Plans and how you deploy
Choose Starter to run assessments in the browser, Professional for our hosted app with a vendor portal and team collaboration, or Enterprise when you need the product on your own infrastructure. Federal & custom is for defense and regulated programs—we scope it with you.
What changes between plans
Higher tiers add shared storage, report history, a vendor-facing portal, SSO, APIs, and stricter support commitments. Starter keeps data on the device; cloud plans encrypt customer data in our environment. Details and limits are in the comparison below.
Starter
Runs in your browser
For teams that want vendor assessments without sending data to our cloud. Best for pilots and strict data-location needs.
Best for
- Small teams & pilots
- Data stays on your device
- One-time license, predictable cost
What you get
- Vendor reports — standard layout, PDF export
- NIST SP 800-161 inherent risk scoring — runs entirely client-side
- Vendor Threat Radar for up to 25 vendors
- Dashboard and assessment workflows
- Up to 5 team members · 2GB local storage
- Optional: $99/yr — updates, feed refreshes, email support
- Vendor portal for evidence upload
- API access & custom report sections
Professional
Hosted app & vendor portal
Reports, versioning, and a portal so vendors submit evidence without endless email. For teams managing an active vendor portfolio.
Best for
- Procurement, security, and GRC teams
- Board- or audit-ready reporting
- Full workflow before Enterprise tier
What you get
- Vendor reports — multiple layouts, portfolio views, saved versions
- Vendor portal — evidence upload, status, and sign-off. Up to 25 active vendor programs.
- NIST-aligned scoring plus dependency vulnerability checks
- Automated workflows and custom templates
- Your branding on reports · API (10K calls/mo)
- Up to 100 vendor assessments · 25 team members · 15GB encrypted storage
- Priority support, updates, and threat feed refreshes included
Enterprise
Your infrastructure. Your branding. Your SLA.
Run VendorSoluce on your infrastructure with your branding, SSO, full APIs, and custom report sections—ideal when data must stay in your environment.
Best for
- Your servers or private cloud
- Consulting & multi-client TPRM
- Integrate with your GRC or internal tools
Everything in Professional, plus
- Vendor reports — custom sections, your branding, reports via API
- Vendor portal — single sign-on, your domain, unlimited vendor programs
- Deployment on your infrastructure (per contract)
- Full API and custom integrations · multiple organizations
- Unlimited team members and assessments · 200GB encrypted storage
- Dedicated account manager · SLA guarantee · 24/7 email/ticket support
Federal & Custom
Regulated supply chains. Scoped with you.
For defense and federal contractors who need CMMC, FedRAMP-aligned, and FISMA-oriented workflows. Pricing is set with your program team.
Best for
- Defense & federal agencies
- Regulated primes & contractors
- CMMC, FedRAMP & FISMA programs
Everything in Enterprise, plus
- CMMC 2.0 workflows and supply-chain reporting
- FedRAMP & FISMA-oriented tracking and templates
- Government-style vendor reports with audit-friendly formatting
- Vendor portal with government branding options
- APIs and integrations · 1TB storage
- Dedicated federal support team · Federal SLA
Deliverables by plan
Open a section to compare plans. Icons mean included or not; short text explains limits where it matters.
Risk & compliance
| Feature | Starter Local · browser |
Professional Managed SaaS |
Enterprise Client-hosted |
Federal & Custom Regulated |
|---|---|---|---|---|
| Vendor risk scoringFramework-aligned | In your browser | Hosted; data saved | On your systems | Federal programs |
| NIST 800-161 (supply chain) | ||||
| Open-source dependency checks | ||||
| CMMC 2.0 | ||||
| FedRAMP & FISMA | ||||
| Vendor capacityTypical portfolio size | ~50 active browser limit |
Unlimited | Unlimited | Unlimited per contract |
Vendor reports
| Feature | Starter Local · browser |
Professional Managed SaaS |
Enterprise Client-hosted |
Federal & Custom Regulated |
|---|---|---|---|---|
| Generate & download report (PDF) | On-the-fly — not stored | |||
| Report history & versioning | Browser storage limit | |||
| Portfolio summaries | In-session only | Persistent | Persistent | Persistent |
| Custom report sections | Standard template only | Standard + custom templates | Full custom sections | Audit-friendly format |
| Custom branding | ||||
| Reports via API |
Vendor portal
| Feature | Starter Local · browser |
Professional Managed SaaS |
Enterprise Client-hosted |
Federal & Custom Regulated |
|---|---|---|---|---|
| Portal for vendors | Needs hosting | Managed | Self-hosted | Gov branding |
| Evidence file submission | File size limit | Cloud storage | Your storage | Gov-grade storage |
| Status & sign-off | ||||
| Single sign-on & custom domain | ||||
| Concurrent vendor programs | None | Up to 25 | Unlimited | Unlimited |
Data & hosting
| Feature | Starter Local · browser |
Professional Managed SaaS |
Enterprise Client-hosted |
Federal & Custom Regulated |
|---|---|---|---|---|
| Data location | Your browser only — nothing leaves your device | VendorSoluce cloud (encrypted) | Your infrastructure | Your infrastructure or approved gov cloud |
| Team access | Single browser session | Up to 25 members | Unlimited | Unlimited |
| Storage | ~5–10MB browser limit | 15GB encrypted | 200GB (your hardware) | 1TB+ |
| Encrypted cloud storage | — |
API & integrations
| Feature | Starter Local · browser |
Professional Managed SaaS |
Enterprise Client-hosted |
Federal & Custom Regulated |
|---|---|---|---|---|
| API access | 10K calls/mo | Full | Full + federal APIs | |
| Custom integrations | ||||
| Multiple organizations | ||||
| Automated workflows |
Support & SLA
| Feature | Starter Local · browser |
Professional Managed SaaS |
Enterprise Client-hosted |
Federal & Custom Regulated |
|---|---|---|---|---|
| Support | Priority email | 24/7 tickets + phone (business hours) | Dedicated federal team | |
| Dedicated account manager | ||||
| SLA guarantee | In your contract | Federal SLA |
Important Legal Disclaimers
Compliance & risk tools. VendorSoluce helps you track and report against common frameworks (including NIST, CMMC, FedRAMP, FISMA). Tools are aids only—they do not guarantee certification, compliance, or audit outcomes. You remain responsible for how you use outputs.
“Unlimited,” support, storage, SLAs, and scores. Unlimited features follow fair use. Support times are targets. Storage caps and retention apply as in your plan or contract. Risk and analytics are informational, not a substitute for professional judgment or testing. Third-party threat and vulnerability data is provided as-is.
Full terms, limits, and disclaimers: Terms of Service.
Get Started
Subscribe on the platform or contact us for Federal and custom pricing.