Self-hosted · Air-gap ready · Zero trust

Compliance that runs
on your infrastructure

Automated assessments, risk quantification, and incident response for SOC 2, ISO 27001, and CMMC. Deploy with Docker in minutes.

Start 30-Day Free Trial Read the Docs
SOC 2 Type II 33 controls
ISO/IEC 27001:2022 54 controls
CMMC Level 2 110 controls
Sovereign GRC Dashboard

Everything you need for continuous compliance

30 integrated modules covering the full GRC lifecycle.

Automated Assessments

AI-powered control evaluation with Steampipe cloud queries. Assess SOC 2, ISO 27001, and CMMC from one platform.

Incident Response

NIST 800-61 compliant workflow with SLA tracking, automated OPA playbooks, and regulatory breach notification.

Risk Quantification

FAIR methodology with Monte Carlo simulation. KRI monitoring with configurable thresholds and trend analysis.

📄

Policy Management

Administrative policy lifecycle with review tracking, approval workflows, and OPA Rego policy linking.

👥

Vendor Risk (A2A)

Agent-to-Agent attestation protocol for automated vendor compliance data exchange. SOC 2 and ISO 27001 report ingestion.

🔒

Tamper-Evident Audit Log

SHA-256 hash chain with cryptographic integrity verification. Every action recorded and verifiable.

Simple, transparent pricing

Self-hosted on your infrastructure. No data leaves your network.

Community

Free forever
For small teams evaluating GRC tooling.
  • Up to 5 users
  • All 3 frameworks
  • Manual assessments
  • Policy management
  • Basic reporting (JSON)
  • Community support
Get Started Free

Professional

$499/mo
For teams running compliance programs.
  • Up to 25 users
  • AI-powered assessments
  • Steampipe cloud queries
  • Risk quantification (FAIR)
  • PDF, XLSX, HTML reports
  • Incident response workflows
  • Vendor A2A attestation
  • Email support
Start Free Trial

Enterprise / Air-Gap

Custom
For regulated industries and air-gapped deployments.
  • Unlimited users
  • Local vLLM (no cloud dependency)
  • GovCloud deployment support
  • SSO / SAML integration
  • SOX compliance module
  • BCM / disaster recovery
  • Dedicated support
  • Custom SLA
Contact Sales

Get your free 30-day trial key

Enter your email to receive a license key. No credit card required. Deploy on your own infrastructure in minutes.

Deploy in 3 commands

Docker Compose stack with PostgreSQL, Redis, OPA, and Steampipe included.

# 1. Download and configure
curl -sSL https://get.sovereign-grc.com/install.sh | bash

# 2. Add your license key
echo "LICENSE_KEY=your-key-here" >> .env

# 3. Start everything
docker compose up -d
Step 1

Install

One-line installer handles Docker, secrets, and configuration.

Step 2

Activate

Paste your trial or purchased license key into Settings.

Step 3

Assess

Create your first assessment and connect cloud providers.