Built for modern compliance teams

Compliance, without the consultancy.

AuditWith is the platform for SOC 2, ISO 27001, and custom frameworks: controls, evidence, policies, and vendors in one live dashboard.

Book a DemoSee what's inside
0%
Ready

Readiness score

On track, weighted across 6 live signals

Recent activity

  • Evidence uploaded to CC6.1now
  • Policy v3 published4m
  • Vendor doc expires in 9 days1h
  • Finding F-128 remediated3h
Built forSOC 2ISO 27001HIPAACustom frameworks

Everything a real audit needs.

Six surfaces, one shared workspace. No more spreadsheet diff hunts.

Controls & frameworks

Seeded SOC 2, plus first-class custom frameworks for ISO 27001, HIPAA, or anything internal.

Evidence library

Attach files to controls, see coverage live, never lose track of who uploaded what.

Policies & acknowledgements

Rich-text policies with per-member ack tracking and version-aware re-acknowledgements.

Risk register

Score, treat, link to controls and vendors. Inherent + residual, color-banded.

Vendor management

Inventory, criticality, typed documents with expiry, security questionnaires.

Audit findings & gap scanner

Daily scan for missing evidence, expired docs, overdue tasks, and stale policies.

What it looks like day to day.

Real surfaces from the app, not stock illustrations.

CC6.1

Logical access controls

Gap
Evidence coverage2 files
access-review-q2.pdf
okta-mfa-policy.pdf
Evidence

Evidence that lives on the control.

Drop a file on a control and coverage updates instantly. No more chasing screenshots the week before the audit.

  • Live coverage per control
  • Who uploaded what, when
  • Many-to-many control links

Risk register

sorted by inherent
No vendor SLA94
Unencrypted backups208
Shared admin creds156
Risk

Risk you can actually rank.

Inherent and residual scores on a 1–5 matrix, color-banded and sorted so the scary ones float to the top.

  • Inherent → residual tracking
  • Color-banded severity
  • Linked to controls & vendors

Gap scan

Scan for gaps

Scanning controls…

Findings

Gaps found before the auditor finds them.

A daily scan opens findings for missing evidence, expired vendor docs, overdue tasks, and stale policies, and closes them when you fix them.

  • Automatic, deduped findings
  • Auto-resolves when cleared
  • Runs daily via cron

A live readiness score, not a static checklist.

Every change to a control, policy, vendor, or finding updates your score in real time. No nightly batch jobs, no stale dashboards.

  • Weighted across six signals (controls, policies, vendors, docs, findings, acks)
  • Action items deep-link straight into the source row
  • Real-time activity feed via Convex subscriptions

Readiness score

Live
85%
Controls covered92%
Policies fresh88%
Vendors reviewed71%
Vendor docs current84%
Findings clean96%
Acks current79%

Audit-ready in three steps.

01

Enable a framework

Pick SOC 2 (seeded) or define your own. Controls, categories, and codes ship ready-to-use.

02

Mark control scope

In scope, out of scope, pending. Statement of Applicability decisions persist across re-enables.

03

Attach evidence & track findings

Upload files, link policies, log risks. The gap scanner files findings for you nightly.

Audit-ready, without the spreadsheet sprawl.

Start with SOC 2 in minutes. Self-host today, scale to your full compliance program tomorrow.