Pricing

Modular GRC for multi-site teams — priced by footprint, not per seat

Every customer starts with Hub Core: programme rhythm, actions, dashboards and your site registry. Add the modules you need — controls, risk, privacy, audit, stores, vendors and NIS2 — à la carte or via a pre-built bundle.

Hub Core is required. Modules are add-ons on the same legal entity. Framework packs and implementation are optional.

1 · Hub CoreProgramme, actions, overview, site registry, SSO

2 · ModulesPick from 7 product areas — see below

3 · Framework packsISO, GDPR, NIS2, PCI, Patient Data Law

4 · AssuranceRequired support · optional Kickstart

Programme

Launch your GRC rhythm across sites

from ~€24k

Year 1 indicative · ≤25 sites · ex. VAT

Hub Core (Annual Wheel, actions, overview)
Controls & Frameworks
Governance (risk + policy)
Store Operations

Typical add-ons: 1 framework pack · Kickstart

Request quote

Assurance

Audit, privacy and store compliance for retailers

from ~€58k

Year 1 indicative · ≤150 sites · ex. VAT

Everything in Programme, plus:
Privacy & RoPA
Audit Suite (readiness + findings)
Vendors & Contracts
Executive Reporting

Typical add-ons: GDPR + Patient Data Law · Audit season prep

Request quote

Operating

Full NE footprint — NIS2, incidents, intelligence

from ~€95k

Year 1 indicative · unlimited sites · ex. VAT

All Assurance modules, plus:
Assets & NIS2
Incident Management
GRC Watch intelligence

GRC Watch also available à la carte on Operating tier · multi-entity quotes on request

Talk to us

Hub Core Required

Annual licence per legal entity · GRChub Azure hosting · Entra SSO

Programme management — Annual Wheel (always included)
Remediation & actions register
Overview dashboard & site / store registry
Entra SSO, roles, multi-user sync, PDF/JSON export

Site band	≤25 sites	≤150 sites	Unlimited
Hub Core	€6,900 · 52k DKK	€18,500 · 138k DKK	€45,000 · 335k DKK

Module add-ons Requires Core

Seven product areas aligned to the GRC Console. Expand each for capability detail. 10% off 2+ modules · 15% off 5+ · 20% off full stack.

Controls & Frameworks +€1,200 · +€3,000 · +€7,500

Framework scoping, control register, maturity scoring.

Frameworks, Controls, Maturity views
Maps to ISMS & ISO 27001

Governance +€700 · +€1,750 · +€4,500

Enterprise risk register and policy library — single SKU at launch.

Risk Register · Policy management
Risk scoring, treatment, control linkage

Privacy & RoPA +€1,800 · +€5,500 · +€16,000

RoPA, DPIA, privacy assessment inbox.

Data Privacy register & workflows
Separate from Patient Data Law framework packs

Audit Suite +€900 · +€2,250 · +€5,500

Auditor workspace plus audits & findings programme.

Audit readiness · Internal audits · Findings register
Evidence library & audit season views

Store Operations +€800 · +€2,000 · +€5,000

Store assessments, store register workflows, PDL integration.

Store assessments inbox · Store Register
Annual Wheel stays in Hub Core

Vendors & Contracts +€1,300 · +€4,000 · +€12,000

Vendor tiering, DPA tracking, contract lifecycle.

Vendor register · Criticality · Assessment gaps

Assets & NIS2 +€500 · +€1,500 · +€4,000

Essential-function mapping, asset verification, NIS2 linkage.

Assets register · NIS2 coverage views

Add-on prices shown as ≤25 · ≤150 · Unlimited site bands per year. GRC Watch (+€600 · +€1,500 · +€3,500) and Incident Management (+€500 · +€1,250 · +€3,000) available à la carte on Operating tier — included in the Operating bundle above.

Module comparison

Capability	Core	Programme	Assurance	Operating	À la carte
Annual Wheel (programme management)	●	●	●	●	—
Remediation & actions	●	●	●	●	—
Overview dashboard & site registry	●	●	●	●	—
Controls & frameworks · maturity	○	●	●	●	○
Enterprise risk	○	●	●	●	○
Policy management	○	●	●	●	○
Privacy & RoPA	○	—	●	●	○
Audit readiness & findings	○	—	●	●	○
Store compliance	○	●	●	●	○
Vendors & contracts	○	—	●	●	○
Assets & NIS2	○	—	—	●	○
Incident management	○	—	—	●	○
Executive reporting	○	—	●	●	○
GRC Watch intelligence	○	—	—	●	○

● Included · ○ Add-on module · — Not in bundle (available à la carte where marked)

Framework packs

Pack	Annual
ISO 27001 / ISMS	€2,400 · 18k DKK
GDPR & data protection	€1,800 · 13k DKK
NIS2	€2,800 · 21k DKK
PCI DSS	€3,200 · 24k DKK

Patient Data Law — per country

One pack per country. Patientdatalagen (PDL) is Sweden only.

Country	Annual
Sweden (Patientdatalagen, HSLF-FS)	€2,200 · 16k DKK
Denmark	€2,000 · 15k DKK
Norway	€1,800 · 13k DKK
Finland	€1,800 · 13k DKK
Netherlands	€1,800 · 13k DKK

15% off 2nd+ Patient Data Law country packs. Separate from Privacy & RoPA module (GDPR/RoPA tooling).

Implementation (fixed price, Year 1)

Service	Price
Kickstart — programme launch, roles, first annual wheel	€12,000 · 89k DKK
Annual wheel setup	€10,000 · 75k DKK
Maturity baseline	€8,000 · 60k DKK
Audit season prep	€15,000 · 112k DKK
Privacy onboarding	€6,500 · 48k DKK
Vendor onboarding — register, DPA workflow, top-20 vendors	€6,500 · 48k DKK

Software Assurance (required)

Standard — 20% of licence (min €4,500). Premium — 25% (min €6,000). Software operations only — not consulting.

Indicative Year 1: Programme (Core + Kickstart) ~€24k · Assurance (≤150 sites, full retailer stack) ~€58k · Operating (unlimited, all modules) ~€95k. All ex. VAT.

Request a quote