Pricing

Start with one framework. Scale to as many as you need.

Most compliance tools give you software and leave the rest to you. Carbide gives you a credentialed team to run the program alongside you.

Foundation
$7,500
/year

Platform access with guided setup for a single compliance framework. Suited for companies starting their first program.

  • 1 Framework
  • AI Security Assistant
  • Policy Management Solution
  • Risk Assessment Solution
  • Automated Evidence Collection
  • Third Party Vendor Management
  • Audit Management Solution
  • Trust Center
  • Engagement Attestation Letter
Book a Demo
Advanced
$12,500
/year

Expanded platform with multi-framework support, weekly vulnerability scans, and continuous cloud monitoring.

  • 2 frameworks
Everything in Foundation, plus
  • Multi-Framework Mapping
  • Weekly Vulnerability Scans
  • Continuous Cloud Monitoring
Book a Demo
Fractional CISO
Custom pricing

Full shared responsibility. Carbide advisors build and run your security program through a structured four-phase engagement.

  • Custom frameworks
Everything in Advanced, plus
  • Custom Advisory Hours
  • Board and Executive Reporting
  • Auditor Selection & Management
  • Trust Audit™
Get pricing
Platform
Feature
  • Foundation
  • Advanced
  • Fractional CISO
AI Security Assistant
  • Yes
  • Yes
  • Yes
Policy Management Solution
  • Yes
  • Yes
  • Yes
Carbide Organizational Controls
  • Yes
  • Yes
  • Yes
Security Template Library
  • Yes
  • Yes
  • Yes
Risk Assessment Solution
  • Yes
  • Yes
  • Yes
Security Awareness Training
  • Yes
  • Yes
  • Yes
Asset Management Solution
  • Yes
  • Yes
  • Yes
Third Party Vendor Management
  • Yes
  • Yes
  • Yes
Compliance Documentation Solution
  • Yes
  • Yes
  • Yes
Audit Management Solution
  • Yes
  • Yes
  • Yes
Trust Center
  • Yes
  • Yes
  • Yes
Engagement Attestation Letter
  • Yes
  • Yes
  • Yes
Project Management Solution
  • Yes
  • Yes
  • Yes
Automated Evidence Collection
  • Yes
  • Yes
  • Yes
Continuous Cloud Monitoring
  • Yes
  • Yes
  • Yes
Vulnerability Scans
  • Yes
  • Yes
  • Yes
Help Center & Knowledge Base
  • Yes
  • Yes
  • Yes
Multi-framework Mapping
  • No
  • Yes
  • Yes
Security & Privacy Report with Third-Party Attestation
  • No
  • No
  • Yes
Advisory Team
Feature
  • Foundation
  • Advanced
  • Fractional CISO
Current State Assessment
  • Yes
  • Yes
  • Yes
Penetration Testing Services
  • Yes
  • Yes
  • Yes
Customer Success Manager
  • Yes
  • Yes
  • Yes
Advisor-led Onboarding
  • No
  • Yes
  • Yes
Security Questionnaire Support
  • No
  • No
  • Yes
Advanced Platform Setup
  • No
  • No
  • Yes
Shared Responsibility Model
  • No
  • No
  • Yes
Advisory Team
  • No
  • No
  • Yes
Advisory Team-led Working Sessions
  • No
  • No
  • Yes
Tabletop Exercises
  • No
  • No
  • Yes
Advisory Team-led Gap Analysis
  • No
  • No
  • Yes
Advisory Team-led Risk Assessment
  • No
  • No
  • Yes
Personalized Audit Guidance
  • No
  • No
  • Yes
Auditor Selection & Management
  • No
  • No
  • Yes
Audit Documentation Preparation
  • No
  • No
  • Yes
Trust Audit™
  • No
  • No
  • Yes
Remediation Project Management
  • No
  • No
  • Yes
Post-audit Compliance Management & Monitoring
  • No
  • No
  • Yes
Ongoing Program Expansion & Management
  • No
  • No
  • Yes
Custom Advisory Hours
  • No
  • No
  • Yes

Frequently Asked Questions

Does Carbide do penetration or vulnerability testing?

Yes! Carbide’s additional services include vulnerability scanning and penetration testing.

How long does it take to implement Carbide?

Some companies have implemented their information security program in a week, some in a month, and some in six months. While the Carbide platform is quick to deploy, how long updating your information security program takes will depend on the frameworks you are trying to implement and your existing security controls. The length of time will ultimately depend on the size of your company, the nature of your business, available bandwidth, compliance requirements, and other variables.

Does Carbide ensure compliance with SOC 2, ISO, HIPAA, PCI DSS, GDPR, and other frameworks or regulations?

Our security controls map against standard frameworks and regulations, including SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, NIST 800-171, NIST 800-53, CCPA, PIPEDA, CMMC and CIS Controls to secure your business or prepare you for vendor questionnaires and compliance audits. Carbide helps companies implement and maintain an information security program that utilizes industry-leading best practices and frameworks. Only an official auditor can “certify” you are compliant, though our Reporting Center provides the tools for internal evaluation and monitoring. Our expert security advisors are also available for strategic guidance and in-depth compliance reviews.

What are the payment methods?

We accept payment by credit card online (Visa, Amex and MasterCard). We also offer invoicing options for our subscription plans. Please contact sales@carbidesecure.com for more info.

Does Carbide conduct compliance audits?

We provide the tools and resources to prepare your company for an audit successfully, but Carbide does not conduct certified compliance audits. When our clients are ready to engage an official auditor, like a CPA firm certified to conduct SOC 2 evaluations, we connect them with one of our independent partners for a seamless, efficient audit experience. We do, however offer a third-party attestation and security report that can be shared externally