Copilot-first compliance

No forms. No fields. Just tell the copilot what you need.

Describe your compliance goal in plain English. FastGRC uses a copilot and connected AI agents to map risks, controls, and evidence automatically.

FastGRC Copilot
You

We need SOC 2 Type II. Our S3 buckets might be public and we haven't done a pen test this year.

FastGRCDone. Here's what I set up:

Created risk: "S3 buckets publicly accessible" Critical | 20/25

Created risk: "Pen test overdue" High | 15/25

Mapped 4 SOC 2 criteria CC6.1, CC6.6, CC7.1, CC7.2

Suggested control: "Enable S3 Block Public Access"

Scheduled AI agent: scan AWS config daily

Queued for your approval: Enable S3 Block Public Access

AI Agents do the work. You approve sensitive actions before they execute.

Try it free — describe your first risk
15 min
To audit-ready
0 forms
Everything through the copilot
10 free
AI copilot sessions
GitHub · AWS · Jira · Slack
AI Agent integrations

Legacy GRC is forms, fields, and ticket-chasing.

We built the copilot first.

50-field intake forms
One plain-English sentence
AI as a sidebar chatbot
AI as the primary interface
Manual evidence collection
AI Agents collect evidence on autopilot
Weeks of setup, consultants required
Usable in 15 minutes, self-serve
$15k–$50k/year, no free tier
Free to start, BYOK for unlimited

How it works

Copilot takes input. AI Agents do the work. You stay in control.

01

Describe your goal in plain English

Tell the copilot what you need — a risk assessment, a SOC 2 gap analysis, or evidence for an upcoming audit. No forms. No dropdowns. No training.

02

AI Agents connect to your stack

One-click OAuth for GitHub, AWS, Jira, Slack. AI Agents scan configs, import alerts, and sync tickets on schedule — daily or weekly, fully automated.

03

Review and approve

AI Agents surface findings and queue actions. Sensitive changes wait for your approval. You stay in control of what gets applied.

04

Audit-ready output

Risks scored, controls mapped, evidence linked. Every action recorded in an immutable hash-chain trail your auditor can verify.

What you get

Copilot-first interface

The chat is the workflow. Create risks, map controls, query your posture — all through conversation.

Zero-field risk entry

One sentence creates a scored risk with likelihood, impact, category, and suggested controls.

Scheduled AI Agents

AI Agents scan GitHub, AWS, Jira on autopilot. Detect vulnerabilities, collect evidence, flag drift.

Immutable audit trail

Cryptographic hash chain on every action. Tamper-proof and auditor-verifiable.

Free tier + BYOK

10 free AI sessions. Then bring your own API key for unlimited usage at cost.

Human approval gates

AI Agents queue sensitive actions for your review. You approve before anything executes.

SOC 2 · ISO 27001 · NIST CSF · HIPAA

Pre-built frameworks with control mappings and readiness tracking. Add custom frameworks for internal policies.

Most popular
SOC 2 Type II
60 criteria
ISO 27001:2022
93 controls
NIST CSF 2.0
108 subcategories
HIPAA
Security & Privacy
Coming soon
PCI DSS
12 requirements
Coming soon
GDPR
Data protection
Coming soon
FedRAMP
US government
Custom
Your policies

They bolt AI onto dashboards. We built the copilot first.

Same compliance outcomes. Fundamentally different mechanism.

Featurefastgrc.aiVantaDrataThoropass
Copilot as primary interface
Zero-field risk entry
Scheduled compliance AI Agents
Human approval gates
Setup time15 minDaysDaysWeeks
Free tier
BYOK (bring your own AI key)
Immutable audit trail
Starting priceFree$15k+/yr$10k+/yr$20k+/yr

Based on publicly available pricing and feature pages. Prices vary by contract.

Compliance through conversation.

Not forms. Not spreadsheets. Not $75k contracts.

