Updated May 15, 2026 · 10 platforms evaluated

Top 10 Physical Security Software for IT and Software in 2026: A SOC 2 CC6.4 + ISO 27001 A.7 Buyer-First Ranking

Honest 2026 ranking of the 10 best physical security platforms for IT and SaaS. Scored on SOC 2 CC6.4, ISO 27001 A.7, data-centre cage, insider threat, and value.

By RiskWatch Editorial · IT and SaaS Physical Security Software Research

Verdict

TL;DR

If you run physical security for an IT or SaaS company sitting under SOC 2 CC6.4 and ISO 27001 Annex A.7.1 through A.7.4 with HQ offices, regional offices, co-located data-centre cages at Equinix or Digital Realty, a hybrid-RTO workforce, and a remote-employee asset register, RiskWatch ranks first on our weighted score because it ships SOC 2 Trust Services Criteria, ISO/IEC 27001:2022 Annex A.7, NIST 800-53 PE, CSA CCM Domain DCS, PCI DSS v4 Requirement 9, and HIPAA Administrative Simplification physical safeguards as pre-built libraries in one tenant. Genetec Security Center is the strongest unified VMS plus access control for SaaS companies running co-lo cages or on-prem flagship data centres alongside HQ campus security. Verkada is the default cloud-native pick for SaaS HQs consolidating distributed regional offices onto one console. Brivo publishes a per-door price ($13.50/door/month per Acre Security) that is the cleanest TCO anchor for multi-office SaaS deployments. AlertEnterprise Guardian handles the HR-to-Active-Directory-to-PACS convergence that insider-threat programmes need at series-D and post-IPO SaaS scale. Kastle Systems publishes hybrid-RTO occupancy data and is the default pick for SaaS tenants in Kastle-managed multi-tenant office buildings. Pick by SOC 2 evidence-export shape, ISO 27001 A.7 coverage, and the renewal-escalator cap, not by vendor demo polish. Six of the ten platforms here will not publish a price.

Pick by use case

Where each platform fits

SOC 2 CC6.4 + ISO 27001 A.7 TVRA across HQ, regional offices, and co-located data-centre cages: RiskWatch: SOC 2 Trust Services Criteria 2017 + ISO/IEC 27001:2022 Annex A.7.1 through A.7.14 + NIST 800-53 PE + CSA CCM Domain DCS + PCI DSS v4 Requirement 9 + HIPAA Administrative Simplification physical safeguards pre-mapped in one tenant; discrete asset models for HQ floor, regional office, co-location cage, and home-office equipment; offline mobile site walks for cage walk-throughs at Equinix and Digital Realty.
Unified VMS + access control + Restricted Security Area Surveillance for SaaS data-centre cage and HQ campus: Genetec Security Center: Independent Montreal-headquartered founder-led; unified Omnicast VMS + Synergis access + AutoVu ALPR + Restricted Security Area Surveillance for cage perimeter; per-channel and per-door SaaS pricing published; deep SaaS-headquarters customer base; Federation for multi-site rollup across HQ + regional + cage.
Cloud-managed cameras + access + alarms across SaaS HQ + 5-50 distributed offices on one console: Verkada: Cloud-native unified suite (cameras + access + alarms + intercom + sensors + guest); $5.8B CapitalG round December 2025; $1B+ ARR across 30,000+ customers; 4.5/5 G2 across 1,800+ reviews; right shape for SaaS HQs retiring DVR + on-prem access stacks at the regional office.
Per-door published-pricing cloud access for multi-office SaaS: Brivo: Published $13.50/door/month per Acre Security and Vendr; SOC 2 Type II + ISO/IEC 27001:2022 + GDPR; NASDAQ:BRIV post-2023 SPAC; open API + Eagle Eye Networks video pairing; the cleanest TCO anchor when the SaaS controller wants a per-door line for the board.
PIAM convergence across HR + Active Directory + PACS for insider-threat programmes at series-D and post-IPO SaaS scale: AlertEnterprise Guardian: G2 Spring 2026 Grid Leader for Physical Security; Personal Risk Assessment workflow; deepest Lenel S2 + Genetec Synergis + Software House CCURE + Honeywell Pro-Watch + AMAG Symmetry integration; ties Workday or BambooHR badge governance to AD provisioning and PACS badge expiration for the departing-engineer use case.
Hybrid-RTO occupancy + multi-tenant office building for SaaS tenants in Kastle-managed properties: Kastle Systems: Operator of KastlePresence + Kastle Workplace; publishes the Kastle Back to Work Barometer for hybrid-RTO occupancy data; default access provider in 47,000 commercial-real-estate locations across 32 metro areas; right pick for SaaS tenants in WeWork, Hines, Tishman Speyer, JLL, or CBRE-managed buildings using Kastle as the building access provider.
Motorola Solutions cloud-native VMS + access combining former Openpath + Ava on serverless architecture: Avigilon Alta: Motorola Solutions subsidiary; Alta launched 2023 combining Openpath access (acquired July 2021) and Ava Security video (acquired August 2021); cloud-native serverless architecture; Alta Cloud + Unity On-Premise hybrid for SaaS companies with hard on-prem cage requirements at the co-location.
Insider-threat investigations + case management with chain-of-custody for departing-engineer cases: Resolver: Kroll-owned since March 2022; G2 Best Software Awards 2025 GRC honoree; deepest investigations and case-management workflow in this ranking with chain-of-custody that survives a SaaS departing-engineer source-code-exfiltration matter referred to outside counsel.
Enterprise PACS at SaaS flagship data centre with on-prem deployment under SOC 2 + FedRAMP requirements: AMAG Symmetry: Allied Universal subsidiary since 2021; Symmetry SR Series controllers + Symmetry CONNECT PIAM-lite; on-prem PACS deployment supported for SaaS companies with FedRAMP Moderate workloads and a hard on-prem-cage requirement; 1,000+ tenant install base.
Open-platform VMS supporting heterogeneous camera fleets across SaaS HQ, regional offices, and cage: Milestone XProtect: Widest open-platform device compatibility (8,000+ devices) for SaaS companies that grew through acquisition and inherited Axis, Bosch, Hanwha, and Pelco fleets at the office; XProtect 2026 R1 added long-term cloud video storage; free Essential+ tier covers the smallest regional office.

Physical security software for IT and software companies is a label that masks five different buying jobs. SaaS physical security owners come to this category looking for one of five things: a SOC 2 CC6.4 plus ISO 27001 A.7.1 through A.7.4 Threat-Vulnerability-Risk-Assessment platform that survives the Type II audit and the ISO 27001 surveillance visit; a Video Management System and access control platform for the HQ campus, the regional office, and the co-located data-centre cage at Equinix or Digital Realty; a cloud-managed camera plus access plus alarms console that consolidates 5-50 distributed regional offices onto one screen after the post-pandemic real-estate footprint reset; a Physical Identity and Access Management system that ties Workday or BambooHR, Microsoft Entra ID or Okta, and the office PACS together for an insider-threat programme tracking the departing engineer, the contractor laptop carry-out, and the credentialed cage-entry exception; or a multi-tenant office-building access provider whose console covers a Kastle-managed or building-operator-managed property where the SaaS tenant does not control the door reader. The ten platforms in this ranking serve at least one of those briefs well, and none of them serves all five equally.

We considered 22 platforms across G2 Spring 2026 Grid for Physical Security, the Cloud Security Alliance vendor list, Equinix and Digital Realty integration partner pages, the AICPA SOC 2 reviewer recommendation set, the AWS and Azure marketplace listings for physical access tools, and SaaS-customer reference calls. We cut to ten by removing pure-play body-worn cameras and patrol-management tools, excluding cyber-only DLP or insider-threat-analytics vendors with no physical-access component (Code42, Proofpoint Insider Threat, Microsoft Purview Insider Risk are covered in our SOC 2 and ISO 27001 risk-software listicles separately), excluding TVRA-only platforms with no SaaS customer base, and including the cloud-managed VMS, the cloud access platform, the PIAM platform, the hybrid-RTO building-operator platform, and the case-management platform that SaaS physical security owners most commonly shortlist on SOC 2 renewal cycles. The result is ten platforms a real SaaS physical security owner might shortlist in 2026.

Pricing transparency is poor in this category. Six of the ten platforms here gate pricing behind a demo or a deployment scope. Brivo publishes $13.50/door/month per Acre Security and Vendr. Genetec publishes Security Center SaaS pricing per channel and per door. Verkada publishes per-camera SaaS bands. RiskWatch publishes partial contract bands on this page. The other six are quote-only at the enterprise tier. We triangulated the opaque vendors from public third-party teardowns and dated each estimate. The methodology block at the bottom of this page spells out the weights and the sources.

At-a-glance

Comparison table

The 10 platforms scored on the methodology weights at the bottom of this page. Pricing-transparency pill is the buyer-honesty signal.

