Loading…
Loading…
Two products. Pick what you need, or run both.
Scorifya Controls
SOC 2, PCI DSS 4.0.1, and ISO/IEC 27001:2022 readiness, self-hosted on your own infrastructure. 54 automated checks, 36 manual controls with evidence, auditor portal, Statement of Applicability. Flat fee, no per-seat charges.
Starter
AWS + GitHub checks. First SOC 2.
$79/mo
$99/mo
ProMost popular
All four clouds, all 54 checks.
$199/mo
$249/mo
Team
Multi-tenant for agencies. 10 domains.
$399/mo
$499/mo
Annual billing saves ~16% on every tier. Founders pricing: 25 spots left.
Full Controls pricing →Scorifya Scan
Free 0–100 security score for any website, plus paid monitoring: SSL expiry and score-drop alerts, DMARC and reputation tracking, client reports, and a developer API. No card needed to start.
Free
Unlimited scans, public score, badge.
$0
Solo
Monitoring + alerts for your own sites.
$29/mo
AgencyMost popular
Client monitoring, reports, exports.
$99/mo
Agency Pro
High volume, API, white-label PDF.
$299/mo
Paid plans start with a free 7-day trial, no card required. Annual billing saves ~16%.
Full Scan plans →Choose Controls if…
You are preparing for a SOC 2 audit, a PCI SAQ A / A-EP assessment, or an ISO 27001 certification and need continuous evidence from your cloud accounts (AWS, GCP, Azure, GitHub) plus manual-control tracking your auditor can verify.
Choose Scan if…
You want to check and monitor the public security posture of websites (TLS, security headers, DNS and email auth, exposed files) for yourself or for clients, with alerts when something regresses.
They are separate purchases and work independently. Agencies often run both: Scan for client-site monitoring, Controls for their own compliance program.