Your login flow broke in production.
Nobody tested it.
Your SSO provider changed a claim. Nobody was alerted.
HTTP checks say 'up.' But your customers can't log in, your Singapore users see 3-second loads, and your SSO requires separate passwords. Enterprise monitoring means testing what actually matters.
All prices include VAT where applicable.
Everything in Compliance, plus
Your dashboard says green. Your customers say broken.
Enterprise Infrastructure
Basic monitoring tells you a server responded. Enterprise monitoring tells you whether a customer in Tokyo can actually complete a purchase, whether your SSO still works after the IdP update, and whether that 45-second API outage was caught or ignored.
250 Monitors
You added a new microservice last month. Nobody added monitoring. With 250 monitors and 30-second intervals, nothing slips through because you ran out of slots.
SAML 2.0 SSO
Your team uses Okta. Your monitoring tool requires separate passwords. That's a security policy violation — and a failed audit finding waiting to happen. Connect your IdP and enforce your access policies.
OIDC SSO
Your identity provider speaks OpenID Connect. Your monitoring tool doesn't. That means shared credentials, no MFA enforcement, and no offboarding automation. Fix that.
REST API v1
Adding monitors by hand works for 10 sites. Not for 200. Automate monitor creation, pull incident data into your workflows, and integrate with your CI/CD pipeline.
Synthetic Monitoring
The login page loads. But can a customer actually log in? HTTP checks don't know. Synthetic monitoring tests real user flows — login, checkout, API chains — and catches what ping checks miss.
White-Label Status Pages
Your clients email support asking 'is it down?' before you even know. Give them a branded status page on your domain — they check it instead of opening tickets.
Multi-Region Probes
Your customers in Singapore see 3-second load times. Your Frankfurt-only monitoring says everything is fine. Multi-region probes catch what single-location checks miss.
SMS & Voice Alerts
The Slack notification sat unread for 40 minutes. The email went to spam. When your payment gateway goes down at 3 AM, you need a phone call — not another notification badge.
Everything in Compliance
No add-on fees, no framework gaps. Enterprise includes every supported regulatory framework, every sector pack, every evidence feature. One price, full coverage.
New
The auditor asks for evidence. You have it.
No more scrambling through email threads, shared drives, and half-finished spreadsheets. Monitoring data becomes audit-ready evidence automatically — traceable, signed, and exportable in one click.
Evidence Vault
Your SSL certificate expired last Tuesday. The auditor asks when it was renewed. You check your email. That's not evidence. The vault stores every artifact with integrity hashing and expiry alerts.
- SHA-256 integrity verification
- Expiry alerts for certificates and policies
- EU-hosted, tenant-isolated, no third-party cloud
Structured Assessments
The auditor asks 'where is your DPIA?' You open a Word doc from 2023. It's unsigned, undated, and missing half the questions. Structured assessments produce signed, scored, auditable records — every time.
- Organizational security assessment
- Supplier due diligence
- DPIA and breach notification
- Digital signatures with hash-chain proof
End-to-End Traceability
'When did you detect this issue? What action was taken? Who approved it?' If answering takes more than 10 seconds, you have a traceability problem. Every finding links to its evidence, every action to its author.
- Monitoring → Findings → Evidence → Reports
- Correlation IDs across all events
- Immutable audit log with tamper detection
EU Regulatory Coverage — stop guessing, start proving
The auditor doesn't care about your intentions. They care about documented evidence. Continuous monitoring produces exactly what they ask for — automatically, not the night before the audit.
