Pricing built around where you are.
Four tiers, matched to where you sit in the GRC lifecycle. No feature gates, no surprise invoices - just the modules that fit your stage, priced on outcomes.
Find the tier that fits where you are.
Don't pay for modules you don't need. Each tier bundles the modules that match a specific stage in the GRC lifecycle from exploration through to post-implementation value measurement.
- 01 · Selection (curated 20+ vendors)
- Implementation
- Oversight
- Program Mgmt
- Health Check
- Value Optimisation
- 01 · Selection (full 200+ vendors)
- 02 · Implementation (12-stage audit)
- 04 · Program Mgmt (RAAIDD registers)
- Oversight
- Health Check
- Value Optimisation
- Selection
- 02 · Implementation (12-stage audit)
- 03 · Oversight (exec dashboard)
- 04 · Program Mgmt (RAAIDD registers)
- Health Check
- Value Optimisation
- Selection
- Implementation
- Oversight
- Program Mgmt
- 05 · Health Check (30-min assessment)
- 06 · Value Optimisation (7-source)
Module coverage by tier.
Every module, and which tiers include it.
Trust & security.
We're building RiskBridge for the Australian regulated market financial services, health insurance, energy, and government. Data sovereignty, compliance alignment, and sector fit are designed in, not bolted on.
ISO 27001 certification
Formal certification in progress. ISMS built out, policies live, internal audit cycle complete. Target certification Q4 2026.
APRA CPS 230 & CPS 234
Platform designed in alignment with APRA operational risk and information security standards the baseline for Australian financial services.
SOC 2 Type II
Observation period begins Q2 2026 with formal Type II report targeted Q3 2026. Type I available on request for early customers.
Pricing & program FAQ.
We're in beta, and pricing depends on your organisation's size, complexity, and chosen tier. We'd rather quote something that actually fits than publish a number and pad it with exceptions. A 30-minute scoping call gets you a tier, a price, and a start date.
The modules are live and in use with customers. Beta means you get founding-customer pricing, direct access to the team building it, and input on the product roadmap. In exchange, we ask for honest feedback and a case study when the engagement delivers value.
Yes tiers reflect a stage in the journey, and most customers move between them. Starter → Tier 1 as you begin a selection process. Tier 1 → Tier 2 as implementation progresses. Tier 2 → Tier 3 once the platform is live and you want to measure value. No penalty, no reset of setup work.
Australian-region Google Cloud Platform (au-southeast1 Sydney). Data sovereignty is a hard requirement for our APRA-regulated customers, so it's non-negotiable for us. No cross-border processing, no offshore support access.
For paid tiers: 12-month minimum term, paid annually or quarterly. Starter is free, forever, no contract. All beta customers get a 30-day assessment period if it's not working, we refund and release you without penalty.
Yes, on Tier 2 and Tier 3. Per-subsidiary registers, group-level roll-ups, and separate reporting views are included. Particularly relevant for PE-backed groups, government departments, and federated financial services structures.
What our beta customers say.
Let's work out what fits.
A 30-minute scoping call, no commitment. We'll ask where you are in the journey, what's in the stack, and what outcome matters and come back with a tier and a price.
