Pricing in the open.
Most managed IT providers will not put a number on a page. We will. Here is what SecureLynx costs, what runs on every seat, and the compliance paper behind a regulated engagement. Your exact quote depends on your environment, but the model and the ranges are public.
Per user, per month. Two tiers, one clear minimum.
SecureLynx prices by user, billed monthly, with a separate rate for regulated practices that carry a compliance obligation. There is no long lock-in and no per-incident surprise billing. The full named stack is included on every managed seat; the tier reflects the level of documentation, oversight, and standard of care your environment requires. Every engagement carries a $1,000 monthly minimum.
And to be plain about it: the company is new, the person running it is not. SecureLynx is led by Jack Erdoglyan, with more than twenty-five years in IT, roughly eight of them near-entirely in medical practices, plus hands-on field-engineering experience inside clinical and imaging environments. You are paying for senior judgment, not a brand's age.
Unregulated practices
$150 to $200 per user, per month.
- The full managed stack on every seat: endpoint detection and response, patching and vulnerability management, disk encryption, 24/7 monitoring, and MFA with least-privilege access.
- Encrypted, immutable offsite backups with tested restores, not assumed ones.
- A senior engineer on your account rather than a rotating help desk, with a documented backup behind them.
- Where you land in the range depends on your endpoint-to-user ratio and how hands-on your environment is.
Regulated practices
$250 to $350 per user, per month. Healthcare, accounting, legal, and finance.
- Everything in the unregulated tier, plus the compliance layer a regulated practice has to be able to prove.
- The premium is documentation and ownership of the compliance burden: the risk analysis and the evidence behind it, audit and examiner readiness, longer retention, tighter access and segmentation. Not a heavier pile of tools.
- A signed BAA for healthcare, or a Data Security Addendum with WISP support for accounting and tax, carried with a higher standard of care because the penalty exposure is real.
- For healthcare, a Security Risk Assessment is built into onboarding: the HIPAA risk analysis OCR cites most often, performed at the start and kept current as your environment changes.
- We build and maintain the controls and the paperwork. We are not your auditor and we do not certify compliance, but we prepare you for the audit and support you through it.
Named tools, on every managed seat.
The price includes a real, named stack, the same on a two-provider clinic as on a larger practice. We name the layers that matter to you and keep the deeper operational details out of public view for security reasons.
On every endpoint
- ESET PROTECT Complete for endpoint detection and response on every managed device
- ManageEngine Endpoint Central for patching, vulnerability management, and disk encryption
- 24/7 monitoring, with patches and alerts triaged before they reach your team
- Multi-factor authentication and least-privilege access as the default, not an upgrade
- Your Microsoft 365 or Google Workspace, managed and hardened, with no lock-in to either
Behind your data
- Encrypted, immutable offsite backups with Backblaze B2, so ransomware cannot quietly alter them
- Encryption at rest and in transit across the backup chain
- Restores tested, not assumed, so recovery is something you can count on
- Retention scaled to your obligations, with longer versioned history for regulated data
- Recovery priorities defined before an incident, so the systems that matter come back first
Real compliance documents, named.
A regulated engagement is more than tools. It is the agreements and the documentation that hold up when an auditor, examiner, or insurer asks. Every SecureLynx client works under a master services agreement, a service-level agreement, and defined service parameters; regulated practices add the document below on top. Here is the paper we bring, and the line we do not cross.
Healthcare, under HIPAA
- We engage under a signed Business Associate Agreement (BAA) from onboarding forward.
- Onboarding begins with a Security Risk Assessment (SRA), the HIPAA risk analysis OCR names as the most common gap. We perform it, hand you the findings and a remediation roadmap, and keep it current as things change. It is point-in-time, not a certification.
- We stand up the administrative, physical, and technical safeguards behind that assessment.
- We organize the evidence an OCR review or a cyber-insurer asks to see.
- We are not your auditor, and we do not certify compliance. Be wary of any IT provider who says they do.
Accounting and tax, under GLBA
- We provide a Data Security Addendum under the GLBA and the FTC Safeguards Rule, with WISP support.
- We can support the Qualified-Individual role and help stand up the written information security program.
- We support your obligation. We do not assume your firm's legal duty under the rule.
- We build and maintain the controls and the documentation, and prepare you for an examiner rather than acting as one.
Want a number for your environment?
Tell us your size, your systems, and whether you carry a compliance obligation, and we will put a real quote in front of you. No pressure, and no lock-in.