Rank	Product	Best for	Pricing transparency	G2	Verdict
1	RiskWatch RiskWatch International	IT services firms, cloud-native SaaS companies, and software vendors running SOC 2 Type II plus ISO 27001 plus a co-located data-centre cage at Equinix, Digital Realty, CoreSite, Iron Mountain, or QTS, with HQ plus regional plus remote-employee asset scope in one tenant.	Partial	4.5/5 60+ reviews	SOC 2 Trust Services Criteria 2017 CC6.4 + CC6.5 + CC6.7 + ISO/IEC 27001:2022 Annex...
2	Genetec Security Center Genetec Inc.	Series-D and post-IPO SaaS companies running an HQ Security Operations Center plus a co-located cage at Equinix or Digital Realty plus distributed regional offices unified in one console.	Partial	4.4/5 340+ reviews	Unified Omnicast VMS + Synergis access control + AutoVu ALPR + Mission Control event...
3	Verkada Verkada Inc.	Series-B through post-IPO SaaS companies consolidating an HQ campus plus 5-50 distributed regional offices onto one cloud-managed console and retiring DVRs plus on-prem access servers.	Partial	4.5/5 1850+ reviews	Cloud-native unified suite (cameras + access + alarms + intercom + sensors + guest) on...
4	Brivo Brivo Inc.	Series-B through post-IPO SaaS companies with an HQ plus 5-30 regional offices that want a published per-door TCO anchor for the board and an open API that does not force a specific camera vendor at the regional office.	Public	4.5/5 40+ reviews	Published $13.50/door/month per Acre Security and Vendr triangulations; the cleanest...
5	AlertEnterprise Guardian AlertEnterprise Inc.	Series-D and post-IPO SaaS companies above 500 employees running a formal insider-threat programme where badge issuance must align with Workday termination status, Microsoft Entra ID deprovisioning, and the departing-engineer use case.	Opaque	4.5/5 180+ reviews	G2 Spring 2026 Grid Leader for Physical Security (announced March 22 2026)
6	Kastle Systems Kastle Systems International LLC	SaaS tenants in Kastle-managed WeWork, Hines, Tishman Speyer, JLL, or CBRE office buildings; SaaS facilities teams that want a managed-services model with a 24/7 Security Operations Center handling badge monitoring.	Opaque	4.2/5 40+ reviews	47,000+ commercial-real-estate locations across 32 metro areas; the largest...
7	Avigilon Alta Motorola Solutions (NYSE: MSI)	SaaS companies already invested in Avigilon-branded cameras at the regional office; SaaS facilities teams that prefer a public-company parent over privately-held vendors for procurement-side stability.	Opaque	4.3/5 120+ reviews	Motorola Solutions parent (NYSE: MSI; ~$60B mcap) provides the strongest financial...
8	Resolver Resolver, a Kroll Business	Series-D and post-IPO SaaS companies with a dedicated insider-threat or trust-and-safety team handling departing-engineer matters and contractor-laptop carry-outs; SaaS companies with executive-protection committees.	Opaque	4.3/5 250+ reviews	Deepest case-management and investigations workflow in this ranking; chain-of-custody...
9	AMAG Symmetry AMAG Technology (an Allied Universal company)	SaaS companies running a flagship on-prem data centre or FedRAMP Moderate / High co-lo cage where FICAM-approved PACS is mandatory; SaaS companies that value Allied Universal guard-services adjacency at the HQ campus.	Opaque	4.1/5 90+ reviews	FICAM-approved status under HSPD-12 supports SaaS companies running FedRAMP Moderate...
10	Milestone XProtect Milestone Systems (Canon Inc. subsidiary)	SaaS companies with heterogeneous camera fleets at the regional office (Axis, Bosch, Hanwha, Pelco) who want to preserve existing camera capex; SaaS startups using the free Essential+ tier for one office.	Partial	4.3/5 260+ reviews	Widest open-platform VMS device compatibility (8,000+ devices) preserves SaaS camera...

Calculator

Estimate the licence cost

Drag the slider to your headcount. Estimates use each vendor's published or triangulated tiers. Opaque vendors show Contact sales.

Employees500

11.3k2.5k3.8k5k

RiskWatch

Professional (≤ 1,000 employees)

$36,000/yr

Genetec Security Center

Security Center Enterprise (est.) (quote-only tier)

Contact sales

Verkada

Verkada Unified (est. multi-office) (quote-only tier)

Contact sales

Brivo

Brivo Access Multi-Office (est.) (quote-only tier)

Contact sales

AlertEnterprise Guardian

Guardian PIAM (est. mid-market) (quote-only tier)

Contact sales

Kastle Systems

Kastle Workplace (est. multi-office) (quote-only tier)

Contact sales

Avigilon Alta

Alta Unified (est. multi-office) (quote-only tier)

Contact sales

Resolver

Mid-market (est.) (quote-only tier)

Contact sales

AMAG Symmetry

Symmetry SR Series (est. mid-market) (quote-only tier)

Contact sales

Milestone XProtect

XProtect Corporate (est. multi-office) (quote-only tier)

Contact sales

Estimates only. Opaque-pricing vendors do not publish list prices; bands are triangulated from public third-party sources dated 2026-05-15. Implementation services, module add-ons, and renewal escalators are extra.

Pick your own weights

Decision matrix

Default weights match the methodology at the bottom of this page. Drag the sliders to match your priorities and re-rank in real time.

Ease of use20%

How quickly a non-technical control owner reaches first value

Feature breadth20%

Module coverage across ERM, IT, audit, TPRM, BC

Value20%

Price to value ratio at mid-market

Customer support15%

Quality and responsiveness of vendor support

Scalability15%

Handling 5,000+ employees, multiple entities, regions

Integrations10%

Breadth of native connectors and APIs

Weights sum: 100%

1
Verkada
Editorial rank #3
8.82
2
RiskWatch
Editorial rank #1
8.71
3
Brivo
Editorial rank #4
8.63
4
Milestone XProtect
Editorial rank #10
8.61
5
Genetec Security Center
Editorial rank #2
8.55
6
Avigilon Alta
Editorial rank #7
8.46
7
AlertEnterprise Guardian
Editorial rank #5
8.29
8
Resolver
Editorial rank #8
8.21
9
AMAG Symmetry
Editorial rank #9
7.91
10
Kastle Systems
Editorial rank #6
7.89

Switching cost

Migration matrix

Read row-to-column. Row = today's platform, column = tomorrow's. Colour reflects realistic switching effort, not vendor sales pitches.

From / To	RiskWatch	Genetec Security Center	Verkada	Brivo	AlertEnterprise Guardian	Kastle Systems	Avigilon Alta	Resolver	AMAG Symmetry	Milestone XProtect
RiskWatch	.	M	E	E	M	E	E	M	M	M
Genetec Security Center	E	.	E	E	E	E	E	E	M	E
Verkada	M	H	.	E	H	M	M	H	H	H
Brivo	M	M	M	.	M	M	M	M	H	M
AlertEnterprise Guardian	E	E	E	E	.	E	E	E	E	E
Kastle Systems	M	M	M	E	M	.	M	M	M	M
Avigilon Alta	E	M	E	E	M	E	.	M	M	M
Resolver	E	E	E	E	E	E	E	.	E	E
AMAG Symmetry	E	E	E	E	E	E	E	E	.	E
Milestone XProtect	E	E	E	E	E	E	E	E	E	.

Easy (E)Moderate (M)Hard (H)Source: per-vendor migration field with radar-profile fallback. Treat as a directional guide, not a quote.

Methodology

How we scored and why you should trust it

The methodology is the only thing keeping this page honest. Read it carefully and apply your own weights in the decision matrix above.

We scored each of the ten platforms on six axes weighted for the SaaS physical security buyer using the default playbook weights: Ease of Use including offline mobile site walks at co-located data-centre cages (20%), Feature Breadth covering SOC 2 CC6.4 + ISO 27001 A.7.1 through A.7.14 + NIST 800-53 PE + CSA CCM Domain DCS + PCI DSS v4 Requirement 9 alignment plus HQ office, regional office, co-located cage, hybrid-RTO occupancy, and remote-employee asset coverage (20%), Value including pricing transparency and renewal-escalator behaviour (20%), Customer Support (15%), Scalability across SaaS-company footprints from 50 employees and one office to 50,000 employees and 100+ offices plus 20+ cages (15%), and Integrations with VMS, PACS, alarm, HR, identity provider, and SIEM (10%). Scores are 0-10 and calibrated within this category. Ratings reference G2 and Capterra figures pulled 2026-05-15. Pricing reflects the most-recent published or triangulated figures, also pulled 2026-05-15; where pricing is opaque we report a range based on two or more public third-party sources. We re-verify this page quarterly.

Weights used in the editorial ranking

Ease of use: 20%
Feature breadth: 20%
Value: 20%
Customer support: 15%
Scalability: 15%
Integrations: 10%

RiskWatch

RiskWatch International · Founded 1993 · Annapolis, MD, USA

SOC 2 CC6.4 + ISO 27001 A.7 physical security assessment software with co-lo cage and remote-asset coverage.

