What does Sable actually do?

Sable is a multi-tenant security platform with six connected modules: Policies, Vendor Management, Risk Management (including framework assessments for ISO 27001:2022 and GDPR), Vulnerability Management, Managed SOC, and Security Services. Everything runs in one tenant with shared identity, role-based access control, a tamper-evident audit log, and per-tenant module control. Built for security teams running their own program and MSPs running programs for many clients.

What's actually included in the trial?

Every module except Managed SOC: Policies, Vendor Management, Risk Management, and Vulnerability Management. Managed SOC requires EDR coverage and is provisioned by SubRosa after a setup call.

What happens at day 15 if I don't subscribe?

Your trial of the modules ends, but you keep dashboard and account access until you decide. Your data stays put. Pick a plan whenever you're ready to keep working in the modules.

Can I cancel anytime?

Yes. Cancel from your billing settings at any time. You'll keep access through the end of your billing period. No retention calls, no friction.

How does annual billing work?

Annual plans get two months free: you pay for 10 months and get 12. Starter is $4,000/yr, Team is $7,000/yr, and Growth is $12,000/yr on annual billing.

Can I upgrade or downgrade mid-cycle?

Yes. Plan changes are prorated automatically. Upgrades take effect immediately; downgrades take effect at the next billing period.

Is my data exportable if I leave?

Yes. You can export your policies, vendor inventory, risk register, and findings to standard formats from inside the app. Your data is yours.

How does MSP billing work?

MSP pricing is per client tenant and tailored to your fleet — talk to MSP sales for a quote. Add and remove tenants in the app and billing adjusts automatically, with volume discounts at scale.

Does Sable replace my current GRC tool?

For most teams using Vanta, Drata, or a spreadsheet-and-Notion setup, yes. Sable covers policies, vendor management, risk register, framework-based assessments, and vulnerability scanning in one tenant. The difference: you also get Managed SOC and Security Services tied to the same workspace, without bolting on a second platform.

The security platform that runs your whole program.

Frameworks, risk, vendors, policies, findings, and SOC — together in one workspace, run the way security actually gets run.

Start free trial See plans→

14 days · No credit card · SOC free during trial

⌐ Program overview · live

sable // dashboard

Security Posture

Northwind

Security score82/100▲ climbing

Open findings143 critical

Pending tasks7requiring action

Findings · resolving

IAM privilege escalationCriticalIn Progress

Exposed S3 bucket policyCriticalOpen

Outdated TLS on gatewayHighIn Progress

Weak password policyMedium✓ Resolved

⌐ What Sable does

One platform. Built for the way security actually gets run.

One workspace for the whole program.

Policies, vendor management, risk register, framework assessments, vulnerability scans, and managed SOC — all in the same tenant. Shared identity, shared audit trail, shared reporting.

Everything is connected.

Frameworks map to controls. Controls map to evidence and policies. Risks link to mitigation tasks. Findings flow into one queue. Update one node and the graph stays current — including your board report.

Built for one team or one hundred.

Run your own program in a single tenant, or run programs for every client you protect. Multi-tenant from day one, with isolated client workspaces, role-based access, per-tenant module control, and fleet dashboards.

sable // frameworks

Frameworks Library

Browse compliance frameworks and spin up assessments.

Search frameworks…

Framework NameDescriptionVersionActions

SOC 2 Type IITrust services criteria2017+ Assess

ISO 27001:2022Information security management2022+ Assess

GDPREU data protection regulation1.0+ Assess

HIPAAHealthcare data security2013+ Assess

PCI DSSPayment card data security4.0+ Assess

NIST CSFCybersecurity framework2.0+ Assess

⌐ The modules

Six modules. One tenant. One audit trail.

Everything a modern security program needs in one workspace — without bolt-on integrations or duct-taped CSVs.

Policies

Author, approve, publish, and track acknowledgment for every security policy your program needs.

Vendor management

Build your vendor inventory, run real security reviews, and stop being surprised by renewals.

Risk management

A real risk register and framework assessments, with controls that link to the evidence behind them.

Deep dive↓

Vulnerability management

Continuous scans across hosts and apps, deduplicated and ranked by real-world risk.

