DOCUMENTATION HUB·LEVEL_2

Business Plan — Ironframe GRC

REF_PATH: stakeholders/business-planSOURCE: APP_DOCUMENTS_DB

Business Plan — Ironframe GRC

Internal stakeholder document. Financial figures are planning assumptions unless marked as audited.

Executive summary

Ironframe targets mid-market and enterprise organizations that outgrew spreadsheet GRC and legacy heatmap tools but cannot afford opaque, services-heavy enterprise suites. The platform combines quantitative ALE, multi-tenant Command Center UX, and an observable 19-agent workforce on a modern serverless stack (Vercel + Supabase).

Market problem

Legacy GRC platforms fail in three areas Ironframe addresses directly (see competitive-landscape.md):

  1. Financial opacity — Red/yellow/green heatmaps instead of defensible loss expectancy
  2. Perimeter vulnerability — Direct API ingestion without a sanitization DMZ
  3. Black-box AI — LLM wrappers without persistent state or human attestation

Target customers

SegmentProfilePrimary use case
Regulated financeVaultbank-style tenantsALE baselines, audit exports, vault dual-gate
Energy / gridGridcore-style tenantsCarbon pulse, utility rates, sustainability ALE
Healthcare / defenseMedshield, Defense profilesCompliance drift, maturity scoring, threat pipeline
MSSPs / advisorsMulti-tenant operatorsGlobal Command Center + per-tenant isolation

Revenue model (framework)

StreamDescription
Platform subscriptionPer-tenant seat + module bundles (GRC core, sustainability, vault)
Usage / telemetryOptional meter for agent orchestration cycles and export volume
Professional servicesImplementation, TAS-aligned customization, audit readiness workshops
Evidence / WORM storageTiered immutable storage for sealed attestations

Specific price points: see Pricing & Packaging.

Go-to-market

  1. Design partners — Shadow-plane demos with Medshield/Vaultbank/Gridcore seed tenants
  2. Compliance narrative — SOC 2 / ISO mapping via Irontally controls and audit intelligence
  3. Technical proof — Public integration suite (test:vercel-integration:cloud) and release evidence packs
  4. Content — Role-based rebuild pages (CISO, CFO, Board, Audit) under product marketing

Financial planning assumptions (illustrative)

YearARR targetNotes
Y1Design-partner revenue + 3–5 paid tenantsGA epic completion
Y2Expand MSSP channelMulti-tenant Command Center as differentiator
Y3Enterprise tier + WORM compliance upsellEpic 12 fully productized

Risks and mitigations

RiskMitigation
Sustainability API outageLKG pulse loop, IRONWATCH_SUSTAINABILITY_FALLBACK_ENABLED
Tenant isolation breachIronguard, RLS, integration tests, TAS gatekeeper protocol
AI hallucination in scoringIrontrust frozen ALE math; LLM limited to narrative/RAG (Ironquery)
Vendor lock-in concernsExport APIs, Ironquery CSV/PDF, constitutional TAS documentation

Related documents