Compliance Controller
Start free

Multi-framework compliance, run by your team

Run compliance assessments without running yourself ragged.

Assess against CMMC, ISO 27001, and more from one workspace. Author your policy library, manage SOPs, collaborate with reviewers, and remediate gaps with corrective action plans — everything backed by one consolidated audit trail.

Start 30-day free trialSee plans

No credit card required · Full platform access during trial

Capabilities

Everything you need to run a compliance program

Multi-framework assessments

Pick a framework, get the full control catalog. Status, findings, evidence, test status, scoring tuned to each framework's authoritative model. Switch between frameworks for the same organization without re-keying anything.

Policy library

Pre-drafted policies mapped to every control. Implementers see the relevant policy text inline while assessing the control. Edits go through a change-request workflow with policy-team approval and immutable version history.

Standard Operating Procedures

Maintain SOPs alongside the controls they support. Reviewer approval before activation. Versioned snapshots so auditors can see what was in effect on any given date.

AI-assisted intelligence

Findings drafts, executive summaries, control explanations, CAP autofill, milestone planning. Every output grounded in your data — no external lookups, no surprises.

Team collaboration

Per-assessment roles (Lead, Contributor, Reviewer, Viewer) plus Company-level roles for policy authoring. Review workflows, control-level membership, and audit logs that tell you who did what.

Reports + exports

Executive summaries, domain breakdowns, gap analyses, printable PDFs, structured Excel exports. Share with stakeholders or attach to formal audit packages.

Frameworks

Live today, more on the roadmap

Existing customers vote on what ships next. Most-requested wins.

Available now

  • CMMC 2.0
  • ISO/IEC 27001:2022
  • SOC 2 (Trust Services Criteria)
  • NIST Cybersecurity Framework 2.0
  • HIPAA Security Rule
  • NIST SP 800-53 Rev 5 (Low Baseline)

Roadmap

  • PCI DSS v4
  • GDPR
  • HITRUST CSF
  • ISO 27701
  • CCPA / CPRA
  • FedRAMP

Pricing

Simple tiers. Add what you need.

Every plan starts with a 30-day free trial of the full platform. Pick what to keep at conversion.

Bronze

$99/month

One framework. Get a program off the ground.

  • 1 assessment framework
  • Default Assessments module
  • Email support
Start with Bronze

Silver

$199/month

One framework + one add-on of your choice.

  • 1 assessment framework
  • 1 add-on module (Policy / SOP / Intelligence)
  • Email support
Start with Silver
Most popular

Gold

$399/month

Two frameworks + two add-ons. The mainstream choice.

  • 2 assessment frameworks
  • 2 add-on modules
  • Priority support
Start with Gold

Platinum

$799/month

Four frameworks + four add-ons. Enterprise-ready.

  • 4 assessment frameworks
  • 4 add-on modules
  • Priority support
  • Onboarding session
Start with Platinum

Custom plan

Pick the exact frameworks and modules you need. Volume pricing for multi-tenant deployments. Sales-priced.

Talk to us

Add-on modules can be purchased à la carte beyond your tier's included slots. Cancel anytime. Annual billing available with a discount.

Add-on modules

Stack the modules your program needs

Beyond the assessments core that ships with every plan, mix and match the modules below. Bundle two or more and the discount tiers kick in automatically.

Policy Module

Per-framework policy library with control-level mappings, change-request workflow, and immutable version history.

$99 / month

SOP Module

Standard Operating Procedures with reviewer-approval workflow and immutable versioning.

$99 / month

Intelligence Module

AI-assisted findings drafts, executive summaries, control explanations, CAP autofill, milestone planning.

$149 / month

Modules can be activated or deactivated from your subscription page at any time. Pricing prorates within the billing period.

Trust

Built like the standard you're trying to meet

Encryption everywhere

TLS in transit, encrypted at rest in PostgreSQL on Neon. Backups encrypted.

Immutable audit trail

Every membership change, control mutation, review decision, and policy edit recorded. Auditor-ready exports.

MFA from day one

TOTP multi-factor required on every account — privileged or otherwise.

Tenant isolation

Company boundary enforced at the data-access layer. One Company's data is never queryable by another.

Immutable policy versions

Approved policy edits create new versions; historical versions retained forever. Answer 'what did our policy say on date X' instantly.

AI grounded in your data

AI features use only the inputs you provide. No external retrieval, no training on your content.

Frequently asked

Answers to the obvious questions

What happens after the 30-day trial?

Your data stays. You pick a paid plan to keep editing or maintain read-only access until you decide. We never auto-bill without an explicit plan selection.

Can I switch plans?

Yes — upgrade or downgrade any time. Slot allowances change immediately. We prorate changes mid-cycle.

What's the difference between an assessment and a module?

An assessment is one pass against one framework (e.g. CMMC 2.0 Level 2). A module is a feature surface (Policy library, SOPs, AI Intelligence). Every plan includes the Assessments module by default; Silver and up add modules of your choice.

Can I add more than my tier allows?

Yes — extra frameworks and modules are available à la carte beyond your included slots, or jump to the next tier.

Is there a self-hosted version?

Not at this time. The platform runs on cloud infrastructure with strong tenant isolation. Talk to us if your requirements include single-tenant or on-prem deployment.

Who's behind this?

An engineering team that's spent years inside compliance programs and got tired of spreadsheets pretending to be GRC tools. Email hello@compliancecontroller.example to chat.