For AI and machine learning, do you need internal data first?

Usually no. Applied AI integration can start from an existing model interface and a clear workflow. For custom AI, machine learning, or native LLMs, evaluation is clearer when internal data, documents, SOPs, case examples, targets, and usage boundaries are agreed from the start.

What most affects web systems engineering cost?

Website cost is most affected by page count, design complexity, CMS or admin-panel needs, copywriting, SEO, integrations, forms, payments, security, and timeline targets. Simple websites can be built faster, while business websites with special features need a more detailed scope.

When is a desktop systems engineering more suitable than a website?

Desktop applications are more suitable when a system must run reliably on local computers, use special devices, access local files, operate on an internal network, require specific performance, or remain usable when internet access is limited.

Do mobile and field systems need to be built for Android and iOS at the same time?

Not necessarily. Platform priority can be determined by the majority of users, budget, release target, and required device features. A project can start from Android, iOS, PWA, or a cross-platform approach depending on business needs.

What is included in routine maintenance?

Routine maintenance can include backups, minor updates, security patches, basic monitoring, hosting or server checks, small bug fixes, and system condition reports. New feature development is usually discussed separately as enhancement or reserved engineering work.

When should a company use a reserved engineering capacity?

Reserved engineering capacity fits when a system is already running but still needs feature updates, technical evaluation, performance optimization, consultation, work prioritization, and ongoing roadmap development without starting a new project from zero each month.

How quickly can an issue be investigated through troubleshooter service?

Investigation can begin after access, issue chronology, screenshots, logs, and reproduction steps are available. Handling usually starts remotely to find the root cause, stabilize the issue, and provide further repair recommendations if needed.

Can technical continuity be done onsite and remotely?

Yes. Remote support fits system configuration, user assistance, system checks, and technical coordination. Onsite support can be discussed for device, network, installation, operations training, or issues that require a technician to be present.

Can engineering scope be adjusted to requirements?

Yes. Scopes on this page are initial estimates. Final scope and budget depend on service type, feature count, integrations, data, user roles, AI needs, infrastructure, security, and implementation targets.

How long does AI and machine learning work take?

API-based applied AI integration usually starts from 3-8 weeks. Internal-data custom AI, RAG, light fine-tuning, evaluation operational intelligence interfaces, or workflow integrations generally take 2-4 months. Native LLMs, large-model training, security evaluation, GPU deployment, and MLOps can take 4-12 months or more.

What is the difference between applied AI integration, custom AI, and native LLM?

Applied AI integration connects model capability to governed workflows, data boundaries, and operational review. Custom AI adapts open-source or existing models with data, SOPs, documents, and business workflows through RAG, fine-tuning, instruction tuning, embeddings, and system integration. Native LLM work covers model ecosystem control across datasets, training pipelines, inference servers, deployment, security, observability, and cost optimization.

Is project and client data confidentiality protected?

Yes. Project information, internal needs, system access, datasets, and work files are handled professionally. For sensitive projects, access mechanisms, data restrictions, work documentation, and supporting agreements can be discussed from the start.

Can every type of AI project be handled?

Not all. PT XIPTOR SOFTWARE SERVICE only accepts projects that are legal, safe, and have a clear intended use. The company refuses malware, phishing, spyware, fraud automation, data theft, system manipulation, or technology that could harm others.

Post-Quantum Cyber Security | PT Xiptor Software Service

9. Post Quantum Cyber Security

Post Quantum Cyber Security Services

Standalone post-quantum cyber security services for organizations that need to identify cryptographic risk, prepare hybrid migration, protect long-lived data, and design security architecture that can evolve beyond classical-only cryptography.

PQC Readiness Assessment. Cryptographic Asset Inventory. Hybrid Migration & PKI Transition. Secure Communication Architecture.

PQC Readiness Assessment

Service Scope:

Review encryption use across web apps, APIs, VPN, databases, backups, certificates, and sensitive data flows
Identify systems exposed to long-term confidentiality risk and harvest-now-decrypt-later concerns
Classify cryptographic dependencies by business impact, data lifetime, owner, and migration complexity
Map quick wins, blocked areas, and systems that require deeper cryptographic engineering
Produce a PQC readiness scorecard, risk register, and prioritized migration roadmap
Executive briefing for technical, legal, procurement, and leadership stakeholders

Service Value: Establish the starting point for post-quantum transition without disrupting production systems.

USD 950.000 IDR 16.150.000.000 Request Scope

Cryptographic Asset Inventory & Risk Register

Service Scope:

Inventory algorithms, keys, certificates, protocols, libraries, hardware modules, and third-party cryptographic services
Document key owners, rotation cycles, expiry paths, certificate chains, and operational dependencies
Trace cryptography use inside authentication, signing, transport security, storage, backup, and integration flows
Build a risk register for unknown crypto, legacy protocols, hardcoded libraries, and long-lived secrets
Prepare remediation grouping by system criticality, data lifetime, and implementation effort
Deliver inventory workbook, architecture notes, and migration evidence pack

Service Value: Make hidden cryptography visible before any costly transition decision is made.

USD 1.400.000 IDR 23.800.000.000 Request Scope

Post-Quantum Architecture Blueprint

Service Scope:

Design target architecture for hybrid classical/post-quantum transition across application, network, and identity layers
Define crypto-agility patterns for replaceable algorithms, configurable policy, and staged rollout
Plan integration boundaries for TLS, API gateways, PKI, VPN, messaging, signing, and secure storage
Model performance, compatibility, certificate lifecycle, operational risk, and vendor readiness
Prepare migration phases with acceptance criteria, rollback strategy, and testing checkpoints
Deliver architecture diagrams, decision records, control matrix, and implementation backlog

Service Value: Convert PQC risk into a practical engineering architecture and migration path.

