PRICING

Published. No retainer. No sales maze.

Month-to-month. Cancel anytime. Everything in every tier is run by agents and reviewed by on-call Hiro security engineers — the price reflects scope, not effort.

Starter

Closing your first enterprise customer.

$2,000/month

Everything you need to answer the questionnaire and get to SOC 2 ready.

  • Up to 3 connected systems (AWS, GitHub, Okta, etc.)
  • SOC 2 Type I implementation
  • Unlimited security questionnaires (SIG, CAIQ, custom)
  • Access reviews — quarterly
  • Alert response on one alert source
  • Email + Slack with a Hiro engineer (business hours)
Start SOC 2 prep
Most common

Growth

SOC 2 is live, audits and deals are stacking.

$4,000/month

Multi-framework, multi-cloud, multiple open deals.

  • Up to 10 connected systems
  • SOC 2 Type II + ISO 27001
  • Unlimited questionnaires, DPAs, security addendums
  • Access reviews — monthly
  • Alert response on all connected sources
  • Vuln management (Wiz, Snyk, Sentry)
  • Same-day engineer response (business hours)
Scale the program

Scale

Your security work outpaces your team.

$6,000/month

Unlimited stack + 24/7 engineer coverage.

  • Unlimited connected systems
  • Multi-framework: SOC 2, ISO 27001, HIPAA, CMMC
  • Custom controls + bespoke policy work
  • Code security (MCP in Claude Code, Cursor, Copilot)
  • Access reviews — continuous
  • 24/7 alert response and engineer on-call
  • 30-minute SLA on risky-change review
  • Dedicated engineer (not a pool)
Replace your MSP

Published engineer SLA

  • Business hours (9am–6pm PT, M–F): 30 minutes on Growth and Scale, 4 hours on Starter.
  • Overnight and weekend: 2 hours on Scale, next business day on Growth and Starter.
  • Incident escalations (real customer or production impact): 15 minutes, any tier.

What’s included, always

  • No per-seat or per-integration markup
  • No charge for additional questionnaires or audits
  • No retainer buckets of hours that expire
  • No onboarding fees. Setup takes a week.

Want a free gap analysis first?

Plug Hiro into your stack for 30 minutes and we'll send you a written gap report against SOC 2 or ISO 27001 — no commit.

Book a free scan