Deep dive↓

Frameworks & compliance

Map controls once to ISO 27001, SOC 2, HIPAA, and GDPR. Evidence once, audit forever.

Deep dive↓

Managed SOC

24/7 detection and response, triaged by SubRosa analysts, in the same workspace as everything else.

Deep dive↓

⌐ The modules · deep dive

More than a feature list.

⌐Risk management

A risk register that does something.

Real likelihood × impact scoring, controls linked to the evidence backing them up, and mitigation work that lands on someone's desk with a due date — not a spreadsheet that goes stale between audits.

→Risk register with likelihood × impact scoring
→Framework assessments: ISO 27001:2022 and GDPR, more in flight
→Controls linked to risks, evidence, and policies
→Mitigation tasks with owners and due dates

Try it in the trial→

sable // risk

Risk Register

Northwind

12Total risks

1Critical

68%Mitigation

RiskCategoryLevelStatusOwner

Vendor data exposureOperationalCriticalActiveMRSubRosa

Ransomware via phishingTechnicalHighActiveDOYou

Unpatched legacy DBTechnicalMediumMitigatedMRSubRosa

Mitigation task

Enable KMS on production DB backups

R-001 · Owner MR · Due Friday

In progressCritical

⌐Frameworks & compliance

Map once. Audit forever.

Controls map to frameworks, evidence, and policies in one graph. Update a control once and everything connected to it stays current — including your audit trail and board report. ISO 27001:2022 and GDPR ship today; SOC 2, HIPAA, NIST CSF, and CIS are in flight.

→One controls graph shared across every framework
→Evidence collected once, reused everywhere it applies
→Assessment progress tracked control by control
→Tamper-evident audit log behind every change

Try it in the trial→

sable // frameworks

Frameworks Library

Browse compliance frameworks and spin up assessments.

Search frameworks…

Framework NameDescriptionVersionActions

SOC 2 Type IITrust services criteria2017+ Assess

ISO 27001:2022Information security management2022+ Assess

GDPREU data protection regulation1.0+ Assess

HIPAAHealthcare data security2013+ Assess

PCI DSSPayment card data security4.0+ Assess

NIST CSFCybersecurity framework2.0+ Assess

Control updated

CC6.1 · Access control policy

Synced to every mapped framework

ISO 27001GDPRSOC 2

⌐Vulnerability management

Find it. Fix it. Prove it's fixed.

External scans against your IPs, ports, and web applications, deduplicated into a findings inbox your team actually finishes. Every finding gets an owner, a due date, and a retest — and SubRosa pentest findings land in the same queue.

→External scans against IPs, ports, and web applications
→Findings inbox with CVSS-scored severity
→Owner assignment, due dates, and retest workflow
→SubRosa pentest findings land in the same queue

Try it in the trial→

sable // vulnerabilities

Vulnerability Dashboard

▶ New scan

Total scans

142

3 active

Critical / High

3 crit · 6 high

Unique CVEs

across all scans

Hosts scanned

318

unique IPs

Findings by severityClick to filter

Critical3

High6

Medium14

Low22

Info31

Recent scansView all

api-gateway.northwind.io

12 findings · 2 crit4h ago

vpn.northwind.io

5 findings1h ago

s3-edge.northwind.io

no findings1d ago

Retest passed

Stored XSS · /admin/users

CVSS 9.1 · found by web pentest

Verified fixedClosed

⌐Managed SOC

Always watching. Never a black box.

24/7 detection across Office 365, Entra ID, Defender, and your endpoints — triaged by SubRosa analysts before it reaches you, and escalated with full context. Every event, telemetry trend, and incident lives in the same workspace as the rest of your program.

→24/7 detection across Office 365, Entra ID, Defender, and endpoints
→Triaged by SubRosa analysts before it reaches you
→Escalations arrive with the full event timeline
→Every event and incident in the same workspace

Try it in the trial→

sable // security-ops

Security Operations

Feed status · 24h

Office 365

Connected

Entra ID

Connected

Defender

Connected

Endpoint

Connected

Events processed

337

Critical (24h)

Active incidents

Open escalations

Telemetry volume

Top affected hosts

host-616

host-1375

host-584

host-1474

host-674

Tenant telemetry health

TenantVolumeStatus

SubRosa (Demo)300High risk

Kestrel13Stable

Meridian12Stable

Altamont12Stable

Escalation

Impossible-travel sign-in · Entra ID

Triaged by SubRosa · escalated to you

ContainedFull timeline

02:09DetectedDefender alert

02:11TriagedSubRosa analyst

02:14Escalatedto your team

02:31Containedsession revoked

⌐ For MSPs & MSSPs

Ten clients or a hundred. One pane of glass.

