Frameworks like SOC 2, ISO 27001, HIPAA etc. don’t just require controls — they require proof.
That’s where audits come in. An independent auditor reviews your evidence,
evaluates your compliance, and issues a formal report/certification that you can share with customers, prospects, and partners.
With ComplyJet, the entire audit lifecycle — from setup to final report — is handled in a single, streamlined workflow.
1. Prepare for the Audit
Before you can create an audit, make sure you're actually ready to start one. Here’s what that involves:
Check Your Readiness
Go to the Dashboard or Tasks page — we’ll show you a clear status of whether your company is audit-ready. If anything is missing, complete those tasks first.
Choose Your Auditor
Not sure which audit firm to work with? Reach out to our support team. We’ll help you select from a pool of trusted, pre-vetted auditors based on your budget, region, and certification needs.
Complete Pre-Audit Paperwork
Most auditors require some documentation before kicking off the audit — things like an Engagement Letter, Statement of Work (SOW), and timelines.
We’ll guide you through this part — just drop us a message and we’ll help you get everything in place.
2. Add Your Auditor in ComplyJet
Once you've finalized your auditor and completed the paperwork:
Go to Setup -> Settings → Auditors → Add Auditor
You’ll need the auditor’s UUID to complete this step. You can directly ask your chosen auditor (or) reach out to support, and we’ll share the correct UUID based on your chosen audit firm.
3. Create the Audit
Now, go to the Compliance -> Audits tab and click “Create Audit.”
You'll be asked to fill in:
Audit Type (e.g., SOC 2 Type I, ISO 27001)
Evidence Date Range - Choose the date or monitoring period for which evidence should be reviewed.
For SOC 2 Type I, select today’s date or any past date when you were fully ready.
For SOC 2 Type II, select the entire monitoring period. This should be at least 3 months. You may also select a future end date if you are engaging with the auditor while the monitoring period is still ongoing.
For ISO 27001, select a monitoring period of at least 1 month. Make sure you are fully ready, or close to 100% ready, from the selected start date. You may also select a future end date if you are engaging with the auditor immediately after getting ready.
For HIPAA/GDPR, if you are going for a point-in-time audit, select today’s date or any past date when you were fully ready. If you are going for a period-of-time audit, select a period of at least 1 month.
Similarly for any other framework
Assigned Auditor (selected from your added auditors)
4. Manage Audit
Need to adjust what’s shared with the auditor? Or re-assign to a different auditor ?
Click “Manage Audit” on the relevant audit to change these.
This lets you:
Assign an auditor ( if not assigned during creation stage ) or re-assign it to a different auditor
Expand or narrow the evidence window
5. Collaborate with the Auditor
Once the audit starts, your auditor will begin reviewing evidence:
Inside the Audit → Evidence tab, you can track:
What’s been approved
What’s been flagged
Comments or requests for more info
It’s all in real time — no waiting for weekly updates or PDF exports.
6. Respond to Requests Promptly
If the auditor needs clarification or more evidence, they can:
Leave in-app comments
Or reach out via email or Slack
You’ll be notified through your preferred channel and can respond quickly.
7. Audit Completion & Report Delivery
Once the auditor has completed their review:
They’ll mark the audit as complete
You’ll receive the official Audit Report
This becomes your proof of compliance — ready to share with prospects, customers, and partners.
Still have questions? Reach out via chat — we’re here to help.