Compliance plans that grow with
your organisation
From early-stage privacy readiness to advanced multi-framework assurance. No hidden fees, no complex lock-ins.
- Core GRC Framework Readiness
- Policy Library & Document Management
- Asset & Vendor Inventory
- Basic Control Mapping
- Task Management & Reminders
- Audit Trail & Activity Logs
- Up to 5 seats · 3 Business Units
- Everything in Starter
- Advanced Enterprise Risk Register
- Automated Evidence Collection
- Cross-Framework Control Mapping
- Vulnerability & Patch Management Logs
- Advanced Analytics & Compliance Trends
- API Access & Custom Integrations
- Up to 25 seats · 15 Business Units
- Everything in Advanced
- Multi-Entity Hierarchy Management
- Dedicated Auditor Portal
- Regional Frameworks (NCA-ECC, SAMA)
- Dedicated Data Residency (KSA/UAE)
- SSO/SAML & Enterprise Security
- Dedicated Customer Success Manager
- Unlimited seats & domains
Already have an account? Sign in to upgrade →
Full Feature Comparison
All limits are per account per month unless stated.
| Feature | Starter | Advanced | Enterprise | |
|---|---|---|---|---|
| Limits | ||||
| User seats | 2 | 10 | Unlimited | |
| Business Units / Entities | 1 | 3 | Unlimited | |
| Active Frameworks | 1 | 3 | Unlimited | |
| Assets / Inventory Items | 50 | 500 | Unlimited | |
| Audits / frameworks | - | 3 | Unlimited | |
| Frameworks & Audits | ||||
| Pre-mapped Framework Libraries (ISO, SOC2) | ||||
| Evidence Collection Automation | ||||
| Cross-Framework Control Mapping | ||||
| Auditor Portal (External Access) | ||||
| Governance & Inventory | ||||
| Entity & Business Unit Hierarchy | ||||
| Asset & Process Inventory | ||||
| Vendor & Third-Party Risk | ||||
| Policy Management & Versioning | ||||
| Risk Management | ||||
| Enterprise Risk Register | ||||
| Automated Risk Scoring | ||||
| Remediation Task Tracking | ||||
| Regional Framework Controls (NCA, SAMA) | ||||
| Security & Support | ||||
| Standard email support | ||||
| Priority support | ||||
| MFA & IP allowlisting | ||||
| 99.9% SLA & dedicated CSM | ||||
| Private cloud / data residency | ||||
14-day money-back guarantee
If you're not satisfied within 14 days of signing up, we'll refund you in full — no questions asked. View refund policy →
Frequently asked questions
Can I change plans later?
Yes. Upgrades take effect immediately; downgrades apply at the end of your current billing period. Contact our billing team and we'll handle it promptly.
What frameworks are supported?
We support global standards like ISO 27001, SOC 2, and NIST, alongside regional MENA frameworks such as NCA-ECC, SAMA-CSF, and Bahrain PDPL.
What counts as a "seat"?
A seat is any named user who can log in to your brightGRC account — including compliance officers, IT leads, or internal auditors.
Can we move data to a local region?
Yes. For Enterprise customers, we offer dedicated data residency in KSA, UAE, or Bahrain to meet strict local sovereignty requirements.
Do you offer onboarding support?
Absolutely. All plans include access to our knowledge base. Advanced and Enterprise plans include dedicated onboarding sessions to map your existing controls.
Ready to Transform Your Compliance?
Join leading organisations across MENA who trust brightGRC for their governance, risk, and compliance needs.