Use code LIVING102 for a free 30-minute consultation
Key 102
Mission Brief — $674
Partner program

Run compliance for your portfolio. Key 102 runs the infrastructure.

Multi-tenant compliance platform licensed to QSAs, C3PAOs, SRA firms, MSSPs, and TSA practitioners. One billing relationship. Per-client isolation. Co-branded deliverables. Audit-grade by design.

Book a discovery call →See tier pricing
What you get

Built for firms running compliance at portfolio scale.

🏷️
Co-branded deliverables

Your firm's logo on the cover of every PDF deliverable — SPRS L1 / L2 affirmations, Fortress SSP + POA&M, HIPAA SRA, Master Audit Report, Quarterly Reports, Mission Brief, Policy Pack, Tier 2 PCI. Footer locks the Key 102 verification network for trust-chain integrity. Customer dashboard shows an "Operated under {Your Firm}" badge.

🔒
Per-client tenant isolation

Every client gets their own engagement with its own evidence vault, hash-chained audit log, signed deliverables, and customer-side dashboard. PostgreSQL Row-Level Security enforces hard boundaries — a misclick at your firm can't leak PHI, CHD, or CUI across your portfolio. Regression suite (65 SQL assertions) re-runs on every RLS change.

📐
Quota mechanics that scale

Standard tier includes 5 consultant seats + 10 concurrent active engagements. A daily 07:30 UTC reconciliation cron compares actual usage against your quota and creates / updates Stripe subscription_items for Consultant Seat ($250/mo) and Engagement Slot ($150/mo) add-ons. Idempotent; per-agency try/catch so one bad agency never breaks others.

🛡️
Audit-grade infrastructure

Hash-chained audit log with append-only triggers. Every signed deliverable RFC 3161 timestamped by SSL.com's Time-Stamping Authority. Public /verify endpoint resolves any deliverable's SHA-256 to a structured attestation. Your clients' QSAs, C3PAOs, and OCR investigators verify Key 102's chain — not your word.

How it works

Three steps from agreement to client onboard.

1
Sign agency agreement

Discovery call to confirm tier fit. Standard or Enterprise. MSA + agency-tier addendum. Stripe subscription set up on your billing email.

2
Add your team

Agency admins (you + your billing contact, owner-role users) and active consultants (up to 5 included on Standard). Each member gets their own MFA-enrolled portal identity. Consultant seat add-ons activate automatically as you exceed 5.

3
Invite customers

From /agency/invite-customer, name the customer + framework. The portal mints their engagement, sends a branded invite email, and surfaces the engagement under your agency from day one. Co-branding fires on every published deliverable automatically.

Tier pricing

Two tiers. Both real revenue lines.

Standard
$4,998/ month flat

Co-branded delivery on the Key 102 trust chain. Customer-visible footer credits the Key 102 Compliance Network.

  • 5 consultant seats included · $250 / mo each above
  • 10 concurrent active engagements included · $150 / mo each above
  • Co-branded covers on all 10 deliverable PDFs (SPRS L1 / L2, Fortress SSP + POA&M, HIPAA SRA, Quarterly Reports, Mission Brief, Master Audit Report, Policy Pack, Tier 2 PCI)
  • "Operated under {Your Firm}" badge on customer dashboards
  • Customer evidence vault ZIP export — customers own their data, exportable on demand
  • Full trust-chain infrastructure (hash-chained audit, RFC 3161 anchors, public /verify)
  • Daily quota reconciliation cron — Stripe add-ons auto-scale
  • Audit-volume watchdog + auto P3 incident creation per agency
Talk to us about Standard →
In scoping
Enterprise
$7,500+/ month · design-partner pricing

Full white-label tier under intentional development. Architecture is locked; the build is paced to ship right rather than ship fast. Design-partner conversations welcome — the first one or two partners shape the operational details.

Scope under active design
  • Everything in Standard
  • Custom DNS (compliance.your-firm.com) via Host-header tenant routing
  • No Key 102 wordmark customer-visible — fully white-labeled covers, dashboards, and emails
  • Custom SMTP via your firm's domain (encrypted credential storage)
  • /verify mirror at your hostname with subtle "Trust infrastructure powered by Key 102" footer link
  • White-label suspension state machine

Standard tier customers get first option to upgrade at parity pricing when Enterprise ships generally.

Talk to us about Enterprise design partnership →

No Stripe Connect, no revenue share. You pay Key 102; you invoice your clients on your own terms. Zero financial-plumbing complexity for the partner relationship.

Who it's for

Five firm profiles, one platform.

QSA Firms

Run PCI DSS Level 1/2 SAQ-D + Report on Compliance prep for merchant portfolios. Co-branded Tier 2 PCI Deliverables with two-party attestation.

C3PAO Firms

CMMC Level 1 and Level 2 readiness across DIB contractor portfolios. SPRS L1 affirmations, Fortress SSP + POA&M for L2 deliverables.

SRA Firms

HIPAA Security Risk Assessments for covered entity + business associate portfolios. Signed, TSA-anchored HIPAA SRA reports.

TSA Practitioners

Surface transportation cybersecurity readiness under SD-1580/82, FMCSA, PHMSA. Nexus tier delivery across rail, motor carrier, and pipeline operators.

Multi-Framework MSSPs

Compliance-as-a-service portfolios spanning HIPAA + PCI + CMMC. Single agency relationship; per-client engagement isolation across frameworks.

Customer ownership clause

The customer owns their evidence. Full stop.

If your agency cancels — for any reason — your clients get a 30-day read-only grace period and are notified directly. They're offered (a) a direct Key 102 subscription, (b) migration to another agency partner, or (c) export the entire engagement vault as a ZIP and walk away. Vault is frozen at day 30; data is retained 6 years per HIPAA / PCI defaults. Key 102 never auto-bills the customer.

The customer-side vault export at /dashboard/engagements/[id]/vault works today, regardless of engagement status. Your clients audit-trail their own evidence, on demand.

Common questions

Quick answers before the discovery call.

Is this Stripe Connect or a revenue-share model?+

Neither. You pay Key 102 the flat Standard tier subscription (or the Enterprise quoted amount). You invoice your clients on your own terms — whatever pricing, billing cadence, and contract structure you already use. Zero Stripe Connect, zero rev-share accounting, zero per-customer Stripe fees on your side.

Can my client see they're on Key 102's platform?+

On Standard, yes — the deliverable footer reads "Verified via Key 102 Compliance Network," and the public verify endpoint lives at portal.key102consulting.com. On Enterprise, the verify endpoint moves to your hostname (with a small "Trust infrastructure powered by Key 102" link in the footer that opens a Key 102-hosted technical page with no agency naming) and no Key 102 wordmark appears anywhere customer-visible.

What happens if a customer outgrows my agency's scope?+

The customer can move to a direct Key 102 subscription at any time — their engagement, evidence, audit chain, and signed deliverables carry over intact. The transition doesn't break the trust chain; the verifier still resolves any historical deliverable. You stop being billed for that engagement on the next reconciliation cycle.

How fast can my agency go live?+

Standard tier: typically 5 business days from signed agreement to first customer invite, including agency-admin provisioning, team MFA enrollment, and a 30-minute orientation walkthrough. Enterprise tier: 2-3 weeks for white-label DNS + SMTP setup + /verify mirror cutover, depending on your domain readiness.

Talk through tier fit.

30-minute discovery call. Bring your portfolio size, your existing tooling, and your two or three biggest compliance pain points. We'll map Standard or Enterprise to your shape and follow up with a written engagement summary within 48 hours.

Book a discovery call →Send us a note