USD 2.200.000 IDR 37.400.000.000 Request Scope

Hybrid PKI & Certificate Transition Lab

Service Scope:

Create a controlled lab for certificate lifecycle, chain validation, trust store behavior, and compatibility testing
Evaluate hybrid certificate patterns for internal services, gateways, device fleets, and administrative channels
Review CA process, renewal workflow, revocation path, HSM dependency, and operational handoff
Test application and infrastructure compatibility before production PKI changes
Document known constraints, rollout phases, operational runbooks, and exception handling
Deliver PKI transition report, lab evidence, and production readiness checklist

Service Value: Reduce PKI transition risk before touching real production certificates.

USD 3.600.000 IDR 61.200.000.000 Request Scope

PQC Application & API Compatibility Pilot

Service Scope:

Select representative applications, APIs, service gateways, and integration points for PQC compatibility testing
Validate transport security, signing, key exchange, message verification, and client/server behavior in a lab environment
Review library dependencies, build pipeline impact, deployment constraints, and fallback behavior
Measure latency, payload overhead, operational complexity, and monitoring needs
Prepare secure rollout pattern for pilot services with risk controls and rollback logic
Deliver compatibility report, test cases, pilot implementation notes, and next-phase recommendations

Service Value: Test post-quantum readiness against real application behavior instead of assumptions.

USD 5.200.000 IDR 88.400.000.000 Request Scope

Critical Infrastructure Secure Communication Design

Service Scope:

Design secure communication patterns for regulated, operational, industrial, or high-dependence environments
Map sensitive data paths, command channels, administrator access, inter-site links, and machine-to-machine trust
Define layered controls for encryption, authentication, segmentation, logging, and resilience
Plan hybrid migration for VPN, private links, remote access, service mesh, and secure messaging
Prepare operational runbooks for key rotation, certificate renewal, incident handling, and emergency rollback
Deliver secure communication architecture, control matrix, and implementation roadmap

Service Value: Protect critical communications while preparing them for long-term cryptographic transition.

USD 7.600.000 IDR 129.200.000.000 Request Scope

Enterprise PQC Migration Program

Service Scope:

End-to-end migration program covering discovery, prioritization, architecture, pilot, governance, and rollout support
Coordinate application, infrastructure, identity, security, compliance, procurement, and vendor stakeholders
Define crypto-agility standards, migration acceptance gates, and operational ownership model
Set testing requirements for performance, compatibility, logging, backup, and incident response
Prepare executive roadmap with budget waves, risk reduction milestones, and dependency tracking
Deliver program board, evidence archive, migration backlog, and monthly steering reports

Service Value: Turn post-quantum readiness into a managed enterprise transition program.

USD 12.500.000 IDR 212.500.000.000 Request Scope

Sovereign PQC Security Program

Service Scope:

Strategic PQC program for government, public-sector, defense-adjacent, or institution-grade environments
Cryptographic risk mapping across long-lived data, critical infrastructure, secure communication, and high-trust systems
Policy, procurement, vendor-readiness, capability-building, and standards alignment support
Reference architecture for controlled migration across agencies, units, branches, or operational zones
Evidence governance for sensitive systems, audit trails, technical reviews, and executive reporting
Long-range roadmap for institutional resilience and post-quantum transition maturity

Service Value: Build a strategic post-quantum program for high-dependence environments with long-term risk exposure.

USD 28.000.000+ IDR 476.000.000.000+ Request Scope

PQC Dedicated Advisory Retainer

Service Scope:

Dedicated monthly advisory for cryptographic risk, security architecture, vendor review, and migration decisions
Ongoing review of new systems, procurement requests, integration plans, and sensitive data workflows
Periodic risk register updates, roadmap refinement, and leadership reporting
Technical support for labs, pilots, documentation, and engineering acceptance criteria
Coordination with internal security, infrastructure, legal, compliance, and executive teams
Monthly advisory memo with decisions, risks, next actions, and dependency follow-up

Service Value: Keep post-quantum transition decisions moving with retained expert support.

USD 850.000 / month IDR 14.450.000.000 / month Request Scope

Enterprise PQC Transition Bundle

Inclusions:

PQC readiness assessment, cryptographic inventory, architecture blueprint, and prioritized rollout roadmap
Hybrid migration planning for applications, APIs, PKI, VPN, service gateways, and long-lived data systems
Compatibility pilot for selected services with risk evidence, rollback plan, and operational checklist
Governance model for crypto-agility, vendor acceptance, procurement, and ownership handoff
Executive reporting pack with budget waves, migration stages, and risk reduction milestones
Post-implementation review and next-phase advisory plan

USD 4.800.000 - USD 12.500.000+ IDR 81.600.000.000 - 212.500.000.000+ Request Scope

Government & Strategic Institution PQC Program

Inclusions:

Institution-grade PQC program design for regulated, public-sector, or high-dependence environments
Strategic cryptographic risk mapping for long-lived data, critical services, and secure communications
Reference architecture, implementation roadmap, procurement guardrails, and standards support
Controlled pilot planning for sensitive systems, operational zones, and inter-unit communication
Capability-building documentation, executive briefings, and evidence governance process
Long-term transition roadmap covering governance, resilience, auditability, and operational maturity

USD 18.000.000 - USD 42.000.000+ IDR 306.000.000.000 - 714.000.000.000+ Request Scope