Unphishability (£500/user/year) — Closes the phishing, sharing, and credential theft vectors across the full workforce. Central credential generation (D1), invisible injection (D2), and instant revocation (D3) all at Score 4 on the Credential Governance Assessment Standard. Audit trail near-complete (D3). Third-party governance at Score 3. Compliance evidence generation at Score 2. Reaches Level 4 maturity.

Resilience (£800/user/year) — Everything in Unphishability plus third-party and vendor credential governance (D5 at Score 4) and full audit trail with on-demand reporting (D4 at Score 4). Compliance evidence generation at Score 3. Reaches Level 4–5 maturity. This is the insurance premium reduction tier.

Governance (£1,000/user/year) — All six domains at Score 4. Automated compliance reporting with GRC API integration. Every evidence point generated as a byproduct of normal operation. Reaches Level 5 — Credential Control Achieved. This is the tier for regulated entities with continuous evidence requirements under DORA and NIS2.