← Veris AI|
Product Tour
Request Early Access
The full product · Beta

How Veris AI gets you audit-ready

Walk into your SOC 2 audit already ready. This page walks the real user journey — from scoping your Trust Services Criteria to one honest Audit-Ready %. Built by an auditor who's personally led 100+ SOC 2 audits.

[SCREENSHOT: Sidebar workspace]Real product screenshot goes here
Your entire readiness program lives in one workspace
ScopeAssessChoose TypeDraft PoliciesScore EvidenceClose GapsManage RiskAudit-Ready %
01Guided Assessment & Scoping

Scope exactly what applies — nothing more

What it does

Pick your Trust Services Criteria and Veris scopes exactly which SOC 2 controls apply to your company. Security is always in; Availability, Confidentiality, Processing Integrity, and Privacy come in or out based on what you actually commit to customers — with exclusions justified, the way an auditor expects.

How you use it
  1. 1Answer a few questions about your product, stack, and customer commitments.
  2. 2Confirm the recommended TSC scope.
  3. 3Justify any excluded criteria — the justification is saved for your auditor.
Trust Services Criteria — your scope
Security
Always in scope
Availability
Uptime commitments
Confidentiality
Sensitive data handling
Processing Integrity
Excluded — justified
Privacy
Excluded — justified
→ Only the controls that apply to you
02Self-Assessment Questionnaire

Work through every control, at your pace

What it does

Answer each in-scope control — Yes, No, or N/A — organized by Common Criteria family. Everything auto-saves, your readiness score updates live as you answer, and you can add notes per control for context your team (and future you) will need.

How you use it
  1. 1Work through controls family by family (CC1 → CC9, plus your added criteria).
  2. 2Mark Yes / No / N-A and drop notes on any control.
  3. 3Leave anytime — auto-save means you resume exactly where you stopped.
[SCREENSHOT: Self-Assessment Questionnaire]Real product screenshot goes here
Controls by CC family, with live readiness updates
03Type 1 vs Type 2

Pick your report type — evidence adjusts

What it does

SOC 2 Type 1 proves your controls are designed and in place today; Type 2 proves they operated over a period. Veris shows you the Design vs Operating evidence difference for every control, so you know exactly what you're signing up for before you commit.

How you use it
  1. 1Choose Type 1 (documentation & design) or Type 2 (operating proof over a window).
  2. 2Evidence requirements across the whole tool adjust to your choice.
Type 1

Design

A point-in-time snapshot

  • Policies & procedures documented
  • Controls designed & in place
  • Evidence: documentation exists
  • Faster path to a first report
Type 2

Operating

Proof over a review period

  • Everything in Type 1, plus…
  • Controls operating over 3–12 months
  • Evidence: logs, tickets, samples
  • What enterprise buyers usually ask for
04AI Policy Drafting · Themis

Policies drafted from your answers Beta

What it does

Themis, the policy agent, turns your questionnaire answers into auditor-aligned policies — written to pass real audit review, not generic templates. Edit everything in a built-in editor and export standardized Word documents your auditor will actually accept.

How you use it
  1. 1Pick a policy (Access Control, Change Management, Incident Response, …).
  2. 2Answer its short questionnaire about how you really operate.
  3. 3Generate, edit inline, and download as Word (DOCX).
Themis — policy pipeline
1
Pick a policy
e.g. Access Control
2
Answer its questions
Your real practices
3
Themis drafts it
Auditor-aligned language
4
Edit & export
Word (DOCX) download
05AI Evidence Review · Veritas

Know if your evidence passes — before your auditor does Beta

What it does

Upload evidence against any control — screenshots, exports, logs, records — and Veritas, the audit agent, scores whether it actually satisfies the control. You get a verdict, a quality score, and a specific list of what's missing, split by Design vs Operating evidence tiers.

How you use it
  1. 1Upload proof against a control (config screenshots, log exports, HR records…).
  2. 2Veritas returns a verdict + score for that evidence.
  3. 3Fix exactly what it flags as missing — no guessing.
[SCREENSHOT: Evidence Review — Design vs Operating tiers]Real product screenshot goes here
Every control shows its Design and Operating evidence expectations
06Gap Tracker & Progression

Gaps that close themselves as you work

What it does

Every 'No' in your assessment becomes a tracked gap that moves through four stages — Open → Policy Drafted → Evidence Uploaded → Remediated. Stages are computed from the real state of your workspace, not a status dropdown someone forgot to update.

How you use it
  1. 1Your assessment answers create the gap list automatically.
  2. 2Draft the covering policy, upload evidence — watch each gap advance on its own.
  3. 3Chase what's still Open; everything else is provably in motion.
Gap lifecycle — computed from real state
Open
Gap identified in your assessment
Policy Drafted
Themis policy covers the control
Evidence Uploaded
Proof attached & scored
Remediated
Verified closed — audit-ready

No manual status dropdowns — stages advance from what you've actually done

07Risk & Vendor Registers · Aegis

A risk register your auditor will ask for — already built Beta

What it does

Aegis, the risk agent, seeds your corporate risk register directly from your control gaps and keeps a vendor / subprocessor register alongside it — who has your data, what agreements are in place, and when each vendor was last reviewed.

How you use it
  1. 1Seed risks from your open gaps in one step.
  2. 2Log vendors and subprocessors with agreements on file.
  3. 3Track annual review dates so nothing quietly expires.
Aegis — risk & vendor registers
No formal offboarding checklist
Seeded from gap CC6.2
High
Vendor DPA not on file — Stripe
Vendor register
Medium
Backup restore untested
Seeded from gap A1.2
Medium
Illustrative example — your register is built from your gaps
08Readiness Dashboard

One honest Audit-Ready %

What it does

Your home base. A single Audit-Ready percentage — broken down into Assessed, Policies, and Evidence — computed from the real state of your program. No vanity numbers: if the dashboard says 74%, that's what your auditor will find too.

How you use it
  1. 1Open Veris — the dashboard is where you land.
  2. 2See where you stand across assessment, policies, and evidence — and exactly what's left.
[SCREENSHOT: Readiness Dashboard]Real product screenshot goes here
Assessed / Policies / Evidence — one honest Audit-Ready %
Private beta

Walk into your audit already ready.

Veris AI is in private beta. Request early access and we'll reach out as spots open up.

Request Early Access / Join the Waitlist
Veris AIA House of GRC product
Veris AI·House of GRC·Privacy·Terms·© 2026 · All rights reserved.

Veris GRC is independently operated as an AI-powered compliance self-assessment platform. It is not a licensed CPA firm and does not issue official SOC 2 audit reports or legal advice. Audits are performed by independent, accredited CPA firms.