Run compliance for every client
from one command center.
VIGIRAD gives advisory firms one platform to manage ISO 27001, SOC 2, NIS2, DORA and more across an entire portfolio — risk, controls, evidence, audits and a branded client portal.
No card required to start · Cancel anytime
Frameworks built in
Every client in its own isolated, branded workspace — managed from a single command center.
Cross-framework control mapping means evidence and answers carry across ISO, SOC 2, NIS2 and more.
Trust Center, audit-ready exports and continuous monitoring keep posture defensible in real time.
Everything a GRC practice needs
One platform, no spreadsheets. From first control to signed audit.
Activate ISO 27001, SOC 2, NIS2, DORA, NCA ECC and more. Controls map across frameworks automatically — answer once, satisfy many.
Inherent and residual scoring, treatment plans, KRIs and a live risk matrix that rolls up to a portfolio posture.
A single control library with an evidence vault, ownership, and continuous-monitoring status for every requirement.
Author, version and publish policies, then collect attestations and track who has read what.
Run internal and external audits, log findings, and drive corrective-action plans to closure.
Draft policies, summarise gaps, recommend evidence and answer framework questions, grounded in each client’s data.
A shareable, NDA-gated page that shows prospects your security posture — without sending the whole audit.
Give each client a portal under your brand to upload evidence, sign off policies and see their own posture.
How it works
Create a branded workspace per client in seconds. Pick the frameworks they need.
Controls auto-map across frameworks; collect evidence, attestations and run your risk register.
Share a Trust Center, export audit-ready reports, and keep posture green with continuous monitoring.
Your brand, your platform
On Pro and above, every client portal carries your logo and colours. Enterprise adds your own custom domain and single sign-on — so it’s your product, powered by VIGIRAD underneath.
Four packages. Fully modular.
Start small and grow. Every tier includes the full GRC core — higher tiers unlock more.
For independent GRC consultants starting out
- ✓Unlimited frameworks (ISO 27001, SOC 2, NIS2, DORA, NCA ECC …)
- ✓Controls, risk register & policies
- ✓Evidence vault & continuous monitoring
- ✓Audits, CAPs, incidents & tasks
- ✓Certificate lifecycle & cross-framework mapping
- …and the full GRC core
For growing consultancies managing more clients
- Everything in Starter, plus:
- ✓Sky — AI assistant
- ✓Trust Center
Scale your practice with full platform access
- Everything in Advanced, plus:
- ✓White-label branding
- ✓REST API & webhooks
- ✓CSV import / export
Unlimited scale for large GRC firms
- Everything in Pro, plus:
- ✓SSO (Google / Microsoft)
- ✓Custom domain
Prices in EUR, billed monthly. Annual billing saves 20%. Need something custom? Contact us.
Built for security teams
Tenant isolation, audit trails and least-privilege access are first-class — not add-ons.
Each client’s data is strictly scoped. Cross-tenant access is blocked at the data layer.
Every meaningful action is logged — who did what, when, in which workspace.
Owner, member and client roles with least-privilege defaults and SSO on Enterprise.
Soft-delete with a 30-day recovery window protects against accidental loss.
Questions, answered
GRC consultancies, MSSPs and advisory firms that manage compliance for multiple client organisations from one platform.
Yes. Every client lives in an isolated workspace. Your team works across the whole portfolio; each client only ever sees their own.
On Pro and above you get white-label branding — your logo, colours and client portal. Enterprise adds a custom domain and SSO.
Pick a package below. Subscriptions activate automatically after checkout. Upgrade, downgrade or cancel any time.
Ready to run your whole portfolio in one place?
Start a free trial today — your first client workspace is minutes away.