Transparent pricing that scales with your audit needs
Tiered plans based on connected systems and inventory size. Start small, grow with confidence, and only pay for what you use beyond your tier.
Starter
Seed startups prepping first SOC 2
Up to 2 integrations
Up to 1,000 components
- 1 framework template
- 20 audit packets/month
- 18-month data retention
- Email support
- Owner-based evidence workflow
- Tamper-evident audit trail
Team
Growing security/compliance teams running recurring audits
Up to 6 integrations
Up to 5,000 components
- 1 framework template
- 20 audit packets/month
- 18-month data retention
- Priority email support
- Owner-based evidence workflow
- Tamper-evident audit trail
- Advanced policy rules
Business
Multi-team orgs with continuous evidence workflows
Up to 15 integrations
Up to 20,000 components
- 2 framework templates
- 50 audit packets/month
- 18-month data retention
- Priority support + Slack
- Owner-based evidence workflow
- Tamper-evident audit trail
- Advanced policy rules
- Custom export templates
Enterprise
Regulated companies and complex environments
Up to Unlimited
Up to Unlimited
- Unlimited framework templates
- Unlimited audit packets
- 7-year data retention option
- Dedicated support + SLA
- SSO / SAML
- Dedicated tenant option
- Custom integrations
- Onboarding & training
Flexible add-ons and overages
Go beyond your tier limits with clear, per-unit pricing. No hidden fees.
Extra audit packets
$25 per packet
Beyond 20/month included
Additional components
$150 per 1,000
Above tier inventory limit
Extra integrations
$200 /month each
Beyond tier integration cap
Additional framework
$300 /month each
SOC 2, ISO 27001, custom, etc.
Feature comparison
| Feature | Starter | Team | Business | Enterprise |
|---|---|---|---|---|
| Connected integrations | 2 | 6 | 15 | Unlimited |
| Components inventoried | 1,000 | 5,000 | 20,000 | Unlimited |
| Audit packets / month | 20 | 20 | 50 | Unlimited |
| Framework templates | 1 | 1 | 2 | Unlimited |
| Data retention | 18 months | 18 months | 18 months | 7 years |
| Owner-based evidence workflow | ||||
| Tamper-evident audit trail | ||||
| Advanced policy rules | ||||
| Custom export templates | ||||
| SSO / SAML | ||||
| Dedicated tenant | ||||
| Custom integrations |
Frequently asked questions
What is a 'component' in inventory terms?
A component is a unique package, service, or version record discovered in your connected systems. For example, a single npm package at a specific version in one repository counts as one component.
What happens if I exceed my tier limits?
Overages are billed at transparent rates: $25 per additional audit packet, $150 per additional 1,000 components, and $200/month per additional connected integration. No surprises.
Can I add more framework templates?
Yes. Additional framework packs (e.g., adding ISO 27001 alongside SOC 2) are available for $300/month per framework beyond your tier's included count.
Is there a free trial?
We offer guided onboarding sessions where you can connect your systems and see real evidence collection in action. Contact our team to schedule a review.
What integrations are supported?
ControlEvidence Cloud connects with major Git hosting platforms, CI/CD systems, cloud providers, ticketing tools, and vulnerability/dependency scanners via API or OAuth.
How does the 7-year retention option work?
Available on the Enterprise plan, the extended retention add-on ($500/month) keeps tamper-evident audit records for 7 years instead of the standard 18 months.
Ready to streamline your audit evidence?
Connect your systems and start producing defensible evidence packets in minutes, not weeks.