This is a sample preview. The real auditor portal is token-gated and loads live programme data.
All numbers, evidence titles, findings, and policy entries on this page are synthetic and refer to no real organisation.
Acme Logistics (sample)
Auditor packet — SOC 2 Type II — surveillance Q3 2026 · Sample Audit Co.
Scope
- Frameworks
- SOC2, ISO27001
- Period
- 2026-01-01 → 2026-06-30
- Generated
- sample preview
Control coverage
| Framework | Implemented | Total | Coverage |
|---|---|---|---|
| soc2 | 187 | 201 | 93% |
| iso27001 | 89 | 93 | 96% |
Operating effectiveness (Type II)
Evidence (6 of 1,842 shown)
| Title | Control | Framework | Collected | Status |
|---|---|---|---|---|
| AWS IAM access review — Q1 2026 | CC6.1 | soc2 | 2026-03-31 | collected |
| GitHub branch-protection snapshot | CC8.1 | soc2 | 2026-04-12 | collected |
| Okta MFA enforcement export | CC6.6 | soc2 | 2026-04-15 | collected |
| Patch cadence — production fleet | A.8.8 | iso27001 | 2026-05-02 | collected |
| Backup integrity test — restore drill | A.8.13 | iso27001 | 2026-05-18 | collected |
| Quarterly access certification — finance | CC6.2 | soc2 | 2026-06-12 | collected |
Internal audit findings (2)
| Control | Finding | Severity | Status |
|---|---|---|---|
| CC7.2 | One vendor security review overdue (review cycle 30 days, last reviewed 47 days ago). | minor | remediated |
| A.8.16 | Two SIEM alert rules without documented runbook references. | low | in_progress |
Approved policies (4)
| Policy | Framework | Last updated |
|---|---|---|
| Information Security Policy | iso27001 | 2026-05-14 |
| Access Control Policy | iso27001 | 2026-04-22 |
| Incident Response Procedure | soc2 | 2026-05-30 |
| Business Continuity Plan | iso27001 | 2026-03-11 |
This is what your auditor will see.
The real surface is token-gated, scope-bounded by frameworks and date range, and pulled directly from your live programme — no copy-paste, no manual extract.