Every plan is the Trust Operations Platform — compliance automation, vendor risk, privacy operations, and a customer-facing Trust Center on one data model. Plans differ by the depth of modules and the level of support, not by which part of the platform you get.
Every plan onboards in under 12 hours — no professional-services contract, no consultant hand-holding. Want to try it first? Start free, no credit card →
To match Verisq, most teams buy a compliance tool and a privacy tool — then pay to stitch them together, and still can't unify the audit trail. Here's where the lines actually fall.
| Capability | Verisq AITrust Operations Platform | Compliance-onlySOC 2 / framework tools | Privacy-onlyConsent / DSAR tools |
|---|---|---|---|
| Compliance & audit readiness | |||
| SOC 2 Type II readiness with three-tier ownership (Control / Evidence / Task) | ✓ | ✓ | — |
| Pre-seeded Trust Service Criteria catalog with auditor read-only access | ✓ | Varies | — |
| Cross-framework propagation — one evidence item satisfies many frameworks | ✓ | Varies | — |
| Internal Controls Assessment (SOX-style quarterly attestation, COSO/ITGC) | ✓ | Rare | — |
| Per-control walkthrough notes, sample selection & test results | ✓ | Varies | — |
| Auto-issued Diligence Certificates with embedded framework mappings | ✓ | — | — |
| One-PDF Audit Packet — certificates, coverage matrix, evidence index | ✓ | Partial | — |
| Per-framework coverage matrix with gap analysis & remediation paths | ✓ | Varies | — |
| Vendor & supply-chain risk | |||
| TPRM register with QFX assessments & AI auto-scoring | ✓ | Add-on | — |
| Live breach intelligence — vendor breaches surfaced as they happen | ✓ | — | — |
| SBOM ingestion & continuous CVE matching | ✓ | Rare | — |
| Automated SOC 2 / CUEC extraction from vendor reports | ✓ | Rare | — |
| Branded vendor portal with digital-signature submission | ✓ | Varies | — |
| Multi-cloud config scanning (AWS / Azure / GCP / OCI) | ✓ | Varies | — |
| Fourth-party / sub-contractor nested risk mapping | ✓ | — | — |
| Privacy operations | |||
| End-to-end DSAR fulfillment with SLA tracking & vendor sub-requests | ✓ | — | ✓ |
| No-account public privacy center (regulator-aligned intake) | ✓ | — | Varies |
| Article 30 RoPA generation from a live datastore catalog | ✓ | — | Varies |
| CookiePLUS consent with hash-chained, tamper-evident receipts | ✓ | — | Logs only |
| IAB TCF 2.3, GPC & GPP signal handling | ✓ | — | ✓ |
| Consent & DSAR share one backend — single chain of custody | ✓ | — | Stitched |
| Compliant marketing list scrubbing with per-removal audit trail | ✓ | — | Rare |
| Data Protection Impact Assessments (DPIA) via employee portal | ✓ | — | Varies |
| Enterprise risk & deals | |||
| Enterprise Risk Management — all risk signals land natively, not via integration | ✓ | — | — |
| Continuous risk telemetry — inherent scores move with the threat landscape | ✓ | — | — |
| KRI framework with thresholds & three-lines-of-defence roles | ✓ | — | — |
| M&A cyber diligence workspace with NIST CSF maturity scoring | ✓ | — | — |
| Watermarked Data Room with scoped external access & audit trail | ✓ | — | — |
| Risk-acceptance gates with expiry & board-level approval workflow | ✓ | Rare | — |
| Workforce & policy | |||
| Versioned policy library with binding, re-triggered acknowledgements | ✓ | Add-on | — |
| Workforce awareness training tied directly to the audit packet | ✓ | Add-on | — |
| Policy-to-course mapping with coverage reporting | ✓ | Rare | — |
| Role-based training tracks (HIPAA, AI, privacy-by-design) | ✓ | Varies | Varies |
| Integrations & enterprise controls | |||
| Teams Adaptive Cards & Outlook vendor-risk cards in email | ✓ | Rare | — |
| ServiceNow risk-type routing (AVR / SIR / GRC modules) | ✓ | Varies | — |
| Jira, GitHub Issues & PagerDuty finding routing | ✓ | Varies | — |
| Power Platform connector & Power BI risk dashboards | ✓ | — | — |
| HMAC-signed webhooks to SIEM (Sentinel, Splunk, QRadar) | ✓ | Varies | — |
| Azure AD SSO + SCIM provisioning & Conditional Access | ✓ | ✓ | Varies |
| Five-layer multi-tenant isolation with per-tenant encryption keys | ✓ | Varies | Varies |
| Proof & foundation | |||
| Customer-facing Trust Center, live on day one | ✓ | Add-on | — |
| QFX universal assessment engine — any subject type, any framework | ✓ | — | — |
| Onboarded in under 12 hours — no professional-services contract | ✓ | Varies | Varies |
| One data model & one audit trail across every program | ✓ | Stitched | Stitched |
SOC 2 (TSC) · ISO 27001:2022 · NIST CSF 2.0 · NIST SP 800-218 (SSDF) · GDPR / UK GDPR · HIPAA Security Rule · HITRUST CSF · PCI DSS 4.0 · DORA · SWIFT CSP · OCC Third-Party Risk · FCA Outsourcing · SIG · plus custom AI-authored frameworks.
We'll give you a recommendation based on your compliance requirements, vendor count, and the frameworks your customers expect.