Multi-tenant from day one. A fleet dashboard that shows health across every client tenant, per-tenant module control, and SubRosa running SOC for the clients who need it — without you staffing 24/7.

→Fleet dashboard. Health across every client tenant: findings, incidents, risk, vendor coverage, overdue tasks.
→Per-tenant module control. Policies for one client, the full stack plus SOC for another. Configured per tenant.
→Managed SOC integration. SubRosa runs SOC for the tenants who need it. You stay in the loop without staffing 24/7.
→White-label ready. Your clients see views designed for them — under your brand.

Talk to MSP sales→Custom per-tenant pricing · billing adjusts as you add tenants

⌐ Fleet overview

Client fleet

5 tenants · 2 need attention

TenantHealthFindingsIncidentsSOC

Northwind9240On

Brighton Health8770On

Kestrel74121On

Altamont9620—

Meridian Group8190—

Per-tenant isolation · tamper-evident audit log · role-based access

⌐ The alternatives

The other options, and what Sable changes.

Vs. point GRC tools (Vanta, Drata)

You don't have to bolt on vendor management, vulnerability scanning, or SOC.

Sable is one tenant, one bill, one set of users. The whole program lives together, not glued through Zapier and CSVs.

Vs. building it yourself

A hardened multi-tenant platform — granular access controls, a tamper-evident audit trail, and ready-made framework libraries — already in production.

You don't write the platform; you run your security program on it. The hard parts are already shipped and battle-tested by SubRosa's team.

Vs. legacy MSP platforms

Modern stack, modern UX. Per-client billing built in.

Your analysts and your clients see views designed for the work they actually do, not a 2014-era console nobody wants to log into.

Plays nicely with the tools your team already runs on.

Native connectors across identity, endpoint, cloud, observability, and operations — built for the stack you already have, not one you have to migrate to.

Microsoft 365Google WorkspaceOktaDuoCrowdStrikeSentinelOneAWSAzureSplunkDatadogSlackPagerDuty

Don't see your tool? Tell us what you run and we'll route it to product.

⌐ Pricing

Pick the plan that fits. Upgrade as you grow.

Every plan starts with a 14-day free trial — no credit card, every module except Managed SOC. Annual billing gets two months free.

Starter

Solo operator or very small team running the basics.

$400/month

or $4,000/yr — 2 months free

Start 14-day trial

✓1 active framework
✓Up to 25 vendors
✓Policy library
✓Findings management
✓1 user

Team

Small teams formalizing risk and controls into a real program.

$700/month

or $7,000/yr — 2 months free

Start 14-day trial

✓Everything in Starter
✓2 active frameworks
✓Up to 75 vendors
✓Risk & controls tracking
✓Up to 3 users

Growth

Growing security or GRC team that needs the full GRC stack.

$1,200/month

or $12,000/yr — 2 months free

Start 14-day trial

✓Everything in Team
✓Unlimited frameworks
✓Unlimited vendors
✓Full risk + controls
✓Engagement scoping
✓Up to 5 users

Scale

Mid-market and enterprise programs with custom needs.

Custom

Contact sales for pricing

Talk to sales

✓Everything in Growth
✓SOC integration
✓MSP multi-tenant
✓Custom controls
✓SSO
✓Dedicated success

Built for MSPs & MSSPs

Running security for many clients?

Multi-tenant from day one — fleet dashboard across every client, per-tenant module control, white-label ready, Managed SOC provisioned per tenant. Custom per-tenant pricing.

Talk to MSP sales

⌐ FAQ

Trial & billing questions, answered.

No. The 14-day trial requires no credit card and no demo call. Create an account and start using the platform immediately.

Start your 14-day trial. No card. No call.

Spin up your workspace and run every module except Managed SOC free for 14 days. Add SOC and the services team whenever you're ready.

Start free trial Talk to sales→