Partial pricingG2 4.5 · Capterra 4.6 · 60+ reviews

Summary

RiskWatch ships a physical security risk assessment platform built around pre-mapped libraries for SOC 2 Trust Services Criteria 2017 Common Criteria CC6.4 plus CC6.5 and CC6.7, ISO/IEC 27001:2022 Annex A.7.1 through A.7.14, NIST 800-53 PE, NIST 800-171 3.10, CSA Cloud Controls Matrix Domain DCS (Datacenter Security), PCI DSS v4 Requirement 9, HIPAA Administrative Simplification physical safeguards, and FedRAMP Moderate physical-control families. The platform models the HQ floor, the regional office, the co-located data-centre cage at Equinix or Digital Realty or CoreSite, the hybrid-RTO seasonal floor, and the remote-employee equipment register as discrete assessable assets with their own control sets. Browser-based mobile site walks work offline at the cage where cellular is weak. Customers include SaaS companies, cloud-native infrastructure providers, and IT services firms. The product has been in the field since 1993 and is the only platform in this ranking that pre-maps every SOC 2 and ISO 27001 physical-control requirement a SaaS company owes its Type II auditor in one tenant.

Strengths

SOC 2 Trust Services Criteria 2017 CC6.4 + CC6.5 + CC6.7 + ISO/IEC 27001:2022 Annex A.7.1 through A.7.14 + NIST 800-53 PE + NIST 800-171 3.10 + CSA CCM Domain DCS + PCI DSS v4 Requirement 9 + HIPAA Administrative Simplification physical safeguards + FedRAMP Moderate physical families pre-mapped on day one in one tenant
Discrete asset models for HQ floor, regional office, co-located data-centre cage, hybrid-RTO seasonal floor, and remote-employee equipment so the same SaaS customer can score the cage at Equinix DC11 and the HQ floor in San Francisco from the same workspace
Browser-based mobile TVRA works offline inside a co-located cage where cellular and Wi-Fi are weak; syncs when connectivity returns and the auditor never loses a finding from the cage walk
Cross-mapping engine that auto-detects shared controls across SOC 2, ISO 27001, NIST 800-53 PE, and CSA CCM so one piece of cage-access evidence satisfies multiple Type II audits and the ISO 27001 surveillance visit
Site Risk Cycle with ISO 31000 and NIST 800-30 semi-quantitative scoring; findings convert to tracked remediation tasks with owners and proof-of-close defensible to SOC 2 reviewers from Big 4 firms and ISO 27001 registrars
Single-tenant deployment with customer-owned data residency for SaaS companies that need US-only or EU-only data locality for sub-processor due diligence
30-day free trial with no credit card and full platform access; the only TVRA-first vendor on this list offering it for a SaaS physical security owner to evaluate during Type II prep
Vendor risk management module covers the colo operator and the managed-security-service provider so SOC 2 sub-processor evidence lives in the same tenant as the cage TVRA

Weaknesses

Not a VMS, access control system, alarm panel, or PIAM platform; integrates with Genetec, Verkada, Brivo, Avigilon Alta, Milestone, AMAG Symmetry, Kastle Systems, and AlertEnterprise via APIs and bulk imports rather than deep native connectors, so SaaS companies that want one console for cameras plus assessment must pair RiskWatch with one of those products
Brand awareness on G2 and Capterra in SaaS physical security specifically is lower than Verkada or Genetec; total third-party review volume in this niche sits below 100
Public pricing is opaque, quote-based, and scaled by framework count, office count, and cage count; marked partial because typical contract bands are published in the pricing calculator on this page
No native employee laptop or remote-asset GPS tracking; the remote-employee equipment register tracks asset assignment, condition, and return rather than real-time location, so SaaS companies needing Find-My-Device or Apple Business Manager geofencing pair with Jamf or Kandji
No native insider-threat behavioural analytics on physical-badge events; pair with Resolver or AlertEnterprise for departing-engineer behavioural triggers tied to badge patterns
UI shows operational heritage in some assessment-builder screens; newer cloud-first entrants like Verkada and Avigilon Alta have a more polished first-run experience for non-specialist office managers running an annual TVRA on the side

Best for

IT services firms, cloud-native SaaS companies, and software vendors running SOC 2 Type II plus ISO 27001 plus a co-located data-centre cage at Equinix, Digital Realty, CoreSite, Iron Mountain, or QTS, with HQ plus regional plus remote-employee asset scope in one tenant.

Worst for

Single-office sub-50-employee SaaS startups that only need a Verkada or Brivo bundle for one door and have no SOC 2 audit yet and no co-located cage; the multi-framework engine is over-built for that brief.

Key features

Pre-built libraries for SOC 2 Trust Services Criteria 2017 (CC6.4, CC6.5, CC6.7), ISO/IEC 27001:2022 Annex A.7.1 through A.7.14, NIST 800-53 PE, NIST 800-171 3.10, CSA Cloud Controls Matrix Domain DCS, PCI DSS v4 Requirement 9, HIPAA Administrative Simplification physical safeguards, FedRAMP Moderate physical families
Discrete asset models for HQ floor, regional office, co-located data-centre cage, hybrid-RTO seasonal floor, and remote-employee equipment
Cross-mapping engine for shared controls across SOC 2 + ISO 27001 + NIST 800-53 PE + CSA CCM
Offline mobile site-walk app for cage walk-throughs with sync-on-reconnect
Vendor risk management module covering colo operator and MSSP sub-processors
Site Risk Cycle with ISO 31000 and NIST 800-30 semi-quantitative scoring
Remote-employee equipment register for ISO 27001 A.7.9 off-premises asset control
Single-tenant deployment with US-only or EU-only data residency

Integrations

25+ native. Notable: Microsoft Entra ID (SAML SSO), Okta, Microsoft 365 / SharePoint, Slack, Jira, Salesforce, Custom REST API.

Target size

100 to 25,000 employees · US · Canada · EU · UK · AU

Radar score

Pricing

Starter$99/month
Up to 250 employees
- · Up to 3 standards libraries (e.g. SOC 2 + ISO 27001 A.7 + NIST 800-53 PE)
- · Up to 5 sites (HQ + regional + cage)
- · Mobile offline site-walk app
- · Remote-employee asset register
- · Email + named CSM support
Professional$36,000/year
Up to 1,000 employees
- · All 40+ libraries incl SOC 2 + ISO 27001 + NIST 800-53 + CSA CCM + PCI v4 + HIPAA + FedRAMP
- · Unlimited sites and cages
- · Cross-mapping engine for shared controls
- · SSO + SAML
- · API access + custom reports
- · Phone + dedicated CSM
EnterpriseContact sales
- · All 40+ frameworks
- · Single-tenant deployment
- · Customer-owned data residency (US-only or EU-only)
- · 24/7 support
- · Solutions architect on retainer for the Type II audit window

Watch for

· Implementation services billed separately (typical 1-time fee 15-25% of first-year licence)
· Custom framework additions outside the 40+ library scoped per request

Public list-price pages are coming. For now we publish typical contract bands above; the Enterprise tier is quote-only because deployment topology and site count vary materially.

Genetec Security Center

Genetec Inc. · Founded 1997 · Montreal, Quebec, Canada

Independent unified VMS + access + ALPR + Restricted Security Area Surveillance for SaaS HQ and co-lo cage.

Partial pricingG2 4.4 · Capterra 4.5 · 340+ reviews

Summary

Genetec ships Security Center, a unified platform combining Omnicast VMS, Synergis access control, AutoVu ALPR, Restricted Security Area Surveillance for cage perimeter, and Mission Control event management. The company has been founder-led since 1997 and remains privately held, which differentiates it from PE-owned or public-acquisition alternatives. SaaS customers include cloud-native infrastructure providers running co-located cages at Equinix and Digital Realty, and software vendors operating HQ campuses with a Security Operations Center. Security Center SaaS pricing is published per channel and per door, which is rare in this category. The unified-platform approach is the right shape for a SaaS company that needs to correlate VMS, access, ALPR, and intrusion across HQ campus plus co-lo cage in one console; it is over-built for a 200-employee SaaS startup with one office.

Strengths

Unified Omnicast VMS + Synergis access control + AutoVu ALPR + Mission Control event management + Restricted Security Area Surveillance for co-lo cage perimeter in one console
Published Security Center SaaS pricing per channel and per door; the only enterprise-tier VMS plus access control in this ranking with public pricing at that granularity
Independent founder-led ownership since 1997; no PE renewal-pressure dynamic and no Carrier-style divestiture churn that affected Lenel S2
Deep SaaS-customer base for HQ campus security plus co-lo cage; reference calls available for software-vendor and cloud-native infrastructure deployments
200+ hardware integrations across cameras, controllers, intercom, and intrusion; preserves SaaS capex on existing camera fleets at the regional office
Federation for multi-site rollup across HQ + regional + cage in one operator console; fits SaaS companies with the offices-plus-cages footprint

Weaknesses

Over-built for SaaS companies under 200 employees with one office and no co-lo cage; unified-platform value collapses when only cameras and badge readers are in scope
Implementation typically 12-24 weeks with a Genetec-certified channel partner; consulting-heavy go-live is the most-cited downside in third-party reviews
Software Update Plan (SUP) annual maintenance fees are mandatory and not always surfaced in the initial proposal
Cloud-first deployment trails on-prem maturity; SaaS companies adopting Security Center SaaS report a 6-12 month learning curve compared to Verkada
Not a physical security risk assessment platform; pair with RiskWatch or Resolver for SOC 2 CC6.4 and ISO 27001 A.7 evidence

Best for

Series-D and post-IPO SaaS companies running an HQ Security Operations Center plus a co-located cage at Equinix or Digital Realty plus distributed regional offices unified in one console.

