Passeca positions itself as a one-stop managed cybersecurity service provider, covering risk management, compliance consulting, vCISO, penetration testing, application security, cloud security, infrastructure security, security awareness training, and BCP/DR. Its focus is not a single security product, but rather using expert services and platform-based GRC capabilities to help organizations build, assess, and continuously improve their security programs.
On the GRC side, Passeca supports frameworks including ISO 27001, SOC 2, TISAX, DORA, NIS2, PCI DSS, HIPAA, and GDPR, and provides gap analysis, roadmaps, policy documentation, internal audits, and coordination with certification bodies. Its GRC platform emphasizes multi-framework management, automated evidence collection, control monitoring, real-time reporting, and integrations with AWS, Azure, Jira, and Slack. The vCISO service focuses on security strategy, compliance and risk, vendor management, incident response, and security awareness training. For technical testing, it covers Web, API, mobile, cloud, network, and WiFi penetration testing. The methodologies mentioned include OWASP WSTG/MASTG, NIST SP 800-115, and PTES, while reports include risk ratings, reproduction steps, and remediation recommendations.
Its vCISO pricing is disclosed relatively clearly: Basic is €5000/month, Advanced is €9400/month, and Enterprise starts from €13500/month. Compliance assessments average €10,000-35,000, security audits are €15,000-30,000, and hourly work is €250-350/hour. Basic is suitable for small businesses or startups, Advanced is suited to mid-sized or compliance-driven organizations, and Enterprise is intended for large enterprises or heavily regulated industries. Services such as penetration testing require separate quotes.
The strengths are a complete service chain that can extend from board-level security governance to hands-on penetration testing and employee training; broad compliance coverage; and relatively standardized descriptions of delivery process, report content, and testing scope. The drawbacks are that the main website content does not specify the company’s country, team size, SLA, data hosting regions, payment methods, or its own certifications. Although the GRC platform’s features are described, more detailed security architecture information and customer case studies are lacking.
Access from mainland China, payment availability, and local support are not disclosed, so they should be considered unknown. If Chinese-language delivery, MLPS/CII compliance, or local on-site support is required, alternatives to compare include 奇安信, 启明星辰, 绿盟科技, 安恒信息, and 深信服. For international compliance and English-language delivery, Passeca is better suited for companies that already have EU or global compliance requirements to evaluate.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on passeca.com official site.
passeca.com is an Unknown Cybersecurity provider. TG4G tracks its product information, an overall rating of 6.0/10, and a China-accessibility score of Workable. Click "Visit Official Site" to reach passeca.com directly.