Builder
$0
forever free
  • 1 compliance framework
  • 10 AI copilot sessions / month
  • 1 AI agent · 3 actions (7-day trial)
  • 1 contributor
  • Risk register & control library
  • Immutable audit trail
  • Watermarked report exports
  • Community support
See what's included
  • Dashboard: risks, controls, evidence & audit log
  • Choose 1 framework: SOC 2, ISO 27001, NIST CSF, or HIPAA
  • PDF exports (FastGRC.ai watermark)
  • Data stored in your preferred region (EU / US)
  • No integrations on free plan
  • Upgrade anytime — data carries over
Get started free

No credit card required

Most popular
Growth
$39/agent · contributor/mo
billed annually · $7.99/read-only/mo
min 2 contributors

Calculate your cost

Contributors
Read-only users
Total$78/mo
Billed annually$936/yr
You save $240/yr vs monthly
  • Unlimited AI copilot sessions
  • 3 agents/contributor · 12 actions/mo
  • All compliance frameworks
  • Multi-framework gap analysis
  • Slack, Jira & GitHub integration
  • Audit-ready report exports
  • Email support (1 business day)
See what's included
  • Everything in Builder
  • SOC 2, ISO 27001, NIST CSF & HIPAA simultaneously
  • Slack: risk alerts + copilot in your channel
  • Jira: auto-create tickets from risks & controls
  • GitHub: sync security alerts to risk register
  • Read-only users: $9.99/mo (or $7.99/mo annual)
  • PDF & CSV exports (no watermark)
  • SSO not included (Enterprise only)

No credit card required for trial

Enterprise
Custom
volume pricing · annual contracts
  • Everything in Growth
  • Unlimited AI agents & actions
  • SSO (SAML / OIDC)
  • Vendor & third-party risk module
  • API access & webhooks
  • Custom frameworks & controls
  • Dedicated success manager
See what's included
  • Everything in Growth
  • SSO via SAML 2.0 or OIDC + SCIM provisioning
  • Custom data residency (EU, US, or on-prem)
  • Vendor risk module with tier-based scoring
  • REST API + webhooks for custom integrations
  • Custom SLA with uptime guarantee
  • Quarterly business reviews
  • Negotiated multi-year pricing

Response within 1 business day

🤖

Agent Actions

Autonomous GRC agents monitor compliance, analyze risks, and surface gaps on a schedule. Builder gets 3 free actions during a 7-day trial. Growth includes 12 actions/month. Need more?

$9.99
/month
12 additional actions/mo
Requires Growth+
$99.99
/month
unlimited (fair use)

Builder: 1 agent, 3 actions (7-day trial). Growth: 3 agents, 12 actions/month included. Action packs and unlimited plans require Growth or higher.

No credit card required for trial Audit-ready exports on every paid plan Used by security teams doing SOC 2, ISO 27001, NIST & HIPAA

Frequently asked questions

What does "Unlimited AI Copilot (fair use)" mean?

On the Growth plan, AI sessions are unlimited for normal team use. Fair use means we reserve the right to throttle accounts sending thousands of automated requests — something that never affects teams using FastGRC.ai the way it's designed.

Why does Growth require a minimum of 2 contributors?

Growth includes dedicated infrastructure, integrations (Slack, Jira, GitHub), and email support. The minimum of 2 contributors covers the baseline cost to serve a team reliably. As your team grows, you simply add $49/contributor/mo (or $39 annual).

Can I start with 2 contributors and grow later?

Yes. Upgrade seats anytime from Settings → Billing. Stripe prorates the change immediately so you only pay for what you use. Your data, risks, and audit history carry over seamlessly.

Are read-only users $9.99 or $7.99?

Read-only users are $9.99/seat/month on monthly billing, or $7.99/seat/month when billed annually ($95.88/year per seat). Auditors, stakeholders, and leadership who only view — never edit — count as read-only.

Which frameworks are included?

Builder includes 1 framework (SOC 2, ISO 27001:2022, NIST CSF 2.0, or HIPAA — your choice). Growth and Enterprise include all four simultaneously, with cross-framework gap analysis and requirement mapping.

What support is provided on each plan?

Builder: community forum and documentation. Growth: email support with a 1-business-day response guarantee. Enterprise: dedicated success manager, shared Slack channel, quarterly business reviews, and a custom SLA.

Can I switch plans anytime?

Yes. Upgrade instantly — Stripe prorates the difference. Downgrades take effect at the end of your billing period so you never lose paid time.

What are Agent Actions and how do they differ from Copilot?

Copilot is a conversational AI assistant you interact with directly — it helps you create risks, controls, and more through chat. Agent Actions are autonomous background agents that run on a schedule (e.g. daily compliance scans, risk assessments) without manual interaction. Builder gets 1 agent with 3 free actions during a 7-day trial. Growth includes 3 agents and 12 actions/month. You can also purchase 12 additional actions/month for $9.99 (requires Growth+) or subscribe to unlimited for $99.99/mo.

Describe your first compliance goal.

The copilot maps risks, controls, and evidence. AI Agents keep it audit-ready. You approve what matters.

Try the copilot free