Worst for

Sub-200-employee SaaS startups with one office; Verkada or Brivo is the cleaner fit.

Key features

Omnicast unified video management with H.265 and AI analytics
Synergis access control with ASSA ABLOY + Allegion + Mercury hardware
AutoVu automatic license plate recognition for HQ parking lot and visitor reception
Restricted Security Area Surveillance for co-lo cage perimeter
Mission Control event management for SOC operators
ClearID workforce management with HR + Active Directory provisioning
Federation for multi-site rollup across HQ + regional + cage
Cloud, on-prem, and hybrid deployment options

Integrations

200+ native. Notable: Axis Communications, Bosch Security, Hanwha Vision, ASSA ABLOY, Allegion, Mercury Security, Microsoft Entra ID, Okta.

Target size

500 to 1,00,000 employees · US · Canada · UK · EU · AU · APAC · LATAM

Verkada

Verkada Inc. · Founded 2016 · San Mateo, CA, USA

Cloud-native unified cameras + access + alarms + sensors + intercom + guest for SaaS HQ + regional consolidation.

Partial pricingG2 4.5 · Capterra 4.6 · 1850+ reviews

Summary

Verkada ships a cloud-native unified physical security platform combining cameras, access control, alarms, intercom, sensors, and guest management on one console. The company raised at $5.8B in a CapitalG-led December 2025 round, on top of a $4.5B Series E in December 2024, and reports $1B+ ARR across 30,000+ customers as of 2026. G2 sits at 4.5/5 across 1,800+ reviews, the highest review volume of any unified physical security platform. Verkada is the default pick for SaaS companies consolidating an HQ campus plus 5-50 distributed regional offices onto one cloud-managed console and retiring DVRs plus on-prem access servers at the regional office. The 2021 customer-data breach is still cited by SaaS-customer procurement teams running ISO 27001 sub-processor reviews; Verkada published a detailed post-mortem and a third-party security audit in 2022 and has not had a subsequent disclosed breach.

Strengths

Cloud-native unified suite (cameras + access + alarms + intercom + sensors + guest) on one console eliminates DVR plus on-prem access server at the regional office
4.5/5 G2 across 1,800+ reviews, the highest review volume of any unified physical security platform in this ranking
$5.8B CapitalG-led December 2025 round + $4.5B Series E December 2024; $1B+ ARR across 30,000+ customers; financial stability is strong for a private company
Right shape for SaaS companies consolidating an HQ campus plus 5-50 distributed regional offices; lift-and-shift from DVR plus on-prem access is documented across SaaS case studies
AI analytics (License Plate Search, Person of Interest) for HQ lobby and regional-office visitor reception; helpful for the insider-threat departing-engineer trail
Mobile-first SOC operator experience; the only platform here designed for a SaaS office manager to triage incidents from a phone without a desktop console

Weaknesses

2021 customer-data breach (insider-credential incident) is still cited by SaaS procurement teams running ISO 27001 sub-processor reviews; Verkada published a post-mortem and a third-party security audit in 2022 and has not had a subsequent disclosed breach, but the memory persists
Hardware-and-software bundle locks the SaaS company into Verkada cameras for the duration of the contract; preserves no Axis, Bosch, Hanwha, or Pelco capex at the regional office
Per-camera plus per-door SaaS pricing scales fast across multi-office SaaS deployments; renewal escalators land in the 5-10% range per multiple Vendr teardowns
Cloud-only deployment is a hard line for some SaaS procurement teams citing FedRAMP or DoD impact-level requirements at the co-located cage; on-prem buyers look at Avigilon Unity, Genetec, or Milestone instead
Not a physical security risk assessment platform; pair with RiskWatch or Resolver for SOC 2 CC6.4 and ISO 27001 A.7 evidence

Best for

Series-B through post-IPO SaaS companies consolidating an HQ campus plus 5-50 distributed regional offices onto one cloud-managed console and retiring DVRs plus on-prem access servers.

Worst for

SaaS companies with hard on-prem cage requirements at the co-location operator citing FedRAMP or DoD impact levels; SaaS companies invested in non-Verkada camera capex at the regional office.

Key features

Cloud-native cameras with AI analytics (License Plate Search, Person of Interest)
Cloud-native access control with mobile credentials and badge support
Cloud-native alarms with monitoring center handoff
Cloud-native intercom for HQ entry door and regional-office reception
Environmental sensors (occupancy, temperature, vape detection)
Guest management with kiosk and badge printing for visitor reception
Mobile-first SOC operator experience
10-year hardware warranty on cameras

Integrations

80+ native. Notable: Microsoft Entra ID, Okta, Google Workspace, Slack, Splunk, Active Directory, Workday (limited bridge), Brivo (limited bridge).

Target size

100 to 50,000 employees · US · Canada · UK · EU · AU · Mexico · Japan

Brivo

Brivo Inc. · Founded 1999 · Bethesda, MD, USA

Cloud access with published $13.50/door/month for multi-office SaaS deployments.

Public pricingG2 4.5 · Capterra 4.4 · 40+ reviews

Summary

Brivo ships a cloud-managed access control platform with a published per-door SaaS price ($13.50/door/month per Acre Security and Vendr triangulations as of 2026-05-15). The company has been a cloud-access pure-play since 1999 and went public via SPAC merger with Crown PropTech Acquisitions in November 2023 (NASDAQ: BRIV). Brivo holds SOC 2 Type II, ISO/IEC 27001:2022, and GDPR attestations, which matters for the SaaS sub-processor due-diligence pack. The open API and Eagle Eye Networks video-pairing fit a SaaS HQ-plus-regional-office deployment that wants a clean per-door TCO anchor for the board. Brivo is the cleanest pricing-transparency story in this ranking after Genetec.

Strengths

Published $13.50/door/month per Acre Security and Vendr triangulations; the cleanest per-door TCO anchor in this ranking for multi-office SaaS deployments
SOC 2 Type II + ISO/IEC 27001:2022 + GDPR attestations support the SaaS sub-processor due-diligence pack
Cloud-access pure-play since 1999; the longest-running cloud-access vendor in this ranking
Open API + Eagle Eye Networks video pairing for SaaS companies that want to keep Eagle Eye, Axis, or Hanwha cameras at the regional office and not bundle to a Verkada hardware stack
Mobile credentials, badge support, and Bluetooth Low Energy reader option fit hybrid-RTO badge patterns
NASDAQ-listed (BRIV) since November 2023; financial transparency is stronger than most private peers

Weaknesses

Access-only; pair with Verkada, Eagle Eye, Avigilon Alta, or Genetec for VMS and with Brivo's limited alarm partners for monitoring
G2 sits at 4.5/5 across 27+ reviews, a lower review volume than Verkada or Genetec; reference calls are available but the data set is narrower
Software update frequency complaints in Vendr and Acre Security teardowns; some SaaS customers report quarterly UI changes that disrupt office-manager training
Renewal-escalator pressure reported in the 8-10% range per Vendr; the post-SPAC public-company quarterly-earnings cadence pressures pricing discipline
Hardware controller refresh cycle is on a 7-10 year cadence; SaaS facilities teams must budget for controller replacement separate from the per-door SaaS line

Best for

Series-B through post-IPO SaaS companies with an HQ plus 5-30 regional offices that want a published per-door TCO anchor for the board and an open API that does not force a specific camera vendor at the regional office.

Worst for

SaaS companies that need a unified VMS + access + alarm + intercom console in one product (Verkada or Genetec are the fit there).

Key features

Cloud-managed access control with mobile credentials
Open REST API for custom integrations
Eagle Eye Networks video pairing for office lobby and regional reception
Multi-tenant management for HQ + regional rollup
Bluetooth Low Energy reader option
Audit logs for SOC 2 CC6.4 and ISO 27001 A.7.2 evidence
Visitor management add-on
Lockdown workflow for office emergency

Integrations

70+ native. Notable: Eagle Eye Networks, Microsoft Entra ID, Okta, Google Workspace, Axis Communications, Slack, Splunk.

Target size

50 to 50,000 employees · US · Canada · UK · EU · Mexico · LATAM

AlertEnterprise Guardian

AlertEnterprise Inc. · Founded 2007 · Fremont, CA, USA

PIAM convergence across Workday + AD + PACS for SaaS insider-threat programmes at scale.

