To create a new Audit in Comply, click "Create Audit" in the upper right-hand corner of the Audits tab.
- The required fields when creating an audit are:
- Name: We recommend specifying the type of audit and the date.
- Coverage Period: This field allows you to specify the period of time being audited (say, for example, the past 6 months for a SOC 2 Type 2). When attaching evidence to your audit requests, Comply will default to suggesting evidence that falls within this Coverage Period.
- Ticket Due Date: If you create any Evidence Requests for your colleagues as part of the audit, they will default to being due on this date.
- At the next step, you have the option to import a Request List. Each Request List may contain many Request Items, where a single request is something like "System configuration standard documents or system hardening documentation for all systems (including router)."
- File type must be a CSV
- The first column must have a header "id", all in lowercase and without quotes. This column should contain a unique identifier for each request.
- The second column must have header "description", all in lowercase and without quotes. This column should contain an explanation of the purpose of the request.
- There should be no additional columns other than those specified in the previous steps
- There must be one row per item in the request list
You can generate a request list from most auditor's portals
If your external auditor has a portal through which they've asked you to submit evidence, in most cases you can generate a CSV export of what they're asking for directly from their portal. This will save you time as you map evidence items to their request list.
- Once you've uploaded your request list - or you want to skip the CSV upload - click "Create Audit."
If you don't bulk upload your requests, or if you need to add additional requests after the bulk upload you're able to create requests within an Audit.
- Simply use the Add Request button in the top right
Updated over 1 year ago
Learn how to manage requests such as mapping evidence to them and completing them