Pricing
One Platform, Scoped to
How You Operate
What you pay depends on where you operate, what you connect, and the compliance frameworks you're mapping against. Every quote starts with a scoping conversation.
What Basirah covers
Core
Structured remediation for a single team with a defined scanner footprint and one compliance framework.
- Scanner and ticketing integrations
- Single compliance framework mapping
- Model-assisted risk scoring
- Evidence packages (PDF export)
- Email-based support
Advanced
Multi-tool remediation with FAIR quantification, signed evidence, and identity federation for distributed teams.
- Expanded tool connections across scanner, SIEM, and identity layers
- Multiple compliance framework mappings
- Bassistant execution intelligence
- FAIR-based risk quantification
- Cryptographically signed evidence packages
- SSO and SCIM provisioning
Enterprise
Multi-region programs with sovereign data requirements, custom connectors, and dedicated operational support.
- Custom connector development
- Custom framework packages
- Isolated inference option
- Full Monte Carlo risk modeling
- White-label evidence packages
- Cloud, hybrid, or on-prem deployment
- Dedicated CSM and priority support
Pricing scales with the scope of your program — the integrations you connect, frameworks you map against, and the volume you run through the platform. Your account team builds a quote around your environment and region.
FAQ
Frequently Asked Questions
How does pricing work?
Pricing is scoped to your environment — the integrations you connect, frameworks you map against, your findings volume, and the region you operate in. Our team builds a quote around those inputs during the scoping process.
What should I include in a pricing request?
Share your current tools, expected findings volume, frameworks in scope, and preferred deployment model (cloud, hybrid, or on-prem).
Do you offer a free trial?
We offer guided demos and proof-of-concept deployments. Request a demo to get started.
Can we start with one business unit and expand later?
Yes. Many teams start with a scoped rollout and add integrations, users, and frameworks as the program expands.
Can we adjust scope after deployment?
Yes. Scoping is modular — add integrations, frameworks, or users through a scope adjustment conversation with your account team. Expansions don't require re-contracting.
Do framework mappings equal certification?
No. Basirah supports operational evidence and control mapping workflows, but framework conformance and certification outcomes are determined by your legal/compliance teams and auditors.
What counts as an integration?
Each connected tool (scanner, SIEM, ticketing system, identity provider) counts as one integration.
Are multi-year commitments available?
Yes. Multi-year agreements carry meaningful discounts. Your account team can scope these during the quoting process.
What procurement and security documents are available during evaluation?
We provide standard contracting and security documentation, including MSA/DPA templates, privacy and security overviews, and questionnaire support during vendor review.
What is the contract term?
Annual agreement as standard. Multi-year options available for qualifying commitments.
How does billing work?
Annual invoicing by default. Alternative billing structures can be scoped during quoting.
What does the implementation include?
Go-live timeline and onboarding plan are defined in the quote based on your environment.
What support coverage is included?
Support response windows are scoped as part of your deployment. Enhanced coverage is available as an add-on.
How is pricing affected by region?
Pricing reflects the regulatory environment, data residency requirements, and deployment infrastructure in your region. Our team scopes this during the quoting process.
Can I start with a limited scope and expand later?
Yes. Scoping is modular — expansions don't require re-contracting. Add integrations, frameworks, or users through a scope adjustment conversation with your account team.
Can I add integrations after initial deployment?
Yes. Connect additional scanners, SIEMs, ticketing systems, and identity providers through a scope adjustment.
Can I add more compliance frameworks?
Yes. Add control mappings and reporting templates for DORA, NIS2, SAMA CSF, NCA ECC, PCI DSS, HIPAA, and other frameworks.
Is extended evidence retention available?
Yes. Retain cryptographically signed evidence packages for 3 or 7 years.
Do you offer managed remediation services?
Yes. Expert-led remediation execution and verification for critical findings.
Next step
Tell us about your environment
Share your tool stack, compliance requirements, and deployment preferences. We'll build a quote around what your program actually needs.