Opaque pricingG2 4.5 · Capterra 4.4 · 180+ reviews

Summary

AlertEnterprise ships Guardian, the deepest Physical Identity and Access Management (PIAM) platform in this ranking. The company was founded in 2007 in Fremont, California by Jasvir Gill and remains founder-led and independent. Guardian was named G2 Spring 2026 Grid Leader for Physical Security in the March 22 2026 announcement. The platform ties HR systems (Workday, BambooHR, Rippling, SAP SuccessFactors, Oracle HCM), Microsoft Entra ID, Okta, and Physical Access Control Systems (Lenel S2 OnGuard, Genetec Synergis, Software House CCURE, Honeywell Pro-Watch, AMAG Symmetry) together with a Personal Risk Assessment workflow and automated badge expiration tied to employment status. AlertEnterprise is the right shape for series-D and post-IPO SaaS companies running an insider-threat programme where badge issuance must align with Workday termination status, AD deprovisioning, and the departing-engineer use case.

Strengths

G2 Spring 2026 Grid Leader for Physical Security (announced March 22 2026)
Deepest PIAM integration with Lenel S2 OnGuard, Genetec Synergis, Software House CCURE, Honeywell Pro-Watch, and AMAG Symmetry in this ranking; covers every major SaaS-HQ PACS install base
Personal Risk Assessment workflow ties badge issuance to Workday or BambooHR status, contractor termination, OFAC sanctions screening, and background-check renewal
GenAI identity reconciliation across HR, AD, and PACS finds orphaned badges and ghost accounts at multi-thousand-employee SaaS companies running annual SOC 2 user-access reviews
Fortune 500 SaaS + utility + healthcare + aerospace customer base; reference calls available for software-vendor insider-threat programmes
Founder-led independent ownership since 2007; no PE renewal-pressure dynamic

Weaknesses

PIAM-only; pair with Verkada, Genetec, Brivo, Avigilon Alta, or Milestone for VMS
Over-built for SaaS companies under 500 employees who do not run a formal insider-threat programme; the PIAM value collapses below that threshold
Implementation typically 16-32 weeks with a named systems integrator; consulting-heavy go-live is the longest in this ranking
Opaque pricing; typical enterprise deals reported in the $150-500K/yr range per public third-party teardowns
Smaller G2 review volume than Verkada or Genetec; total review volume sits below 200

Best for

Series-D and post-IPO SaaS companies above 500 employees running a formal insider-threat programme where badge issuance must align with Workday termination status, Microsoft Entra ID deprovisioning, and the departing-engineer use case.

Worst for

Sub-200-employee SaaS startups with one office and no formal insider-threat programme; Brivo or Verkada is the cleaner fit.

Key features

Physical Identity and Access Management (PIAM)
HR system provisioning (Workday, BambooHR, Rippling, SAP SuccessFactors, Oracle HCM)
Microsoft Entra ID + Okta provisioning
PACS integration (Lenel S2 OnGuard, Genetec Synergis, Software House CCURE, Honeywell Pro-Watch, AMAG Symmetry)
Personal Risk Assessment workflow
OFAC sanctions screening on badge issuance
Automated badge expiration tied to Workday termination
GenAI identity reconciliation for orphaned-badge cleanup at SOC 2 user-access review time

Integrations

50+ native. Notable: Lenel S2 OnGuard, Genetec Synergis, Software House CCURE, Honeywell Pro-Watch, AMAG Symmetry, Workday, Microsoft Entra ID, Okta.

Target size

500 to 1,00,000 employees · US · Canada · UK · EU · AU · APAC

Kastle Systems

Kastle Systems International LLC · Founded 1972 · Falls Church, VA, USA

Hybrid-RTO occupancy + managed access for SaaS tenants in multi-tenant office buildings.

Opaque pricingG2 4.2 · Capterra 4.3 · 40+ reviews

Summary

Kastle Systems operates managed access control and video monitoring across 47,000+ commercial-real-estate locations in 32 metro areas in the US, the UK, and Australia. The company has run the Kastle Back to Work Barometer since 2020, which is the most widely-cited hybrid-RTO occupancy index for office buildings in major US markets. Kastle is the default building-access provider in WeWork, Hines, Tishman Speyer, JLL, and CBRE-managed multi-tenant office buildings, which means many SaaS tenants encounter Kastle whether they chose it or not. The platform includes KastlePresence for occupancy tracking, Kastle Workplace for tenant-managed access, KastleVideo, and a Security Operations Center that monitors the SaaS tenant's badge events 24/7. Kastle is the right pick for SaaS tenants in Kastle-managed properties and for SaaS companies that want a managed-services rather than DIY model.

Strengths

47,000+ commercial-real-estate locations across 32 metro areas; the largest managed-access install base in the US for multi-tenant office buildings
Kastle Back to Work Barometer since 2020 is the most widely-cited hybrid-RTO occupancy benchmark for SaaS facilities teams budgeting office space
Managed-services model with 24/7 Security Operations Center monitoring the SaaS tenant's badge events; right shape for SaaS facilities teams without an in-house SOC
Default building-access provider in WeWork, Hines, Tishman Speyer, JLL, and CBRE properties; SaaS tenants in those buildings inherit Kastle whether they chose it or not
KastlePresence tenant-occupancy analytics tie badge-in patterns to floor utilisation, which feeds SaaS RTO mandate planning and real-estate footprint decisions
SOC 2 Type II attestation supports the SaaS sub-processor due-diligence pack

Weaknesses

Managed-services model means the SaaS tenant does not own the system; reader and controller hardware is Kastle-installed and Kastle-owned, which creates a 5-7 year lock-in
Tenant data ownership is constrained by the building owner's master agreement with Kastle; SaaS tenants in Kastle-managed buildings cannot freely export badge-event history
Outside Kastle-managed buildings the value collapses; SaaS companies in non-Kastle properties pay a premium for the same access functionality available cheaper from Brivo or Verkada
G2 review volume is sub-50; the reference base is SaaS commercial-real-estate landlords more than SaaS-tenant security teams
Not a physical security risk assessment platform; pair with RiskWatch or Resolver for SOC 2 CC6.4 and ISO 27001 A.7 evidence

Best for

SaaS tenants in Kastle-managed WeWork, Hines, Tishman Speyer, JLL, or CBRE office buildings; SaaS facilities teams that want a managed-services model with a 24/7 Security Operations Center handling badge monitoring.

Worst for

SaaS companies in non-Kastle office buildings or owning their own buildings; Brivo or Verkada is cheaper and gives the tenant data ownership.

Key features

Managed access control across multi-tenant office buildings
KastlePresence tenant-occupancy analytics
Kastle Back to Work Barometer hybrid-RTO benchmark
KastleVideo monitoring with 24/7 Security Operations Center
Managed-services model with installed-and-owned hardware
SOC 2 Type II attested for sub-processor due-diligence
Integration with WeWork, Hines, Tishman Speyer, JLL, CBRE building operators
Mobile credentials and badge support

Integrations

30+ native. Notable: WeWork, Hines, Tishman Speyer, JLL, CBRE, Microsoft Entra ID, Okta.

Target size

25 to 25,000 employees · US · UK · AU

Radar score

Pricing

Kastle Workplace (est. small office)Contact sales
Up to 100 employees
- · Managed access for one office
- · KastlePresence occupancy
- · 24/7 Security Operations Center monitoring
- · Standard support
Kastle Workplace (est. multi-office)Contact sales
Up to 1,000 employees
- · Managed access across multiple offices
- · KastleVideo monitoring
- · Tenant-occupancy analytics
- · Phone support
Kastle Enterprise (est. HQ + regional)Contact sales
- · Full managed access + video
- · Dedicated SOC analyst
- · Quarterly business review
- · 24/7 support

Watch for

· Kastle-owned hardware (readers, controllers) is bundled in the managed-services fee and not separately quoted
· Custom integration to tenant's HR or AD priced per request
· Exit fees and badge-event-history export priced separately at contract termination

Avigilon Alta

Motorola Solutions (NYSE: MSI) · Founded 2004 · Vancouver, BC, Canada (Motorola Solutions HQ Chicago)

Motorola Solutions cloud-native VMS + access combining Openpath + Ava on serverless architecture.

Opaque pricingG2 4.3 · Capterra 4.4 · 120+ reviews

Summary

Avigilon Alta is Motorola Solutions' cloud-native unified physical security suite combining the former Openpath access control (acquired July 2021) and Ava Security video (acquired August 2021), consolidated under the Avigilon brand in 2023. The platform runs on a serverless architecture, supports both Alta Cloud and Unity On-Premise deployment modes for SaaS companies with hard on-prem cage requirements, and ships AI analytics through Ava Aware. Avigilon is the right shape for SaaS companies that prefer Motorola Solutions financial stability over private peers, and for distributed regional-office deployments that need cloud-native multi-site management without an on-prem server stack per office.

