internal audit, certification preparation
Microsoft 365 and Copilot governance — DLP, lifecycle, admin controls
Azure infrastructure — virtual machines, networking, backup, migration
Active Directory — on-premises and hybrid, GPO design, security tiering
Microsoft Defender Suite — full deployment, tuning, and monitoring
Monthly oversight retainers — structured reports, async advisory
AI governance frameworks — EU AI Act mapping, acceptable use policy
WiFi site surveys — professional RF assessment, EMEA on-site
✗ What Trimontia does not do
No helpdesk. No password resets, printer issues, or Level 1 support tickets. We do IT leadership — not reactive support.
No legal advice on GDPR. We identify data protection gaps against the standard. Legal interpretation of your specific obligations requires a qualified data protection lawyer.
No certification guarantee. We build your ISMS thoroughly and prepare you for the audit. The certificate is issued by an independent certification body — not by us.
No 24/7 monitoring. We are not a Security Operations Centre. Incident response advisory is available on retainer; real-time SOC monitoring is not.
No managed services. We design, build, and document. We do not own your infrastructure, hold your admin credentials permanently, or act as your ongoing IT department.
No software sales. We are tool-agnostic advisors. We recommend what fits your environment — we do not earn commissions on software or licences.

Not sure if your situation fits? Send a short description to contact@trimontia.io and we will tell you honestly whether we are the right fit — or point you toward someone who is. No sales pitch, no pressure to proceed.

Working Model

Async-first. Reliable SLA.

Structured async delivery. Fixed reports, fixed deadlines, a published response SLA that is honoured — not approximate. Every retainer tier comes with a committed response window, not a best-effort promise.

TierPriceResponse SLA
Enterprise Guardian€4,000/mo8 hours
Fractional IT Lead€2,800/mo16 hours
IT Co-Pilot€1,600/mo24 hours
Security Watch€800/mo48 hours

"Response" means a substantive reply — not an acknowledgement. SLA is measured in calendar hours from receipt. Operating every day including weekends.

Pricing advantage
Structured & fair
Our pricing reflects a Bulgarian operations base — an EU country with a lower cost structure. That difference goes directly to you, not into overhead. Same methodology and quality. Significantly lower cost.
Response
Within 24h
Response means a substantive reply — not an acknowledgement. Measured in calendar hours from receipt of your message. Every day of the week.
Coverage
EMEA
All services delivered remotely. On-site for WiFi surveys and implementation work where needed. Travel at cost, zero markup. EU legal entity, EUR invoicing.
What We Work With

The tools. Used daily, not just listed.

Every service Trimontia delivers is backed by hands-on production experience. Here is what we actually work in — grouped by what it does.

🛡️
Cybersecurity & Threat Protection
Stop threats before they become incidents.
  • CrowdStrike FalconEDR — endpoint detection, policy tuning, alert response
  • Microsoft Defender SuiteEndpoint, Identity, Office 365, Cloud Apps — unified threat platform
  • Microsoft SentinelSIEM — log aggregation, threat detection, incident correlation
  • Proofpoint · MimecastEmail security gateway — filtering, sandboxing, threat intelligence
  • Email AuthenticationSPF, DKIM, DMARC — anti-spoofing and deliverability hardening
  • Zero TrustArchitecture framework — never trust, always verify, least privilege
  • NIS2 · ISO 27001Compliance frameworks — gap analysis, risk register, certification
🔐
Identity, Access & Device Management
Control who gets in — and on what terms.
  • Microsoft Entra IDCloud identity — user lifecycle, SSO, external access
  • Conditional AccessPolicy engine — enforce MFA, device compliance, location rules
  • Microsoft IntuneMDM/MAM — device enrolment, compliance policies, app deployment
  • Active Directory DSOn-premises directory — OU design, GPO hardening, security tiering
  • Entra Connect / Cloud SyncHybrid identity — sync on-prem AD to cloud, password hash, SSPR
  • MFA & PasswordlessAuthentication hardening — Authenticator app, FIDO2, phishing-resistant MFA
  • ManageEngine Endpoint CentralEndpoint management — patching, software deployment, remote control
☁️
Cloud Infrastructure & Continuity
Secure, scalable, and recoverable environments.
  • Azure Virtual MachinesIaaS compute — sizing, deployment, image management, OS hardening
  • Azure BackupData protection — VM backups, retention policies, restore testing
  • Azure Site RecoveryDisaster recovery — VM replication, failover testing, DR runbooks
  • Azure MigrateMigration platform — on-premises to cloud assessment and execution
  • Azure Update ManagerPatch management — scheduled patching, compliance reporting
🌐
Azure Networking & Governance
Segmentation, secure access, and data control.
  • Azure VNet · NSGsNetwork foundation — address spaces, subnets, traffic rules
  • VPN Gateway · ExpressRouteHybrid connectivity — site-to-site, point-to-site, private circuits
  • Azure Firewall · App GatewayPerimeter security — L4/L7 filtering, WAF, DDoS protection
  • Azure Bastion · Private LinkSecure access — browser-based RDP/SSH, private service endpoints
  • Microsoft PurviewData governance — sensitivity labels, DLP policies, compliance centre
📡
WiFi & On-Site Network Assessments
Professional wireless design, troubleshooting, and validation.
  • Ekahau SidekickRF survey hardware — passive and active site surveys
  • Coverage HeatmapsSignal strength and data rate maps per floor, per band
  • AP Placement PlanningOptimal access point positioning before hardware is installed
  • Interference AnalysisIdentify RF interference sources and channel congestion
  • Post-Deployment ValidationVerify installed network performs to design spec
Common Questions

Before you get in touch.

