Three tiers. Flat monthly fees.
Lite for solo and post-audit baseline. Pro for operational compliance signal weekly. Enterprise for multi-entity, multi-framework, regulated buyers. Annual billing is 15% off on Lite and Pro.
Monthly signed reports — post-audit baseline monitoring
Monthly cryptographically-signed reports covering one regulatory framework + the cross-cutting AI-stack signals (TEE attestation, audit chain, sub-processor BAA, ZDR contracts). Email alerting on critical-severity changes. Quarterly methodology check by a credentialed external verifier. Three commitments included.
- Cadence: Monthly signed report
- Frameworks: Up to 1
- Alerting: Email
- Verifier: Quarterly methodology check
- Three commitments: Included
Weekly signed reports with verifier co-signature
Weekly cryptographically-signed reports across up to three frameworks + the cross-cutting AI-stack signals + customer-usage anomaly detection. Email, Slack, and webhook alerting on configurable thresholds. Verifier countersigns every report; quarterly methodology check. Three commitments included.
- Cadence: Weekly signed report
- Frameworks: Up to 3
- Alerting: Email, Slack, Webhook
- Verifier: Quarterly methodology check + signs every report
- Three commitments: Included
Daily signed reports with continuous verifier engagement
Daily cryptographically-signed reports across up to five frameworks (custom Knowledge Packs available) + the full cross-cutting + customer-usage signal set + custom rule sets. Email, Slack, webhook, PagerDuty, and SMS alerting with custom routing. Named verifier on every report; continuous methodology engagement. Three commitments included. Cross-vendor connectors (AWS, GCP, Azure read-only) on request — adds quote.
- Cadence: Daily signed report
- Frameworks: Up to 5
- Alerting: Email, Slack, Webhook, PagerDuty, SMS
- Verifier: Quarterly methodology check + signs every report
- Three commitments: Included
Bundle path: Every ArcaKey Defensibility Audit includes 90 days of Monitoring Pro at no charge, auto-converting to paid Pro on day 91 unless cancelled. Customers who cancel during the 90-day window keep every report generated during that window.
What is not included
- Remediation work. Monitoring produces reports and alerts. We do not implement fixes as part of the subscription. Where a finding requires remediation, we name it and recommend an engagement (Defensibility Audit, advisory hours, or external counsel).
- Legal advice. Monitoring is technical and regulatory in nature; it is not legal counsel. Where a finding requires legal interpretation, we cite it as such and recommend you engage counsel.
- Per-incident response. A single critical alert at 2am triggers the standard email/Slack/PagerDuty notification. Hands-on incident response is a separate engagement, quoted separately.