UpGuard built a strong security-ratings platform for mid-market and enterprise security teams. If you are a clinic, a billing company, or an MSP, you are likely paying enterprise pricing — and a per-vendor surcharge — for a fraction of what you use. Covenant is the flat-priced alternative with native HIPAA BAA tracking.
| Capability | Covenant | UpGuard |
|---|---|---|
| Pricing model | Flat per company | Per-vendor add-on (~$79/mo each) |
| Free tier | 10 vendors + BAA, forever | Trial only |
| Self-serve signup | Yes, no card | Sales-led / quote |
| HIPAA BAA lifecycle | Native, free | Not offered |
| SIG / CAIQ questionnaires | Included | Included |
| External posture scanning | TLS / headers / email-auth / breach | Internet-wide ratings |
| Explainable, itemized scores | Every delta shown | Rating methodology is opaque |
| Best for | SMBs, clinics, MSPs | Mid-market / enterprise SOC |
Competitor figures from public pricing pages and third-party quotes, 2025–2026. UpGuard and SecurityScorecard are trademarks of their respective owners; Covenant is not affiliated with or endorsed by them.
Per-vendor pricing turns a growing vendor list into a growing bill. Covenant is one flat fee — the Team tier is unlimited vendors for $249/mo — so you can register every vendor without watching the meter.
Security-ratings scores can move without a clear cause. Covenant itemizes every factor — inherent exposure, questionnaire, findings, BAA gaps — with a timestamped delta you can hand an auditor.
If you handle PHI, missing BAAs are an OCR finding waiting to happen. Covenant tracks the full §164.504(e) lifecycle — for free — which ratings platforms simply do not do.
Start with 10 vendors and full BAA tracking, free, then grow without per-vendor fees.
Start free →