Turn your auditor’s PBC list into an evidence package.
Upload your SOC 2 request list, collect and approve evidence once, and reuse it from a single Evidence Vault — an auditor-ready package plus a customer-safe Trust Packet, built from what you’ve approved. Collect once, reuse for audits and trust requests.
No credit card · GitHub evidence collection is live · Book an Audit Cleanup Call
Your auditor’s list becomes the workflow
No control framework to learn. AuditRelay is built around the one thing you actually have to ship: the auditor’s request list.
Upload your request list
Drop in the auditor's PBC list — .xlsx, .csv, .txt, or .pdf. Each line becomes a plain-English task.
Assign owners
Give every request an owner and a due date so nothing falls through the cracks.
Collect evidence
Upload files or attach evidence to each request. Everything is stored and SHA-256 hashed.
Automate GitHub evidence
Connect GitHub to auto-collect org admins, branch protection, and PR approvals.
Review and approve
Approve what's acceptable — with separation of duties, you can't approve your own uploads.
Reuse in the Evidence Vault
Approved evidence becomes a reusable, org-level asset you can link to many requests — collect once, reuse everywhere.
Review readiness gaps
See what's missing, stale, unowned, or not yet customer-safe before you hand anything off.
Export or share
Hand your auditor one clean ZIP, or a secure, read-only package link instead of messy emails.
Generate a Trust Packet
Build a customer-safe Trust Packet from the evidence you've approved and marked customer-safe. Informational — it doesn't certify controls.
Automated evidence collection
That 200-row PBC spreadsheet doesn’t have to ruin your quarter.
The request list lands in your inbox and your stomach drops — dozens of items in auditor shorthand, each one pointing at a different system, all due at once.
AuditRelay turns that wall of text into a short list of plain tasks with a clear status on each. You always know what’s done, what’s left, and what the auditor will flag.
Plain-English tasks, not control jargon
Every cryptic auditor request becomes a clear action your team can actually do.
Know exactly what's left
One readiness number and a status on every request. No more guessing how close you are.
Auditor-ready export
Hand over a single organized package — labeled, cross-referenced, and complete.
Every request, translated into a task you can finish
AuditRelay reads the auditor’s wording, rewrites it as a clear action, points it at the right system, and tracks its status.
“Provide a sample of 25 production changes and evidence of approval.”
Pull 25 production changes and attach the approval for each.
“Provide a list of privileged users in Azure/Entra ID for the audit period.”
Export admin/privileged roles in Entra ID and confirm each is still needed.
“Provide evidence of recent successful backups.”
Show recent successful backups of production data with retention.
“Provide all terminated employees and evidence access was removed.”
List terminations and show access was revoked within policy.
Pricing that fits how you audit
Start free, upgrade when you're running a real audit. GitHub evidence collection is live today; other integrations are coming soon.
Free
Try the workflow with limited access.
- Import a PBC list and triage requests
- Assign owners and track status
- See readiness gaps
- Explore with a realistic sample audit
Starter
For a small team completing one audit.
- 1 active audit package · up to 5 members
- PBC import + evidence upload
- Evidence Vault + readiness gaps
- GitHub collectors
- Auditor-ready ZIP export + share links
- Customer-safe Trust Packet (Markdown)
Pro
For teams actively managing evidence collection.
- Up to 15 members
- GitHub collectors
- Reusable Evidence Vault
- Everything in Starter
- Priority support
Enterprise / Pilot
Guided setup, custom integrations, and consultant support.
- Guided onboarding of your first PBC list
- Unlimited packages & members
- Custom integrations (roadmap-driven)
- SSO (roadmap) · security review support
Every paid plan includes PBC import, evidence upload, GitHub collectors, auditor-ready ZIP export, and read-only auditor share links. Pilot customers get guided setup.
Turn your auditor’s PBC list into an evidence package.
Upload the list, collect and approve your evidence once, and hand your auditor exactly what they asked for — then reuse it for customer trust requests.