As yang said, you need to license each module separately. The implementation time depends on the modules you're installing. It also depends on the customer's needs. Like the number and complexity of the policies, how long it will take to meet with and discuss the requirements, etc. Since you said that the environment is so small, I'd assume that the company isn't as structured as a huge organisation so it would be easier to inform the users and educate them, cutting down the amount of leg-work that you'll have to do.
Assume 2 days for the installation of the products alone (this is the recommendation I got from my channel advisor)...especially if there is an existing Oracle server there. Integrating and updating would be harder than doing a clean install. I don't really agree with this one and I think 1/2 - 1 day is enough.
Next you could work with 2 days for meeting with the execs, and designing/planning the policies (not implementing them on the actual system).
Another 2 days could be for installing them and outing all the fires that come up from the small misconfigurations and such that are unexpected. Also, this would be to tune the policies so they'd be as sensitive as you'd like.
One last day could be used to provide documentation on how to use the system, create new policies and tune them, and any other thing that the customer will need to know how to do.
So that would be about 6-7 days and it's always safe to estimate up just in case stuff happen that you don't expect.
Remember though that your deployment is small and so it might be a lot easier to do some of the planning and meeting. If the requirements aren't that strict and you practise the deployment in-house before, you could easily do the deployment in 5 days.
(1 day = 8 hours)
These are only my assumptions/estimations and would vary from customer to customer and from partner to partner. They are not hard and fast and I don't know if they adhere to any Symantec recommendation or best practice.
Hope it helps!
- xlloyd