Every retainer starts with a monthly security posture report, delivered by the 5th of each month. From Tier 2, this expands to include async support, M365 and Copilot governance, endpoint threat monitoring, and NIS2 gap tracking. Tier 3 adds a monthly board-ready summary, Azure infrastructure advisory, and on-prem/hybrid AD oversight. Tier 4 covers multi-tenant governance, full Azure networking oversight, continuous audit readiness, and an annual IT strategy roadmap.

All tiers are monthly rolling contracts. Cancel with 30 days written notice. No lock-in, no minimum term.
No. Trimontia does IT leadership and strategic oversight — not frontline support. No password resets, no printer problems, no Level 1 tickets. Our clients are companies that need their IT environment properly architected, governed, and secured. If you also need helpdesk coverage, we can point you toward a complementary MSP partner who handles that layer.
For monitoring and reporting: read-only access to your admin portals (Global Reader role in M365, equivalent in other platforms). For implementation work: temporary delegated access to specific workloads, revoked immediately when the task is complete — never persistent, never broader than needed.

All access is MFA-protected and logged. A signed Data Processing Agreement (DPA) is required before any system access is granted.
A senior IT security specialist in most EU markets costs €55,000–90,000 per year — before benefits, onboarding time, and employment overhead. Trimontia's Tier 2 retainer runs €19,200 per year, with no headcount commitment, no notice period, and the ability to cancel with 30 days written notice.

The cost structure works because Trimontia operates from Bulgaria — an EU country with a significantly lower cost base. That difference goes directly into your invoice, not into agency margin.
Yes. We deliver the complete ISO 27001:2022 build — gap analysis against all 93 Annex A controls, risk assessment and treatment plan, full policy library (12+ documents), Statement of Applicability, technical controls implementation, internal audit, and management review preparation.

We also prepare your internal ISMS owner for Stage 1 and Stage 2 audits. The certification body itself (Kiwa, Bureau Veritas, BSI, TÜV) is booked and paid directly by you — we help you choose the right one and prepare for them. The certificate comes from them. The preparation comes from us.
Trimontia is registered in Bulgaria as a private limited company (LTD) — a full EU legal entity, invoicing in EUR with valid VAT documentation. All services are delivered remotely and async across the EMEA region.

For on-site engagements such as WiFi surveys, we travel wherever the work is. Travel and accommodation are billed at cost with zero markup.

Being based in Bulgaria is why our pricing is structured the way it is — lower operational costs passed directly to clients, not absorbed as margin. The methodology, deliverables, and quality of output are what they are regardless of where the work originates.
A summary of the key terms that apply to all Trimontia engagements:

Contracts: All engagements are governed by a Master Services Agreement (MSA) and a project-specific Statement of Work (SoW), both signed before work begins.

Retainers: Monthly rolling. Cancel with 30 days written notice. Unused hours do not roll over. Overage is billed at the published rate card (€120/hr standard, €180/hr emergency).

Projects: Fixed-price, fixed-scope. Any work outside the agreed scope requires a written change request before it begins.

Payment: Invoiced in EUR. Retainers: monthly in advance. Projects: milestone-based (typically 40% on signing, balance on delivery). Payment terms: 14 days NET.

Data & Confidentiality: A Data Processing Agreement (DPA) is signed before any system access is granted. All client data is treated as confidential. Trimontia does not share, sell, or retain client data beyond what is required to deliver the service.

Liability: Trimontia maintains professional indemnity insurance. Liability is limited to the value of the engagement in which the issue arises.

Intellectual property: All deliverables produced for a client become the client's property upon full payment. Trimontia retains the right to reuse methodology, frameworks, and templates (not client-specific content) in future engagements.

Governing law: Bulgarian law, EU jurisdiction. Disputes resolved first through written negotiation, then through the competent court in Plovdiv, Bulgaria.

Full MSA and SoW templates are provided at the proposal stage. Questions before that point: contact@trimontia.io
Get in Touch

Tell us what's happening.
We'll tell you what we'd do.

No pitch. No obligation. A short message is enough to establish whether there's a fit — and if not, we'll say so honestly.

Emailcontact@trimontia.io
ResponseWithin 24 hours
RegionEMEA · Remote delivery
Mention Security Checklist in your message and we'll include a free 15-point IT hygiene checklist with our reply.

Message received.

Thank you for getting in touch. You'll hear from us personally within 24 hours.

We reply personally within 24 hours. Your data is never shared or sold.