CIAO offers six membership tiers, each designed for a specific organisational profile. Every paid tier includes all content from the tiers below it — your compliance infrastructure grows without losing what you have already built.
Use this page to identify where your organisation sits today. Then follow the link to your tier for the full picture.
How to identify your tier
Consider three things: your organisation’s size, your current compliance maturity, and your regulatory exposure. The tier profiles below maps these to the appropriate CIAO tier.
Tier Profiles
COMMONS — Free Your organisation wants to understand CIAO and access foundational compliance resources before committing to a paid tier. You require a structured starting point with no financial barrier. Registration is free and gives you permanent access to the CIAO meta-standard and compliance self-assessment tools.
→ Suits: Any organisation at any size exploring structured compliance for the first time.
CORE — Entry Compliance Baseline Your organisation has between 1 and 10 people. Compliance is not your primary focus but you are facing external pressure — tenders, cyber insurance requirements, client due diligence, or supply chain assurance requests. You need credible, professionally maintained policies immediately, without internal expertise or consultant costs.
→ Suits: Start-ups and micro-enterprises requiring an immediate, deployable compliance baseline.
ESSENTIAL — Foundation Governance Your organisation has between 10 and 100 people. You have basic policies in place but no structured governance system. Regulatory exposure is growing as your business footprint expands. A compliance failure at this stage carries serious operational and reputational risk. You need a complete governance foundation — not just documents, but a functioning system.
→ Suits: Small to medium businesses building their first structured compliance programme.
PROFESSIONAL — Active Compliance Programme Your organisation has between 100 and 1,000 people. A compliance function exists but is managing fragmented frameworks with duplicated effort. Certifications are either held or being pursued. The challenge is maintaining alignment across multiple standards simultaneously without unsustainable internal cost. You need a unified operational system, not a collection of parallel documentation projects.
→ Suits: Mid-sized organisations with active compliance programmes requiring integrated framework coverage.
ENTERPRISE — Full Governance Suite Your organisation has between 1,000 and 10,000 people. Multi-framework compliance is a permanent operational discipline. Large compliance teams manage multiple annual certification and assurance cycles. The cost of fragmentation, inconsistency, and duplication is measured in audit failures and strategic delays. You need the complete CIAO governance architecture — fully maintained, unlimited users, confidentially protected.
→ Suits: Large enterprises managing complex, multi-framework compliance at scale.
CONGLOMERATE — Bespoke Compliance Operations Your organisation exceeds 10,000 people, or operates as a holding group or conglomerate spanning multiple subsidiaries, jurisdictions, and regulatory environments. Core membership structures cannot accommodate your compliance architecture. You require a fully integrated, fully managed compliance operation built specifically around your organisation.
→ Suits: Very large enterprises, holding groups, and conglomerates requiring non-standard, dedicated compliance integration. Also required for CIAO Partners.
Not sure which tier fits? Start with Commons at no cost and use the Compliance Readiness Self-Assessment to identify your organisation’s exact position.
Enterprise and Conglomerate implementation content will be added here.