50 domains, EU regulatory frameworks, accessibility auditing, cookie compliance, CSP reporting, evidence vault, DPA signing, SLA reports, and integrated ISMS — no second platform needed. EU-hosted.
€199*/month · €1,990*/year (€165.83*/mo) · cancel anytime
* All prices include VAT where applicable.
SiteGuardian doesn't make you compliant — that's your organisation's job. What it does is document your monitoring continuously, so you have evidence when you need it.
How often we check
Uptime can fail in seconds. Accessibility changes with each release. A domain expires once a year. Each check runs at the cadence where it's cost-effective and catches what matters — not a blunt 'check everything every minute' approach.
Uptime & response time
HTTP/HTTPS reachability, status code, response time, keyword match
Security posture grade
Headers, DNSSEC, TLS config, A-F grade with degradation alerts
SSL certificate
Expiry, issuer, forward secrecy, OCSP, certificate transparency
Email authentication
SPF, DKIM, DMARC, MTA-STS, TLS-RPT, blacklist checks
DNS consistency
Record drift, hijack detection, resolver agreement, zone transfer
Cookie & consent scan
Pre-consent cookies, banner analysis, TCF validation, GCM signals
Accessibility audit (WCAG 2.2 AA)
Real browser audit, violation severity, remediation suggestions
Supply chain risk
Supplier uptime, incidents, maturity scoring, dependency mapping
Domain registration
WHOIS, expiry, registrar, nameserver changes
Security alerts are verified by a second check before dispatch — no false alarms. Every check creates tamper-evident audit evidence with SHA-256 hash chains.
GDPR, NIS2, CRA, EAA, DSA, ePrivacy — plus their national implementations across all 27 EU member states. Automated checks with severity weighting.
WCAG 2.2 Level AA audits in a real browser. Weekly scans, violation severity breakdown, remediation suggestions. Real auditing, not overlays.
Pre-consent cookie detection, banner with Accept/Reject, Google Consent Mode v2, 2M consents/month, consent proof export. IAB TCF v2.3 mode planned — pending IAB Europe registration.
Browser-reported CSP violations ingested at 1M/day. 180-day retention. Aggregates by directive + blocked URI — catch rogue scripts fast.
One-click PDF export for auditors: executive summary, per-framework results, check details, regulatory article cross-references.
Digital Data Processing Agreement signing with SHA-256 hash-chain proof of integrity. Legally compliant, fully auditable.
Store and link evidence files to controls and questionnaire answers. SHA-256 integrity, encrypted at rest, full history.
Multi-factor supplier risk scoring with maturity classification, dependency mapping, and SLA breach detection.
Art. 28(3) third-party provider register with materiality classification. Financial sector compliance ready.
Immutable hash-chain audit trail. Every action logged with SHA-256 integrity verification. GDPR Art. 25 IP anonymisation.
Response time percentiles (p50/p95/p99), uptime calculations, custom date ranges. Export-ready for SLA reviews.
Organisations with role-based access: owner, admin, member, viewer. Audit log per action. Mandatory 2FA for all members.
White-label status pages with custom branding, custom domain, uptime history, embeddable SVG badges.
Auto-open / auto-resolve incidents with severity, MTTR. Group into problems with root-cause tracking. ITIL-aligned.
Multi-channel notifications with severity routing, alert rules, and on-call escalation schedules.
Cron/heartbeat endpoints for background jobs. Keyword monitoring to catch silent defacement or missing content.
Monitor critical services every minute — uptime & response time. Other checks (security posture, SSL, email) run at their own cadence.
All checks from the Pro tier: 1-min uptime, weekly cookie/a11y deep scan + drift alerts, multi-channel alerts (Slack/Teams/Discord/Telegram/Webhook), CSP reporting, MCP server, API read access, status page.
One-click install on WordPress sites — grade, drift, and alerts inside the WP admin.
Built-in ISMS
Classic ISMS tools rely on self-attestation — you fill in what you think is true. SiteGuardian's ISMS is backed by continuously verified technical evidence. Every risk, every control, every policy references live scan data. The auditor doesn't have to trust you — they can verify.
Auto-fed from failing controls. 5x5 heatmap. Auto-closes when the issue is fixed. No manual upkeep needed.
Versioned, approved, acknowledged. 7 starter templates. Edit a published policy — it auto-creates a new draft version with full history.
Critical control fails auto-create a task with owner and deadline. Fix the issue, the task closes itself. Closure evidence for the auditor.
ZIP with risks, policies, tasks, incidents, audit log, RACI matrix — SHA-256 signed. Hand it to the auditor, done.
TLS config changed? New cookie appeared? DNSSEC dropped? We detect it, log it, alert you. That's continuous verification — not a quarterly form.
ISO 27001 Clause 9.3 in one click. Score trends, top risks, task status, incident count — generated from live data, not a questionnaire.
Responsible, Accountable, Consulted, Informed — ISO 27001 A.5.2 / NIS2 Art. 20.
Continuous verification proof — pass/fail history per control.
Traditional ISMS software documents what you say. We document what we see.
| Classic GRC | SiteGuardian | |
|---|---|---|
| Risk source | Manual entry (self-attestation) | Auto-fed from verified scan results |
| Evidence quality | Uploaded documents | SHA-256 signed, timestamped, tamper-evident |
| Frequency | Quarterly review | Continuous (every scan cycle) |
| Drift detection | None (until next audit) | Real-time alerts on TLS/DNS/cookies/JS changes |
| Corrective actions | Manual tracking | Auto-created, auto-closed on remediation |
| Management review | Meeting notes in a PDF | Generated from live KPIs, one click |
Framework coverage
17 frameworks — the ones most EU organisations actually need. Additional sector frameworks like ISO 27001, SOC 2, PCI DSS, DORA, TISAX, BSI C5, and the EU AI Act are configurable per account — reach out if you need them scoped in.
GDPR
General Data Protection Regulation
NIS2
Network and Information Security
DORA
Digital Operational Resilience
CRA
Cyber Resilience Act
EAA
European Accessibility Act
DSA
Digital Services Act
ePrivacy
ePrivacy Directive + national laws
ISO 27001
Information Security Management
SOC 2
Service Organization Controls
PCI DSS
Payment Card Industry
TISAX
Automotive Security
EU AI Act
Artificial Intelligence Act
Plus BSI C5, BSI IT-Grundschutz, ENS, HIPAA, CIS Controls, Cyber Essentials — activated per your jurisdiction and sector.
SiteGuardian monitors regulatory readiness — it does not certify compliance. Consult qualified auditors for formal assessments.
Typical alternatives require multiple tools for the same coverage.
GRC / ISMS tools
Forms and checklists. No technical verification. Evidence is whatever you upload.
Enterprise accessibility tools
Accessibility only — no uptime, security, or regulatory monitoring included.
Privacy management platforms
Consent management only — no technical monitoring or security posture checks.
Cookie-only tools
Cover one regulation. You need evidence across multiple EU regulatory frameworks.
SiteGuardian
Uptime, security, cookies, CSP, accessibility, ISMS, and regulatory evidence — one EU-hosted platform. Verified, not self-attested.
17 EU frameworks, integrated ISMS, CMP + CSP, evidence vault, DPA signing, and SLA reports — from €199*/month. No long-term contracts.