How Veris AI gets you audit-ready
Walk into your SOC 2 audit already ready. This page walks the real user journey — from scoping your Trust Services Criteria to one honest Audit-Ready %. Built by an auditor who's personally led 100+ SOC 2 audits.
Scope exactly what applies — nothing more
Pick your Trust Services Criteria and Veris scopes exactly which SOC 2 controls apply to your company. Security is always in; Availability, Confidentiality, Processing Integrity, and Privacy come in or out based on what you actually commit to customers — with exclusions justified, the way an auditor expects.
- 1Answer a few questions about your product, stack, and customer commitments.
- 2Confirm the recommended TSC scope.
- 3Justify any excluded criteria — the justification is saved for your auditor.
Work through every control, at your pace
Answer each in-scope control — Yes, No, or N/A — organized by Common Criteria family. Everything auto-saves, your readiness score updates live as you answer, and you can add notes per control for context your team (and future you) will need.
- 1Work through controls family by family (CC1 → CC9, plus your added criteria).
- 2Mark Yes / No / N-A and drop notes on any control.
- 3Leave anytime — auto-save means you resume exactly where you stopped.
Pick your report type — evidence adjusts
SOC 2 Type 1 proves your controls are designed and in place today; Type 2 proves they operated over a period. Veris shows you the Design vs Operating evidence difference for every control, so you know exactly what you're signing up for before you commit.
- 1Choose Type 1 (documentation & design) or Type 2 (operating proof over a window).
- 2Evidence requirements across the whole tool adjust to your choice.
Design
A point-in-time snapshot
- Policies & procedures documented
- Controls designed & in place
- Evidence: documentation exists
- Faster path to a first report
Operating
Proof over a review period
- Everything in Type 1, plus…
- Controls operating over 3–12 months
- Evidence: logs, tickets, samples
- What enterprise buyers usually ask for
Policies drafted from your answers Beta
Themis, the policy agent, turns your questionnaire answers into auditor-aligned policies — written to pass real audit review, not generic templates. Edit everything in a built-in editor and export standardized Word documents your auditor will actually accept.
- 1Pick a policy (Access Control, Change Management, Incident Response, …).
- 2Answer its short questionnaire about how you really operate.
- 3Generate, edit inline, and download as Word (DOCX).
Know if your evidence passes — before your auditor does Beta
Upload evidence against any control — screenshots, exports, logs, records — and Veritas, the audit agent, scores whether it actually satisfies the control. You get a verdict, a quality score, and a specific list of what's missing, split by Design vs Operating evidence tiers.
- 1Upload proof against a control (config screenshots, log exports, HR records…).
- 2Veritas returns a verdict + score for that evidence.
- 3Fix exactly what it flags as missing — no guessing.
Gaps that close themselves as you work
Every 'No' in your assessment becomes a tracked gap that moves through four stages — Open → Policy Drafted → Evidence Uploaded → Remediated. Stages are computed from the real state of your workspace, not a status dropdown someone forgot to update.
- 1Your assessment answers create the gap list automatically.
- 2Draft the covering policy, upload evidence — watch each gap advance on its own.
- 3Chase what's still Open; everything else is provably in motion.
No manual status dropdowns — stages advance from what you've actually done
A risk register your auditor will ask for — already built Beta
Aegis, the risk agent, seeds your corporate risk register directly from your control gaps and keeps a vendor / subprocessor register alongside it — who has your data, what agreements are in place, and when each vendor was last reviewed.
- 1Seed risks from your open gaps in one step.
- 2Log vendors and subprocessors with agreements on file.
- 3Track annual review dates so nothing quietly expires.
One honest Audit-Ready %
Your home base. A single Audit-Ready percentage — broken down into Assessed, Policies, and Evidence — computed from the real state of your program. No vanity numbers: if the dashboard says 74%, that's what your auditor will find too.
- 1Open Veris — the dashboard is where you land.
- 2See where you stand across assessment, policies, and evidence — and exactly what's left.
Walk into your audit already ready.
Veris AI is in private beta. Request early access and we'll reach out as spots open up.
Request Early Access / Join the Waitlist