Transparent, predictable pricing
No hidden fees. Start with a free trial, upgrade when you're ready.
Always Free
- 30-question cross-framework readiness assessment
- Maps to CE, ISO 27001, CAF, and DORA simultaneously
- Prioritised gap analysis and roadmap
- Unified Compliance Dashboard
- Cyber Essentials, CAF, DORA, ISO 27001, AI Governance
- One Phronesis AI analysis run per assessment
- Sector benchmarking
- PDF, JSON, and share export restricted during trial
Assessment Products
- Cyber Essentials v3.3
- NCSC CAF (14 principles, 83 questions)
- DORA (5 pillars, 49 questions)
- ISO 27001:2022 (8 sections, 58 questions)
- AI Governance (EU AI Act, ISO 42001, NIST AI RMF)
- Unlimited Phronesis AI analysis runs
- Full PDF, JSON, and share export
- Sector benchmarking
- Unified Dashboard — cross-map CAF, DORA & ISO 27001 to NIS2 & NIST CSF 2.0
- AI Policy Generator — 8 tailored security policies
- Evidence Vault — per-question file attachments with VirusTotal malware scanning and Cloud DLP PII inspection
- Cyber Essentials v3.3 assessment
- Single Phronesis AI analysis
- 30-day read-only result access
- Full PDF, JSON, and share export
Specialist Assessments
Consultancy-delivered assessments for PE firms and SOC teams. Invoiced per engagement.
- 14-theme IASME-aligned assessment (70 questions)
- IASME tier badge and RAG deal risk rating
- 100-day remediation plan with cost band
- Phronesis AI deal analysis
- Single analysis, 30-day result access
- 7-domain capability assessment (70 questions)
- SOC type filtering (Enterprise, SMB, MSSP)
- Practitioner evidence capture
- Phronesis AI analysis
- Single analysis, 30-day result access
Supply Chain Risk Manager
Supplier questionnaire distribution, Risk Purview external verification, and portfolio risk tracking.
- Up to 50 suppliers
- Questionnaire distribution with email delivery
- Risk Purview passive scans (attack surface, breach intel, SSL/DNS hygiene, corporate register)
- Monthly automated re-scans with drift alerts
- Phronesis Portfolio Risk Analysis — AI-generated narrative report across your full supplier portfolio, covering aggregate risk posture, critical gaps, and prioritised remediation guidance
- Trend sparklines and contradiction detection
- Up to 200 suppliers
- Everything in Tier 1
- Active CVE & misconfiguration scanning — proprietary pipeline probes subdomains, open ports, and running services for exploitable vulnerabilities
- Custom questions — author up to 50 bespoke scorable questions, append up to 25 per send
- Ideal for organisations with complex or high-risk supply chains
| Feature | Tier 1 | Tier 2 |
|---|---|---|
| Suppliers managed | Up to 50 | Up to 200 |
| Questionnaire distribution & email delivery | ✓ | ✓ |
| Risk Purview passive scans (breach intel, SSL/DNS, attack surface, Companies House) | ✓ | ✓ |
| Monthly automated re-scans & drift alerts | ✓ | ✓ |
| Trend sparklines & contradiction detection | ✓ | ✓ |
| Phronesis Portfolio Risk Analysis Report | ✓ | ✓ |
| Active CVE & misconfiguration scanning | — | ✓ |
| Custom scorable questions (up to 50 authored, 25 per send) | — | ✓ |
Feature Comparison
| Feature | Free Trial | CE One-Shot | Assessment Bundle |
|---|---|---|---|
| Compliance Readiness Assessment | ✓ | ✓ | ✓ |
| Cyber Essentials Assessment | ✓ | ✓ | ✓ |
| CAF, DORA, ISO 27001, AI Governance | ✓ | — | ✓ |
| Phronesis AI Analysis | 1 run per assessment | 1 run | Unlimited |
| PDF / JSON Export | — | ✓ | ✓ |
| Share Results | — | ✓ | ✓ |
| Sector Benchmarking | ✓ | ✓ | ✓ |
| Unified Dashboard | ✓ | ✓ | ✓ |
| AI Policy Generator | — | — | ✓ |
| Evidence Vault | — | — | ✓ |
| Result Access Duration | 7 days | 30 days | Unlimited |
Frequently Asked Questions
Can I upgrade from a free trial to a paid plan?
Yes. Your assessment data is preserved when you upgrade. Contact us and we'll activate your subscription immediately.
How many Phronesis AI analysis runs do I get on the free trial?
One run per assessment — so you can sample Phronesis across all five frameworks (Cyber Essentials, CAF, DORA, ISO 27001, AI Governance). This matches the CE One-Shot product (one run per purchase). Subscribe to the Assessment Bundle for unlimited re-runs.
What happens when my CE One-Shot expires?
After the 30-day read-only window, your results are no longer accessible. You can purchase another one-shot or upgrade to the Assessment Bundle for ongoing access.
Can I switch between Supply Chain tiers?
Yes. Contact us to upgrade from Tier 1 to Tier 2. Your existing suppliers and scan history are preserved.
Is there a contract or commitment period?
Monthly subscriptions (Assessment Bundle, Supply Chain) can be cancelled at any time. One-shot purchases (CE, PE DD, SOC) are single payments with no recurring commitment.
Do you offer discounts for multiple products?
Yes. Contact us to discuss bundled pricing if you need both assessments and Supply Chain Risk Manager access.
Questions? Talk to us.
Our team can help you choose the right plan and get set up.
Contact Us