Market size of compliance/audit software


To determine the market size of the the compliance/audit software market in the US and determine how many new players get SOC2 and ISO27001 certification each year in the US.

Early Findings

Compliance/audit software market

  • According to Market and Markets, the global enterprise governance, risk, and compliance (eGRC) software market was valued at $31.5 billion in 2019, growing at a CAGR of 10.3%.
  • The North American segment held the biggest market share at over 30%. Using that, we were able to calculate that the North American enterprise governance, risk, and compliance software market was worth $9.45 billion.
  • According to several reports, the US is the major player that accounted for most of the eGRC revenue in the region. As such, we can assume that the US revenue of the eGRC software market is also roughly $9.45 billion.

SOC2 and ISO27001

  • While we were not able to find the market size or the number of new companies that get SOC 2 and ISO 27001 compliance, we gathered a few useful statistics.
  • Start-up companies that have less than $1 million in funding have a harder time getting SOC 2 compliance, with only about ~7% of them featuring the compliance.
  • On the other hand, about 45% of the companies with $100 million or more in funding feature an SOC 2 compliance.
  • In fact, only 18% of SaaS companies have secured either SOC 2 or ISO 27001, with 13% having both.
  • IT and security apps had the highest percentage of SOC 2 penetration, at 33%.

Proposed next steps:

You need to be the project owner to select a next step.