NIS2 Directive
- Art. 23 Incident Reports – Auto-generated with 24h/72h/1-month timelines
- Art. 21 Risk Monitoring – Continuous monitoring with weighted risk scoring
- Art. 21(2)(d) Supply Chain – Monitor and categorize suppliers vs. own infrastructure
- Art. 21(2)(h) Cryptography – SSL certificate monitoring and DNSSEC validation
DORA
- Art. 28(3) IKT Register – Exportable third-party ICT provider register with risk data
- Art. 6 ICT Risk – Weighted risk scoring across all monitoring dimensions
- Art. 24-27 Resilience Testing – Synthetic monitoring for transaction-level testing
- Art. 11 SLA Reporting – Uptime %, p95/p99 response times for regulatory evidence
Evidence signals by framework
Every check maps to a regulation. No gaps.
Your auditor asks which monitoring signals cover NIS2 Art. 21. You shouldn't have to guess. Each checkmark below is a monitoring signal that produces evidence relevant to that framework.
| Capability | GDPR | NIS2 | DORA | CRA | ISO 27001 | SOC 2 | BSI | EAA |
|---|---|---|---|---|---|---|---|---|
| Uptime & Availability Monitoring | – | – | – | |||||
| SSL/TLS Certificate Deep Analysis | – | – | – | |||||
| Security Posture Grade (A-F) | – | – | – | |||||
| Security Headers (HSTS, CSP, etc.) | – | – | – | |||||
| Two-Factor Authentication (TOTP) | – | – | – | |||||
| Immutable Audit Log | – | – | ||||||
| Incident Management & Alerts | – | – | ||||||
| 9-Channel Notifications | – | – | – | |||||
| Data Export & Deletion (Art. 15-20) | – | – | – | – | – | – | – | |
| DPA / AVV Signing (Art. 28) | – | – | – | – | – | – | – | |
| Cookie Banner Detection | – | – | – | – | – | – | – | |
| Cookie Reject Option Check | – | – | – | – | – | – | – | |
| Pre-Consent Cookie Analysis | – | – | – | – | – | – | – | |
| Third-Party Tracker Detection (Schrems II) | – | – | – | – | – | – | – | |
| Privacy Policy Verification | – | – | – | – | – | – | – | |
| Imprint / Impressum Detection | – | – | – | – | – | – | – | |
| Supply Chain Classification | – | – | – | – | ||||
| IKT Third-Party Register (Art. 28) | – | – | – | – | – | – | – | |
| NIS2 Incident Reports (24h/72h/30d) | – | – | – | – | – | – | – | |
| SLA Reports (Uptime %, p95/p99) | – | – | – | – | – | – | – | |
| Synthetic Monitoring (Multi-Step) | – | – | – | – | – | – | – | |
| Email Security (SPF/DKIM/DMARC/STARTTLS) | – | – | – | – | – | |||
| DNS Security (DNSSEC, DoH, CAA) | – | – | – | – | – | |||
| MTA-STS + TLS-RPT Monitoring | – | – | – | – | – | – | ||
| Global DNS Consistency (10 DoH) | – | – | – | – | – | – | ||
| EU Data Residency (Germany) | – | – | – | – | – | – | ||
| SAML / OIDC SSO | – | – | – | – | ||||
| Team RBAC (Roles & Permissions) | – | – | – | – | ||||
| Accessibility Audit (WCAG 2.2 Level AA) | – | – | – | – | – | – | – | |
| Continuous Accessibility Monitoring | – | – | – | – | – | – | – | |
| Mixed Content Detection | – | – | – | – | ||||
| Risk Scoring (multi-factor, time-decay) | – | – | – |
SiteGuardian provides visibility, monitoring, and evidence signals. It does not certify or guarantee regulatory compliance. Consult qualified auditors for formal assessments.
100% EU Data Residency
Your legal team asks where monitoring data is stored. 'AWS us-east-1' is the wrong answer. All data stored and processed exclusively in Germany (Hetzner Online GmbH, ISO 27001). No US cloud providers. No third-country transfers.
Stop finding out from your customers.
Your users shouldn't discover outages before you do. Start free and upgrade to Enterprise when you're ready — 250 monitors, SSO, synthetic monitoring, multi-region probes. 499 €/mo. EU-hosted, no long-term contracts.