SecurityScorecard's letter-grade ratings are well known — and so is the price tag. For a small practice or MSP, five figures a year plus a per-vendor fee is hard to justify when you monitor a few dozen vendors. Covenant gives you flat pricing, scores you can actually explain, and free HIPAA BAA tracking.
| Capability | Covenant | SecurityScorecard |
|---|---|---|
| Entry price | $0 free · $8149.80/yr Pro | ~$16,500/yr typical |
| Per-vendor monitoring fee | None | ~$1,500–$2,000/vendor/yr |
| Self-serve, no sales call | Yes | Quote-only |
| Explainable / disputable score | Every finding shows the evidence that fired it | Letter grade, hard to dispute |
| External scanning | Email-auth live; TLS/headers/breach via runner | Letter-grade ratings |
| No-account vendor portal | Signed link + reminder cadence | Account / Atlas required |
| HIPAA BAA lifecycle | Native, free | Not offered |
| SIG / CAIQ questionnaires | Included | Included (Atlas) |
| Best for | SMBs, clinics, MSPs | Enterprise security teams |
Competitor figures from public pricing pages and third-party quotes, 2025–2026. SecurityScorecard is a trademark of its owner; Covenant is not affiliated with or endorsed by it.
No per-vendor monitoring fee. Register 12 vendors or 120 — at the Team tier the price doesn't move.
A letter grade that drops without explanation is useless in an audit. Every external finding carries the exact evidence that fired it — the DMARC record, the cert expiry, the header that was missing — plus the delta it moved, and you can dispute it.
Native §164.504(e) BAA tracking, clause gap-check, and subcontractor flow-down — the workflow ratings vendors leave to your spreadsheet.
Free for 10 vendors with full BAA tracking. No card, no sales call.
Start free →