UpGuard built a strong security-ratings platform for mid-market and enterprise security teams. If you are a clinic, a billing company, or an MSP, you are likely paying enterprise pricing — and a per-vendor surcharge — for a fraction of what you use. Covenant is the flat-priced alternative with native HIPAA BAA tracking.
| Capability | Covenant | UpGuard |
|---|---|---|
| Pricing model | Flat per company | Per-vendor add-on (~$79/mo each) |
| Free tier | 10 vendors + BAA, forever | Trial only |
| Self-serve signup | Yes, no card | Sales-led / quote |
| HIPAA BAA lifecycle | Native, free | Not offered |
| SIG / CAIQ questionnaires | Included | Included |
| External posture scanning | Email-auth live; TLS/headers/breach via runner | Internet-wide ratings |
| Per-finding evidence | Every finding shows what fired it | Rating methodology is opaque |
| No-account vendor portal | Signed link + reminder cadence | Account / sales-led |
| Best for | SMBs, clinics, MSPs | Mid-market / enterprise SOC |
Competitor figures from public pricing pages and third-party quotes, 2025–2026. UpGuard and SecurityScorecard are trademarks of their respective owners; Covenant is not affiliated with or endorsed by them.
Per-vendor pricing turns a growing vendor list into a growing bill. Covenant is one flat fee — the Team tier is unlimited vendors for $1490/mo — so you can register every vendor without watching the meter.
Security-ratings scores can move without a clear cause. Covenant itemizes every factor — inherent exposure, questionnaire, findings, BAA gaps — with a timestamped delta, and each external finding shows the exact observation that fired it, so you can hand an auditor the why, not just the number.
If you handle PHI, missing BAAs are an OCR finding waiting to happen. Covenant tracks the full §164.504(e) lifecycle — for free — which ratings platforms simply do not do.
Start with 10 vendors and full BAA tracking, free, then grow without per-vendor fees.
Start free →