Strengths

Motorola Solutions parent (NYSE: MSI; ~$60B mcap) provides the strongest financial stability of any vendor in this ranking
Cloud-native serverless architecture for Alta Cloud + Unity On-Premise option for SaaS companies with hard on-prem co-lo cage requirements
Combined former Openpath access control (acquired July 2021) + Ava Security video (acquired August 2021) on one console under one brand
ISC West 2026 GenAI analytics + Avigilon Intercom Touch roadmap signals continued product investment
Avigilon-branded camera install base across mid-market SaaS companies; preserves Avigilon capex on existing regional-office fleets
Mobile credentials and Bluetooth reader option from the Openpath heritage; fit hybrid-RTO badge patterns

Weaknesses

Brand consolidation (Avigilon + Openpath + Ava + H4A into Avigilon Alta in 2023) created naming and SKU confusion still cited in 2026 reviews
G2 sits at 4.3/5 across a smaller dataset than Verkada (1,800+) or Genetec (340+); review volume in SaaS specifically is below 100
Per-camera plus per-door SaaS pricing scales fast across multi-office deployments; opaque enterprise tier
Motorola Solutions corporate priorities sit in public-safety radio and bodycam first; commercial SaaS physical security is a secondary segment compared to APX and CommandCentral
Not a physical security risk assessment platform; pair with RiskWatch or Resolver for SOC 2 CC6.4 and ISO 27001 A.7 evidence

Best for

SaaS companies already invested in Avigilon-branded cameras at the regional office; SaaS facilities teams that prefer a public-company parent over privately-held vendors for procurement-side stability.

Worst for

SaaS startups under 200 employees with no existing Avigilon hardware investment; Verkada or Brivo is the cleaner fit.

Key features

Alta Cloud video management with serverless architecture
Openpath cloud access control with mobile and Bluetooth credentials
Ava Security AI analytics for anomaly detection
Unity On-Premise VMS option for hard on-prem co-lo cage requirements
Motorola APX dispatch-radio integration
Avigilon H4A + H5A camera compatibility for legacy regional-office fleets
Avigilon Appearance Search for post-incident review
Avigilon Intercom Touch for office entry door (ISC West 2026 roadmap)

Integrations

90+ native. Notable: Motorola APX dispatch radio, Microsoft Entra ID, Okta, Google Workspace, Slack, Splunk, Genetec (limited bridge).

Target size

200 to 1,00,000 employees · US · Canada · UK · EU · AU · LATAM

Resolver

Resolver, a Kroll Business · Founded 2000 · Toronto, Ontario, Canada

Departing-engineer insider-threat case management with Kroll intelligence feeds.

Opaque pricingG2 4.3 · Capterra 4.3 · 250+ reviews

Summary

Resolver was founded in 2000 in Toronto and was acquired by Kroll in March 2022. The platform sits at the intersection of operational risk, physical security, incident management, and investigations, which makes it the natural pick for the SaaS insider-threat investigations bench. Resolver carries the deepest case-management and investigations workflow in this ranking with chain-of-custody features that survive a departing-engineer source-code-exfiltration matter referred to outside counsel or the FBI. Resolver was a 2025 G2 Best Software Awards honoree in the GRC category. Kroll ownership unlocks intelligence-led risk feeds for executive-protection threat assessment and for third-party-contractor diligence.

Strengths

Deepest case-management and investigations workflow in this ranking; chain-of-custody features survive a departing-engineer source-code-exfiltration matter referred to outside counsel or the FBI
Kroll ownership (March 2022) unlocks intelligence-led risk feeds for executive-protection threat assessment and third-party-contractor diligence
G2 Best Software Awards 2025 GRC honoree; 87% user satisfaction across 246 third-party reviews
Departing-engineer, contractor-laptop-carry-out, and credentialed-cage-entry workflow with badge-pattern triggers for SaaS insider-threat programmes
Mature compliance and audit modules map well to ISO 31000 ERM for SaaS post-IPO governance
Strong threat-assessment and brand-protection use cases for SaaS executive-protection committees

Weaknesses

Pricing is opaque; SelectHub reviewers report enterprise-tier deals; no published mid-market entry tier for sub-1,000-employee SaaS startups
Setup and configuration is heavy; G2 reviews flag implementation effort as the most-cited downside
UX has not had a generational rewrite; competitors with newer interfaces (Verkada console) feel more modern out of the box
Pulled toward security-operations and investigations use cases; less natural fit for the camera-and-badge-reader brief that most SaaS facilities teams actually want
Not a VMS or access control platform; pair with Verkada, Genetec, Brivo, Avigilon Alta, or Milestone for cameras and doors

Best for

Series-D and post-IPO SaaS companies with a dedicated insider-threat or trust-and-safety team handling departing-engineer matters and contractor-laptop carry-outs; SaaS companies with executive-protection committees.

Worst for

Sub-500-employee SaaS startups with no dedicated insider-threat team; over-built and over-priced for that brief.

Key features

Incident reporting and case management for departing-engineer + contractor-laptop matters
Investigations workflow with chain-of-custody
Badge-pattern triggers for SaaS insider-threat programmes
Operational risk register and KRIs for post-IPO SaaS governance
Internal audit planning and fieldwork
Brand-protection and threat-assessment feeds (Kroll-powered)
Executive-protection threat assessment
Configurable dashboards and reporting

Integrations

40+ native. Notable: Microsoft Entra ID, Okta, ServiceNow, Splunk, Jira, Salesforce, Kroll intelligence feeds.

Target size

1,000 to 1,00,000 employees · US · Canada · UK · EU · AU

AMAG Symmetry

AMAG Technology (an Allied Universal company) · Founded 1989 · Torrance, CA, USA

Enterprise PACS with SR Series controllers + Symmetry CONNECT for SaaS flagship data centres.

Opaque pricingG2 4.1 · Capterra 4.2 · 90+ reviews

Summary

AMAG Technology was founded in 1989 and was acquired by Allied Universal as part of the 2021 G4S acquisition. The Symmetry product line combines SR Series controllers, a flagship Symmetry Access Control platform supporting both on-prem and cloud deployment, and Symmetry CONNECT for visitor and contractor identity management. AMAG holds FICAM-approved status under HSPD-12 for federal customers, which carries over to SaaS companies running FedRAMP Moderate or High workloads at a co-located cage. The platform has a 1,000+ tenant install base across enterprise SaaS, financial services, healthcare, and government customers. AMAG is the right shape for SaaS companies that need on-prem PACS at the co-lo cage and that value Allied Universal's guard-services adjacency for the HQ campus.

Strengths

FICAM-approved status under HSPD-12 supports SaaS companies running FedRAMP Moderate or High workloads at the co-located cage
Symmetry SR Series controllers + Symmetry Access Control + Symmetry CONNECT visitor management in one product family
On-prem PACS deployment supported for SaaS companies with hard on-prem cage requirements citing FedRAMP or DoD impact levels
Allied Universal parent (acquired G4S 2021) provides global guard-services adjacency for SaaS HQ campus protection
1,000+ tenant install base across enterprise SaaS, financial services, healthcare, and government; mature partner-integrator ecosystem
Symmetry GUEST visitor management ties to Workday or BambooHR contractor records and supports the SOC 2 visitor-log evidence path

Weaknesses

Allied Universal acquisition (2021 G4S) introduced two rounds of leadership and product-roadmap reshuffles still cited in 2026 reviews
On-prem-first architecture; cloud experience trails Verkada and Avigilon Alta
G2 sits at 4.1/5 across a smaller dataset; review volume in SaaS specifically is below 100
Implementation typically 12-24 weeks with an AMAG-certified channel partner; consulting-heavy go-live
Pricing is opaque; typical enterprise deals reported in the $60-250K/yr range per public third-party teardowns

Best for

SaaS companies running a flagship on-prem data centre or FedRAMP Moderate / High co-lo cage where FICAM-approved PACS is mandatory; SaaS companies that value Allied Universal guard-services adjacency at the HQ campus.

Worst for

Cloud-only SaaS startups with no on-prem cage requirement; Verkada or Brivo is the cleaner fit.

Key features

Symmetry SR Series controllers for enterprise-tier PACS
Symmetry Access Control with cloud + on-prem deployment options
Symmetry CONNECT visitor and contractor identity management
Symmetry GUEST tied to Workday + BambooHR contractor records
FICAM-approved status under HSPD-12
On-prem PACS deployment for FedRAMP Moderate + High cage requirements
Allied Universal guard-services adjacency at the HQ campus
Mercury-hardware compatibility

Integrations

60+ native. Notable: Mercury Security, Microsoft Entra ID, Okta, Workday, Milestone XProtect, Genetec Federation, AlertEnterprise Guardian.

Target size

500 to 1,00,000 employees · US · Canada · UK · EU · AU · APAC

#10

Milestone XProtect

Milestone Systems (Canon Inc. subsidiary) · Founded 1998 · Brondby, Denmark (Canon Inc. parent, Tokyo)

Open-platform VMS supporting 8,000+ devices for SaaS HQ, regional offices, and cage.

