Why we pay consultants 30% recurring when the rest of the market doesn't
A founder note on alignment, distribution, and how the compliance-AI market pays the people doing the recommending
Claude and ChatGPT are used in compliance work every day. Vanta, Drata, and Sprinto have raised hundreds of millions in the same market. As of June 2026, we could not find an open, self-serve affiliate program that pays an individual consultant a published commission rate for recommending any of these products. ISMS Copilot has one: 30% recurring, for the lifetime of every subscription you refer. Here is why I built it that way.
How the compliance-AI market pays recommenders today
If you are a compliance consultant who recommends Claude or ChatGPT to a client, we could not find an affiliate link or self-serve referral program that pays you a cash commission for that recommendation. There may be promotional or free-trial referral perks for eligible users, but no published self-serve mechanism that pays you a share of the revenue.
The compliance SaaS platforms are a step up, but only a step. Vanta, Drata, and Sprinto all run partner programs. Each is application-gated, oriented toward consultancies, MSPs, and auditors rather than individual recommenders, and none publishes a commission rate. You cannot compare the offer without applying first, and a solo consultant or content creator may not qualify at all.
I am not claiming any of these companies did something wrong. These are reasonable choices for their stage and model. But they leave the individual recommender, the person actually putting their reputation on the line with a client, without a clear, paid path. I wanted to do that part differently.
What we do instead
ISMS Copilot's partner program pays 30% recurring commission, for the lifetime of every subscription you refer. All paid plans count. No caps, no exclusivity, no minimums, no approval delays, no application gates. If a customer you referred upgrades from Plus to Pro three years from now, your commission auto-scales to 30% of the new amount.
Here is the picture across the comparable players, based on each company's public documentation reviewed on 2026-06-03.
| Company | Self-serve affiliate program for individuals | Published rate | Structure |
|---|---|---|---|
| Anthropic (Claude) | None found | None published | "Powered by Claude" is a build/technology partner program for companies |
| OpenAI (ChatGPT) | None found | None published | No self-serve affiliate path for individuals found; promotional/free-trial referrals may exist for eligible users |
| Vanta | None found | None published | Partner program is application-gated (service providers, auditors, channel) |
| Drata | None found | None published | Drata Alliance Program: application-based, channel and services oriented |
| Sprinto | None found | None published | No self-serve affiliate signup with a published rate found at the time of review |
| ISMS Copilot | Yes, open | 30% recurring lifetime | Self-serve via PromoteKit, no gates, no minimums |
"None found" means we could not find the program or figure published by the company as of 2026-06-03, not that one definitively does not exist. Gated programs negotiate per partner and typically do not publish a fixed rate. Confirm current terms with each provider directly.
Why I made the choice this way
Compliance work is consulting work. ISO 27001, SOC 2, NIS 2, DORA, GDPR, the EU AI Act: none of these get implemented by software alone. They get implemented by people who know the standard, judge the controls, write the policies, and defend the audit. The tool is leverage. The person is the engine.
When that person recommends a tool to a client, they are putting their reputation on the line. I think that recommendation should pay, and pay clearly, without an application gate deciding whether the recommender is large enough to fit the program. So I set the rate where it values the recommendation: 30% recurring lifetime, which is one of the highest open rates in compliance SaaS that I am aware of.
That choice has a real cost. Every referred customer pays out 30% of their subscription to a partner, every month, for as long as the subscription runs. That is revenue I am choosing not to keep. The reason is alignment: if a consultant grows because their clients adopt good tools, and the tool grows because consultants advocate for it, both sides should be on the same growth curve.
Who this is for
This is not a program for inactive affiliate marketers. It is for:
- ISO 27001, SOC 2, and NIS 2 consultants who already recommend tools to clients
- Fractional CISOs and compliance managers building their own practice
- InfoSec newsletter writers, YouTubers, and LinkedIn creators
- Compliance course instructors and training providers
- Directory, review, and comparison sites covering compliance tooling
If you fit that shape and you already use, or could use, ISMS Copilot in your client work, the program is automatic value: you are already doing the recommending, so you may as well be paid for it.
How to join
Apply in under a minute at ismscopilot.promotekit.com/dashboard. No approval delay, no minimum, no fee, no exclusivity clause.
If you bring a meaningful audience of ISO/SOC/compliance practitioners (roughly 10K+ relevant subscribers, or 50K+ LinkedIn followers in the space), reach me at contact@ismscopilot.com once you have signed up. Top-tier creators get a free Pro account ($100/mo value) on top of the 30%, plus co-content opportunities if there is a fit.
Tristan Roth, founder, ISMS Copilot
Related Posts
The ISMS Copilot partner programme — earn 30% recurring
A compliance-focused affiliate programme for consultants, fractional CISOs, and creators who recommend ISMS Copilot
How ISMS Drives Success in ISO 27001 Certification