Six tiers. One standard. Find the level that fits your organisation today — and grow into the next when you’re ready. Every paid tier includes everything in the tiers below it.
Not sure which tier is right for you? Take the Compliance Readiness Self-Assessment — it takes under 3 minutes and recommends your tier based on your organisation’s size, compliance maturity, and regulatory exposure.
Every paid tier includes everything from all tiers below it. Your compliance infrastructure grows with your organisation — without losing what you’ve already built. View full membership guidelines →
Full tier comparison
A side-by-side comparison of all six CIAO Standard tiers on the dimensions that most commonly determine fit: price, scale of deployment, included content, users, classification, and framework coverage.
| Commons | Core | Essential | Professional | Enterprise | Conglomerate | |
|---|---|---|---|---|---|---|
| Price | FreeAlways | €9per user / year | €99per user / year | €999per user / year | €9,999per org / year | From €99,999per year |
| Maturity target | — | 0 → 2 | 2 → 3 | 3 → 4 | 4 → 5 | 5+ |
| Organisation size | Any organisation exploring the Standard | Micro (1–9 employees) | SME (10–99) | Mid-market (100–999) | Large enterprise (1,000–9,999) | Group / multi-jurisdiction (10,000–99,999) |
| Compliance function | None or minimal | 0–1 non-specialist | Up to ~3 non-specialist staff | Compliance department of ~5 specialists | Large compliance department, specialised disciplines | Co-run with CIAO Standard team |
| Content depth | The Standard; Manual previews | All CAO Manuals | + Operating Policy Frameworks | + Sub-Policies & Control Frameworks | + Processes, Procedures & Implementation artefacts | + Bespoke group-level extensions |
| Standards mapping | Dynamic Selection Engine | Dynamic Selection Engine | Dynamic Selection Engine | Dynamic Selection Engine | Dynamic Selection Engine | Dynamic Selection Engine + custom portfolio |
| Self-assessment tools | Included | Included | Included | Included | Included | Included |
| Users | Unlimited (free) | Per-user | Per-user | Per-user | Up to 9,999 employees covered | Up to 99,999 covered; larger groups quoted bespoke |
| Minimum term | No commitment | Annual | Annual | Annual | Annual | 3-year minimum cycle |
| Classification | Public | Public | Public | Public | Shared Confidential | Confidential, bespoke |
| Legal pre-requisites | None | None | None | None | NDA required | NDA + Data Processing Agreement (DPA) |
| Dedicated environment | Shared platform | Shared platform | Shared platform | Shared platform | Dedicated secure environment | White-label portal, multi-entity architecture |
| Partner delivered | Self-service | Self-service | Self-service | Self-service | Self-service | Fully managed partnership |
| Take action | Join Commons | Join Core | Join Essential | Join Professional | Join Enterprise | Enquire |
For details on what each tier unlocks across the canonical artefact ladder, see Standard Architecture & Tier Content Depth.
For enterprise decision-makers
Organisations considering Enterprise tier adoption may find the Enterprise Adoption Playbook useful. It contains three role-specific briefs — for the CFO, the CISO, and the Board — written to be shared directly with each office during the evaluation cycle.