Partial pricingG2 4.3 · Capterra 4.4 · 260+ reviews

Summary

Milestone Systems ships XProtect, the widest-support open-platform VMS in this ranking with 8,000+ supported devices across Axis Communications, Bosch, Hanwha, Pelco, Sony, Avigilon, and more. The company was founded in 1998 in Denmark and is a subsidiary of Canon Inc. since 2014. XProtect 2026 R1 added long-term cloud video storage, customizable scheduled reporting, WebSocket PTZ API, and a redesigned LogServer for SOC 2 and ISO 27001 evidence. The free Essential+ tier is the only no-cost VMS option in this ranking, which matters for the smallest SaaS regional offices. Milestone is the right shape for SaaS companies that grew through acquisition and inherited heterogeneous camera fleets at the regional office.

Strengths

Widest open-platform VMS device compatibility (8,000+ devices) preserves SaaS camera capex across Axis, Bosch, Hanwha, Pelco, Sony, and Avigilon at the regional office
Free Essential+ tier for the smallest SaaS regional offices; the only no-cost VMS option in this ranking
Canon Inc. subsidiary since 2014; financial stability and product investment are stronger than smaller VMS pure-plays
XProtect 2026 R1 added long-term cloud video storage, scheduled reporting, WebSocket PTZ API, and redesigned LogServer for SOC 2 + ISO 27001 evidence
Open developer ecosystem with 600+ Milestone Marketplace integrations including access control, intrusion, and analytics
G2 4.3/5 across 240+ reviews; mature partner-integrator ecosystem in mid-market SaaS facilities programmes

Weaknesses

VMS-only; pair with Brivo, Genetec Synergis, AMAG Symmetry, Avigilon Alta access, or a separate access control platform for badge readers
On-prem-first architecture; XProtect on Cloud is newer and trails Verkada and Avigilon Alta cloud-native experience
Per-channel licensing scales fast across multi-office deployments; mid-tier Express+ and Professional+ pricing is opaque
Implementation typically 8-16 weeks with a Milestone-certified channel partner; consulting-heavy go-live is the most-cited downside in third-party reviews
UX generations behind Verkada and Avigilon Alta; the learning curve for new SOC operators is the most-cited downside in G2 reviews

Best for

SaaS companies with heterogeneous camera fleets at the regional office (Axis, Bosch, Hanwha, Pelco) who want to preserve existing camera capex; SaaS startups using the free Essential+ tier for one office.

Worst for

SaaS companies that want a single console covering cameras + access + alarm + intercom + sensors (Verkada or Genetec are the fit there).

Key features

8,000+ supported device integrations
XProtect Corporate for multi-office enterprise SaaS
XProtect Smart Client + Smart Map + Smart Wall
XProtect Mobile Client for office-manager triage
Long-term cloud video storage (XProtect 2026 R1)
Customizable scheduled reporting (XProtect 2026 R1)
WebSocket PTZ API (XProtect 2026 R1)
600+ Milestone Marketplace integrations

Integrations

600+ native. Notable: Axis Communications, Bosch Security, Hanwha Vision, Pelco, Sony, Brivo, AMAG Symmetry, Genetec (limited bridge).

Target size

50 to 1,00,000 employees · Global

Step by step

Buying guide

Walk these steps in order. The shortlist falls out of step 1, the negotiation moves come together in step 6, and step 8 closes the deal.

Name the SaaS scope and the primary use case in one sentence

Before you shortlist, write down your SaaS footprint and the one use case you absolutely must solve. Examples for sub-200-employee SaaS startups: stand up SOC 2 CC6.4 evidence for one office in 60 days (Brivo or Verkada plus RiskWatch). For series-C and series-D companies: consolidate HQ plus 5-15 regional offices onto one cloud-managed console (Verkada or Brivo). For post-IPO SaaS at 5,000+ employees: run an insider-threat programme tying Workday to PACS plus a co-lo cage at Equinix (AlertEnterprise Guardian plus Genetec or AMAG). The shortlist falls out of the one-sentence answer.

Verify SOC 2 CC6.4 + ISO 27001 A.7 framework coverage before the demo

Ask each shortlisted vendor whether they ship pre-built libraries for SOC 2 Trust Services Criteria CC6.4, ISO/IEC 27001:2022 Annex A.7.1 through A.7.14, NIST 800-53 PE, and CSA CCM Domain DCS. Only RiskWatch ships all four pre-built as control libraries. The VMS, PACS, and PIAM vendors (Verkada, Genetec, Brivo, Avigilon Alta, Milestone, AMAG, Kastle, AlertEnterprise, Resolver) cover the device-and-evidence side but require pairing with a TVRA platform for the assessment evidence side. If the vendor cannot show you the framework coverage on a screen during the demo, walk.

Pull the G2 and Capterra patterns from the last 12 months for SaaS specifically

For each shortlisted vendor, read 20+ G2 and Capterra reviews from the last 12 months filtered to information-technology and software where possible. Look for patterns, not single outliers. Common patterns in this category: 'cloud-managed scales fast across regional offices' (Verkada, Brivo); 'unified VMS + access at HQ SOC is great, over-built at the regional office' (Genetec); 'open VMS preserves camera capex but the UI lags' (Milestone); 'PIAM is mandatory above 500 employees but over-built below' (AlertEnterprise); 'managed-services Kastle is the default in WeWork buildings, premium outside them' (Kastle). The patterns should align to your SaaS-stage.

Ask each vendor for the renewal-escalator cap in writing

Renewal-pricing pressure is the silent budget killer in this category. Verkada renewal-escalators reported at 5-10% per Vendr. Brivo renewal pressure 8-10% post-SPAC. Avigilon Alta and AMAG are under Motorola Solutions and Allied Universal quarterly-earnings discipline. Genetec is founder-led and less price-pressured but the Software Update Plan is mandatory. RiskWatch publishes typical contract bands. Ask for the renewal-escalator cap in the master subscription agreement and walk if the vendor refuses.

Insist on a working pilot at HQ + one regional + one cage, not a demo

Demos are choreographed. Working pilots are not. Ask each finalist for a 30-day pilot with your real data at three real sites: the HQ floor, one regional office, and one co-located data-centre cage. Test the badge issuance and revocation workflow tied to a real Workday termination, the visitor-log export for the SOC 2 reviewer, the cage-walk evidence collection on a phone with no cellular signal, and the off-premises-asset return workflow for a real departing remote employee. The platform that handles your data and your sites without three weeks of professional services is the one that will scale post-deal.

Pressure-test the data residency and exit clause for the SaaS sub-processor pack

Your badge data and video data are sub-processor data when the SaaS customer reviews your security pack. Ask each vendor: where does my data live, who can access it, and what happens to it if I leave? RiskWatch supports single-tenant deployment with US-only or EU-only data residency. Genetec Security Center, Milestone XProtect, Avigilon Unity, and AMAG Symmetry support on-prem deployment. Verkada, Brivo, and Kastle are cloud-only or managed-services with SOC 2 Type II and ISO/IEC 27001:2022 attestations. Get the exit clause in writing: data export format, retention period after termination, badge-event-history export format, and price.

Verify the departing-engineer and contractor-carry-out workflow

When an engineer with cage access announces departure or a contractor's laptop is removed from the office, the platform must produce a chain-of-custody evidence packet. Ask each vendor to demonstrate the workflow: Workday termination triggers PACS badge revocation in N minutes; visitor reception logs contractor laptop serial on exit; Resolver captures the case under investigations. AlertEnterprise Guardian carries the badge-governance side. Resolver carries the case-management side. RiskWatch ties the evidence to SOC 2 CC6.4 and ISO 27001 A.7 for the audit narrative.

Run the decision matrix on this page with your own weights

The default methodology weights on this page (20% Ease, 20% Features, 20% Value, 15% Support, 15% Scalability, 10% Integrations) reflect a generic SaaS physical security buyer. Your weights may differ. Sub-200-employee SaaS startups often want Value + Ease over Features. Series-D and post-IPO SaaS companies want Features + Scalability + Integrations. SaaS companies with a co-lo cage at Equinix want Features + Integrations. Use the decision-matrix slider on this page to re-rank with your weights before you book the demos.

Frequently asked

Buyer questions, answered

The eight questions our pre-sales team hears the most often when buyers compare this category.

What does SOC 2 CC6.4 require for physical security at a SaaS company?

SOC 2 Trust Services Criteria 2017 Common Criteria CC6.4 requires that physical access to facilities and protected information assets is restricted to authorised personnel. For a SaaS company that means documented access lists for HQ floors, regional offices, and co-located data-centre cages; a badge issuance and revocation workflow tied to employment status; visitor logs at the office reception; and chain-of-custody on equipment removal. Physical security software should pre-map CC6.4 as a control library and produce evidence the SOC 2 reviewer can attach to the Type II report. RiskWatch is the only platform in this ranking that ships that library pre-built; the VMS, PACS, and PIAM platforms (Verkada, Genetec, Brivo, Avigilon Alta, Milestone, AMAG, Kastle, AlertEnterprise) cover the device-and-evidence side but require pairing with a TVRA platform for the assessment evidence side.

