vCISO & consultant partner program
Refer clients. Earn 20% for 12 months.
Scorifya Controls is a self-hosted SOC 2 and PCI DSS readiness platform. If you advise startups on compliance, you can earn 20% recurring commission on every client you refer, for 12 months from their first payment.
What you earn
20% of what your client pays, every billing period, for life.
Starter
$19.80/mo
per client · or $199.80/yr annual
Client pays $99/mo · AWS + GitHub, 24 checks
10 clients = $198/mo for 12 mo
Most common referral
Pro
$49.80/mo
per client · or $499.80/yr annual
Client pays $249/mo · All clouds, 38 checks
10 clients = $498/mo for 12 mo
Team
$99.80/mo
per client · or $999.80/yr annual
Client pays $499/mo · All clouds + multi-tenant
10 clients = $998/mo for 12 mo
Commission runs for 12 months from the client's first payment. Adjusts automatically if a client upgrades tiers. Paid monthly via Stripe.
Who this program is for
This is for practitioners who advise startup founders on getting SOC 2 ready:
- ✓Virtual CISOs (vCISOs) advising seed and Series A companies
- ✓Fractional CISOs with a roster of startup clients
- ✓Compliance consultants who run SOC 2 readiness programs
- ✓Security advisors at agencies that serve SaaS companies
- ✓Independent consultants helping clients prepare for their first SOC 2 audit
Not a fit: pure software resellers, managed security service providers (MSSPs) looking to white-label, or CPA firms performing the SOC 2 audit itself. For CPA audit partnerships, see scorifya.com/controls/partners.
Why your clients choose Controls
The argument you can make to a founder who is evaluating Vanta or Drata.
Their data stays on their server
Controls runs inside the client's own infrastructure. AWS credentials, GitHub tokens, check results, and audit evidence never leave their environment. For security-conscious founders, this is the deciding factor.
No per-seat charges, ever
Vanta and Drata charge per employee or per integration. Controls is a flat license. A 20-person team and a 200-person team pay the same. Straightforward to budget.
A fraction of the managed-SaaS price
Vanta starts at roughly $10,000/yr. Controls Pro is $2,499/yr: all four clouds, 38 automated checks, 28 manual controls, both SOC 2 and PCI DSS 4.0.1. The gap covers multiple audit fees.
Audit-ready in days, not months
docker compose up, configure cloud credentials, run first checks. The platform surfaces exactly what is passing and what is not. Founders can hand a clean evidence package to their auditor without rebuilding their compliance story.
How it works
- 1
Apply in 60 seconds
Email controls@scorifya.com with your name, how you work with startups, and roughly how many clients you advise on SOC 2 each year. We reply within one business day.
- 2
Get your referral link
Once approved, you receive a unique referral link and a 14-day trial license so you can evaluate Controls before you recommend it to anyone.
- 3
Refer clients
Send clients to your referral link. They purchase Controls directly. No sales calls with us, no paperwork on their end. Checkout to license key in under 60 seconds.
- 4
Earn 20% every month, for 12 months
Commission attaches to the subscription at purchase. You earn 20% of every payment for 12 months from the client's first charge. Monthly or annual billing both count.
The math for a typical vCISO practice
If you advise 15 startups on SOC 2 readiness over the course of a year and half of them are a good fit for Controls Pro:
8 clients on Pro
$398/mo
$49.80 each
over 12 months
$4,780
total earned
15 clients on Pro
$747/mo
$8,964 over 12 mo
Based on Pro monthly at $249/mo, 20% commission = $49.80/mo per client, for 12 months from first payment.
Common questions
Does this conflict with my Vanta or Drata relationships?
No. Controls is self-hosted, clients run it on their own server. It is a fundamentally different product from Vanta or Drata (SaaS-managed). You can recommend Controls to clients who want their compliance data to stay on their own infrastructure while still recommending Vanta or Drata to clients who prefer a managed service. These are complementary recommendations, not competing ones.
What is the 20% based on, the monthly price or what the client actually pays?
20% of what the client pays each billing period, for 12 months from their first payment. Monthly billing: 20% of $99, $249, or $499 per month, for up to 12 payments. Annual billing: 20% of $999, $2,499, or $4,999, paid to you as a lump sum on their first annual charge. If a client upgrades tiers within the 12-month window, your commission adjusts to 20% of the new price automatically.
Is there a cap on how much I can earn?
No cap on the number of clients you can refer. Commission runs for 12 months per client from their first payment. There is no limit on referrals. The 12-month window applies per client, not to the program as a whole.
What happens if a client cancels?
Commission stops when the client's subscription ends or after 12 months, whichever comes first. You are not charged back for any commissions already paid. If a client cancels and resubscribes through your link, a new 12-month window starts.
Do I need to be a licensed CPA or auditor?
No. The partner program is for vCISOs, compliance consultants, security advisors, and fractional CISOs who advise startups on SOC 2 readiness, not for the firms that issue the SOC 2 report. If you are a CPA firm looking to be listed as an audit partner, see scorifya.com/controls/partners.
Can my clients use their own auditor?
Yes. Controls is the readiness platform; the SOC 2 audit is performed by a separate CPA firm of the client's choosing. Controls works with any qualified auditor.
How do I track my referrals and commissions?
You receive a monthly email summary of active referrals, commission earned, and payout status. A self-serve dashboard is on the roadmap.
Does Scorifya take a cut of my consulting fees?
No. Scorifya earns revenue from Controls subscriptions only. Your consulting fees are entirely between you and your clients.
Apply in 60 seconds
Email us your name, how you work with startups, and roughly how many clients you advise on SOC 2 each year. We reply within one business day, send your referral link, and include a 14-day trial license so you can evaluate the product before you recommend it to anyone.
controls@scorifya.com · Non-exclusive · No fees to join · Cancel any time