Built for modern compliance teams

Compliance, without the consultancy.

AuditWith is the platform for SOC 2, ISO 27001, and custom frameworks — controls, evidence, policies, and vendors in one live dashboard.

Get started freeSee what's inside

Readiness score

0%

On track · weighted across 6 signals

Recent activity

  • Evidence uploaded to CC6.12m
  • Policy v3 published1h
  • Vendor doc expires in 9 days3h
  • Finding F-128 remediated1d
Built forSOC 2ISO 27001HIPAACustom frameworks

Everything a real audit needs.

Six surfaces, one shared workspace. No more spreadsheet diff hunts.

Controls & frameworks

Seeded SOC 2, plus first-class custom frameworks for ISO 27001, HIPAA, or anything internal.

Evidence library

Attach files to controls, see coverage live, never lose track of who uploaded what.

Policies & acknowledgements

Rich-text policies with per-member ack tracking and version-aware re-acknowledgements.

Risk register

Score, treat, link to controls and vendors. Inherent + residual, color-banded.

Vendor management

Inventory, criticality, typed documents with expiry, security questionnaires.

Audit findings & gap scanner

Daily scan for missing evidence, expired docs, overdue tasks, and stale policies.

What it looks like day to day.

Real surfaces from the app — not stock illustrations.

CC6.1

Logical access controls

In scope
Evidence coverage3 files
access-review-q2.pdf
okta-mfa-policy.pdf
offboarding-log.csv
Evidence

Evidence that lives on the control.

Drop a file on a control and coverage updates instantly. No more chasing screenshots the week before the audit.

  • Live coverage per control
  • Who uploaded what, when
  • Many-to-many control links

Risk register

sorted by inherent

Unencrypted backups208
Shared admin creds156
No vendor SLA94
Risk

Risk you can actually rank.

Inherent and residual scores on a 1–5 matrix, color-banded and sorted so the scary ones float to the top.

  • Inherent → residual tracking
  • Color-banded severity
  • Linked to controls & vendors

Gap scan

Scan for gaps

0 findings opened automatically

Missing evidence · CC7.2High
Vendor doc expired · AcmeMed
Stale policy · AccessLow
Findings

Gaps found before the auditor finds them.

A daily scan opens findings for missing evidence, expired vendor docs, overdue tasks, and stale policies — and closes them when you fix them.

  • Automatic, deduped findings
  • Auto-resolves when cleared
  • Runs daily via cron

A live readiness score, not a static checklist.

Every change to a control, policy, vendor, or finding updates your score in real time. No nightly batch jobs, no stale dashboards.

  • Weighted across six signals (controls, policies, vendors, docs, findings, acks)
  • Action items deep-link straight into the source row
  • Real-time activity feed via Convex subscriptions

Readiness score

0%
Controls covered92%
Policies fresh88%
Vendors reviewed71%
Vendor docs current84%
Findings clean96%
Acks current79%

Audit-ready in three steps.

01

Enable a framework

Pick SOC 2 (seeded) or define your own. Controls, categories, and codes ship ready-to-use.

02

Mark control scope

In scope, out of scope, pending. Statement of Applicability decisions persist across re-enables.

03

Attach evidence & track findings

Upload files, link policies, log risks. The gap scanner files findings for you nightly.

Audit-ready, without the spreadsheet sprawl.

Start with SOC 2 in minutes. Self-host today, scale to your full compliance program tomorrow.