How do ISO/IEC 27001:2022 Annex A.7.1 through A.7.4 map to a SaaS facilities programme?

Annex A.7.1 covers physical security perimeters, A.7.2 covers physical entry, A.7.3 covers securing offices and rooms, and A.7.4 covers physical security monitoring. A.7.5 through A.7.14 extend to threats, working in secure areas, equipment siting, off-premises assets, and secure disposal. For a SaaS company the scope includes the HQ floor, the regional office reception, the co-located data-centre cage, the hybrid-RTO seasonal floor, and the remote-employee laptop register. RiskWatch pre-maps every A.7 control. Verkada, Genetec, Brivo, AMAG, and Avigilon Alta produce the badge and surveillance evidence. AlertEnterprise produces the PIAM and visitor-log evidence aligned to A.7.2. Resolver handles the A.7.4 monitoring-and-incident evidence.

How does data-centre cage access at Equinix or Digital Realty fit a SaaS physical security programme?

Tier III and Tier IV data-centre operators including Equinix, Digital Realty, CoreSite, Iron Mountain, NTT GDC, and QTS require named-individual cage access lists, photo-ID matching at the front desk, biometric enrolment at the man-trap, and chain-of-custody on equipment removal. The SaaS tenant owns the cage badge governance even though the operator owns the building perimeter. RiskWatch ships co-located cage as a discrete asset with its own control set mapped to SOC 2 CC6.4 and ISO 27001 A.7.4. AlertEnterprise PIAM ties the cage access list to Workday termination status. Genetec, AMAG, and Avigilon Unity support on-prem PACS at the cage where the operator allows tenant-managed reader installs.

Which platform handles the SaaS insider-threat departing-engineer use case?

AlertEnterprise Guardian and Resolver are the two platforms in this ranking that natively handle the departing-engineer use case. Guardian ties Workday termination status to PACS badge revocation, AD deprovisioning, and a Personal Risk Assessment workflow that flags badge-pattern anomalies in the 14 days before announced departure. Resolver carries the investigations and case-management workflow with chain-of-custody that survives a matter referred to outside counsel or the FBI. Pair Guardian for the access governance and Resolver for the case management. RiskWatch maps the controls to SOC 2 CC6.4 and ISO 27001 A.7 for the audit evidence narrative.

How should a SaaS company manage remote-employee equipment under ISO 27001 A.7.9 off-premises assets?

ISO 27001 Annex A.7.9 covers the protection of off-premises assets, which for a SaaS company means the company-owned laptops, external monitors, YubiKeys, and dongles in the homes of 30-70% of the workforce. The control requires asset assignment records, return-on-departure workflow, and secure disposal under A.7.14. RiskWatch ships a remote-employee equipment register tied to the same asset model as HQ floors and the co-lo cage. Jamf and Kandji handle the device-management side but do not produce the audit evidence packet. AlertEnterprise Guardian ties laptop assignment to Workday status. For the SOC 2 CC6.5 asset-disposal criterion, document the chain-of-custody from employee return to certified data-destruction vendor (Iron Mountain, Sims Lifecycle).

Are any of these platforms FedRAMP authorised for SaaS companies serving federal customers?

AMAG Symmetry holds FICAM-approved status under HSPD-12, which supports SaaS companies running FedRAMP Moderate or High workloads at a co-located cage. Genetec Security Center supports federal deployment options. Avigilon Unity supports on-prem deployment for hard on-prem cage requirements. AlertEnterprise Guardian supports both cloud and on-prem PIAM deployment for FedRAMP customers. Most of the SaaS-first vendors (Verkada cloud-only, Brivo cloud-only, Kastle managed-services) are not currently FedRAMP authorised at the platform level. Confirm directly with each vendor before any federal procurement commitment.

How does hybrid-RTO occupancy data fit into a SaaS facilities decision?

Post-pandemic 2025-2026 RTO mandates at AWS, Google, Meta, Salesforce, and Dell created variable-occupancy office buildings where the same employee badge is active 2-5 days per week. Kastle Systems publishes the Kastle Back to Work Barometer since 2020 as the most widely-cited hybrid-RTO occupancy benchmark. SaaS facilities teams use occupancy data to plan real-estate footprint, energy use on seasonal floors, and the cleaning and security guard schedule. Verkada environmental sensors, Brivo badge-in patterns, and KastlePresence all produce occupancy data; RiskWatch ties the data to ISO 27001 A.7.3 securing-offices control evidence.

How often is this ranking re-verified?

We re-verify the ratings, pricing triangulations, and material vendor news on this page every quarter. The current pull is dated 2026-05-15. Pricing for opaque vendors is triangulated from two or more public third-party sources (Acre Security, Vendr, SmartSuite, GetApp). If a number on this page is stale when you read it, please file the correction at sales@riskwatch.com.

Definitions

Glossary

Definitions for the acronyms and jargon used on this page. Useful for sharing with non-specialist stakeholders on the buying committee.

SOC 2 CC6.4: Trust Services Criteria 2017 Common Criteria CC6.4 covering physical access controls. The SOC 2 reviewer expects documented access lists, badge issuance and revocation workflow tied to employment status, visitor logs at reception, and chain-of-custody on equipment removal for HQ floors, regional offices, and co-located data-centre cages.
ISO 27001 Annex A.7: Annex A.7 of ISO/IEC 27001:2022 covers physical and environmental security: A.7.1 perimeters, A.7.2 entry, A.7.3 securing offices/rooms, A.7.4 monitoring, A.7.5 threats, A.7.6 working in secure areas, A.7.7 clear desk, A.7.8 equipment siting, A.7.9 off-premises assets, A.7.10 storage media, A.7.11 supporting utilities, A.7.12 cabling, A.7.13 maintenance, A.7.14 secure disposal.
Co-located data-centre cage: The tenant-controlled area inside a Tier III or Tier IV data centre operated by Equinix, Digital Realty, CoreSite, Iron Mountain, NTT GDC, or QTS. The SaaS tenant owns the cage badge governance, the equipment inside the cage, and the chain-of-custody on equipment removal; the operator owns the building perimeter and the man-trap.
PIAM: Physical Identity and Access Management. The discipline of tying HR systems (Workday, BambooHR, Rippling), identity providers (Microsoft Entra ID, Okta), and Physical Access Control Systems together so badge issuance aligns with employment status, contractor termination, OFAC sanctions screening, and background-check renewal. AlertEnterprise Guardian is the deepest PIAM in this ranking.
Insider threat: The risk that an authorised employee, contractor, or vendor misuses physical or logical access. For a SaaS company the surface includes departing-engineer source-code exfiltration at the office desk, contractor-laptop carry-out at HQ reception, and credentialed-employee unauthorised data-centre cage entry. CISA Insider Threat Mitigation Guide and the Carnegie Mellon SEI CERT Insider Threat Center are the grounding references.
Hybrid-RTO occupancy: Post-pandemic 2025-2026 Return-to-Office patterns where employee badges are active 2-5 days per week and office occupancy varies by day, floor, and season. Kastle Systems publishes the Kastle Back to Work Barometer as the most widely-cited benchmark. Variable-occupancy patterns change the cleaning, energy, and security-guard schedule and the badge-in-pattern baseline for anomaly detection.
Off-premises asset (A.7.9): ISO 27001 Annex A.7.9 control covering protection of off-premises assets. For a SaaS company that means company-owned laptops, monitors, YubiKeys, and dongles in the homes of 30-70% of the workforce. The control requires asset assignment records, return-on-departure workflow, and secure disposal under A.7.14.

Final word

So which one should you pick?

If you read this page top to bottom and one platform stood out, that is your answer. The methodology is on this page so you can disagree with the rank and arrive at a different first pick honestly. The position reflects our weights and the public evidence on SOC 2 CC6.4 readiness, ISO 27001 Annex A.7 coverage, co-located cage access governance, insider-threat workflow depth, hybrid-RTO occupancy analytics, and pricing transparency.

The one thing every SaaS physical security owner should do, regardless of which vendor wins your bake-off, is to insist on a 30-day working pilot at three real sites (HQ, one regional office, one co-located cage), a renewal-escalator cap in writing, and a documented exit clause that covers badge-event-history export format and retention period. The SaaS facilities teams we see lose three-year deals always lose them on those three terms, not on feature coverage. If you run a post-IPO SaaS company with a formal insider threat programme, decide between AlertEnterprise Guardian and a custom AMAG Symmetry plus Genetec Synergis Federation deployment before you select the VMS vendor.

If you would like the RiskWatch demo or a 30-day no-card trial, sign up at riskwatch.com/start-free-trial. If you would like a no-strings second opinion on one of the other nine, email sales@riskwatch.com with the vendor name in the subject line and we will share what we know. If you want the TVRA-first cross-industry cut, see /top-10-physical-security-assessment-software/; for the financial-services sibling, see /top-10-physical-security-software-for-financial-services/; for the consulting-firm sibling, see /top-10-physical-security-software-for-consulting-firms/.