Custom pricing
CapGRC adapts to the size and needs of your organization. All our plans are offered on request to guarantee the best fit for your context.
Primary module licenses
Activate only the modules you need. CapRISK is the mandatory foundation — all other modules connect to it.
CapRISK
Mandatory foundation
Centralized risk register, configurable matrix, treatment plans and indicators. Base module called by all other primary modules.
CapCOM
Regulatory compliance
Manage Law 25, ISO 27001, PCI-DSS and other framework compliance. Automatically required by CapTRISK and CapPROSEC.
CapAUDIT
Internal audits
Plan, execute and report on internal audits. Complete end-to-end cycles with full traceability.
CapTRISK
Third-party risks
Assess and monitor vendor and partner risks. Automated questionnaires, scoring and due diligence.
CapPROSEC
Project security
Guided DPIAs, project risk assessments and security by design. DevSecOps integration and approval workflow.
CapPRP
Privacy officer obligations
Complete management of privacy officer obligations: PIAs, incident register, access requests, consent management, data sharing agreements and regulatory tracking (Law 25, GDPR, PIPEDA).
Secondary modules included with every primary module
Every primary module automatically activates all secondary modules: GRC dashboards, exportable reports, Canadian hosting, MFA and RBAC.
Recommended combinations
Pre-configured packages tailored to your operational needs.
Full GRC
Integrated GRC program
Need help choosing?
Our GRC experts analyze your context and recommend the optimal combination of modules.
Package comparison
| Feature | Risk Starter | Compliance+ Most popular | Audit & Risk | Risk & Vendors | Project Security | Full GRC | |
|---|---|---|---|---|---|---|---|
| Primary modules | |||||||
| CapRISK — Risk Management | |||||||
| CapCOM — Regulatory Compliance | |||||||
| CapAUDIT — Internal Audits | |||||||
| CapTRISK — Third-party Risks | |||||||
| CapPROSEC — Project Security | |||||||
| Secondary modules (included with every primary module) | |||||||
| Dashboards & GRC Programs | |||||||
| PDF / Excel / PPT reports | |||||||
| MFA and granular RBAC | |||||||
| SSO / SAML | |||||||
| Canadian hosting | |||||||
| Teams & Slack notifications | |||||||
| Organization management | |||||||
| Authoritative frameworks & Docs | |||||||
| Asset management | |||||||
| Alerts & notifications management | |||||||
| Available frameworks | |||||||
| Law 25 | |||||||
| ISO 27001 | |||||||
| PCI-DSS | |||||||
| GDPR / NIS2 / DORA | |||||||
| Custom frameworks | |||||||
| Support | |||||||
| Response time | d+2 | d+1 | d+1 | d+1 | d+1 | 4h | |
| Dedicated onboarding | |||||||
| Account manager | |||||||
| Guaranteed SLA | 99.9% | ||||||
Your data stays in Canada
All CapGRC data is hosted exclusively in certified Canadian data centers in Quebec, in compliance with Law 25 and public sector requirements. AES-256 encryption, TLS 1.3, MFA and annual independent penetration tests.
AES-256
Encryption
TLS 1.3
In transit
MFA
Access
99.9 %
Uptime
Frequently asked questions
Is CapRISK really mandatory?
Yes. CapRISK is the foundation of the CapGRC platform. All other primary modules rely on its centralized risk register to function. It is included in all packages.
Why do CapTRISK and CapPROSEC require CapCOM?
Third-party risk management (CapTRISK) and project security (CapPROSEC) rely on CapCOM's compliance framework to align assessments with your regulatory obligations (Law 25, ISO 27001, etc.).
Can modules be added mid-subscription?
Yes. You can activate new primary modules at any time. Pricing is adjusted on a pro-rata basis for the remaining period.
Are secondary modules automatically included?
Yes. When a primary module is activated, all secondary modules (dashboards, reports, SSO, MFA, Canadian hosting) are included at no extra cost.
How is pricing calculated?
Pricing depends on the number of primary modules activated, number of users and your organization's size. Contact us for a personalized quote.
Is there a program for non-profits or the public sector?
Yes. We offer preferential pricing for non-profit organizations, government bodies and educational institutions.
Ready to get your CapGRC quote?
Contact us for a personalized demonstration and receive a proposal tailored to your needs and budget.