Pricing
Price Model
Transparent: base price per organisation plus user-based licences — expandable with expert analysis and workshops.
Modules
Cyber-Security Basic Check
Cyber-Security Basis Check Basis Pack
Measures for Cyber-Security Basic Check
Enable Measures-Board for Basis Check
AI Governance Check
AI Governance along ISO/IEC 42001 & EU AI Act
Data Protection & Compliance Check
GDPR & revFADP Question Module
ICS - Internal Control System
ICS – Dynamic Question Module
ICT - Minimal Standard
ICT Minimal Standard along NIST 1.4
ISO/IEC 27001
ISO/IEC 27001:2022 Questionnaire
NIS2 - Network and Information Security
NIS2 Directive (EU 2022/2555) Compliance Module
NIST CSF 2.0
NIST Cybersecurity Framework (CSF) 2.0
Risk module
Risk Catalog along BSI standards
Side-by-side
How does SCMC compare to other GRC tools?
Swiss data residency, native coverage of the Swiss ICT Minimum Standard and revFADP, native German UI, lower entry price — the key differences at a glance.
| Feature | SCMC | Vanta | Drata | ISMS consulting (CH) | Excel-ISMS |
|---|---|---|---|---|---|
| Data residency | 🇨🇭 Switzerland exclusive (AWS Zurich, eu-central-2) | US (default), EU-Frankfurt opt-in | US (AWS us-east) | Consultant tools (Word/Excel/SharePoint) on client side | on-premise |
| Swiss ICT Minimum Standard | ✅ Native, structured by NIST functions | ❌ not native (manual NIST mapping) | ❌ not native (manual NIST mapping) | ✅ methodically via consultant | manual |
| revFADP (Swiss data protection) | ✅ Combined with GDPR, 107 controls, 3 scope templates | GDPR module only | GDPR module only | ✅ methodically via consultant | manual |
| Platform language | German + English (native) | English only | English only | German + English | any |
| Entry price (public) | From CHF 145/month | From USD ~10,000/year (Core plan) | From USD ~7,500/year (Foundation, ≤50 employees) | Typ. CHF 8,000–25,000 per engagement (day rate) | 0 (self-built) |
| Free tier to try out | ✅ Basic Cyber-Security Check (10 areas, 39 controls) | ❌ free demo only | ❌ free demo only | ❌ no self-service (paid initial scoping) | — |
| ISO/IEC 27001:2022 | ✅ all 93 Annex A controls | ✅ | ✅ | ✅ (consulting engagement) | manual |
| NIST CSF 2.0 (with Govern) | ✅ all 6 functions | ✅ (CSF 1.1 + 2.0) | ✅ (CSF 1.1 + 2.0) | ✅ (consulting engagement) | manual |
| EU AI Act / ISO 42001 | ✅ 102 controls, 10 domains | ✅ (dedicated module) | ✅ (dedicated module) | depends on consultant specialisation | ❌ |
| Audit-ready export | ✅ Maturity, gap analysis, evidence | ✅ | ✅ | document-based (Word/PDF/Excel) | manual |
| Versioned assessment cycles | ✅ Traceable history | ✅ | ✅ | manual / depends on engagement | ❌ |
As of April 2026. Competitor data is based on publicly available sources (vendor websites, pricing pages from Vendr/G2/Capterra, help centers) and may change — pricing in particular is not always publicly published. Verify current pricing and feature lists directly with the vendors. SCMC makes no claim of completeness or legally binding statements about competitors.