Audits
Keep track of your audits by diligently recording each audit status, key findings, non-conformities, and tailored recommendations, ensuring timely, accurate corrective actions for the continuity of your certifications.
Overview
The Audits feature allows you to create, manage, and track audits across your organization. Audits help you document the full lifecycle of a certification or internal review, including audit details, findings, non-conformities, and corrective measures.
By recording both audit information and findings, you gain transparency over the audit process, ensure corrective actions are followed through, and create audit-ready reports to share with stakeholders.
Common use cases include:
- ISO 27001 Certification Audit
- Re-certification Audit
- Quarterly Internal Audit
- Vendor External Audit
Audit Management
An Audit represents a single review event, such as a certification, re-certification, or internal audit.
You can create, edit, update, and delete audits as needed. An audit is marked as finished when an End Date is provided, but audits and their details remain editable until that point.
Audit Fields
| Field | Description | Example |
|---|---|---|
Name | The audit’s name (required) | 2025Q1 Re-certification Audit |
Slug | Unique identifier for referencing the audit (required) | 2025-q1 |
Type | Type of audit (required) | Internal, Certification, External |
Started at | Start date of the audit | 17.03.2025 |
Ended at | End date of the audit (marks audit as finished) | 20.03.2025 |
Auditor | Person or entity conducting the audit | John Doe |
Notes | Additional information or contextual notes | Management system shows improvements |
Findings Management
Findings represent the detailed results of an audit, such as non-conformities (NCs), recommendations, or observations.
Findings can be created, edited, updated, and deleted at any time. They can also be marked as Completed or Incomplete depending on remediation progress.
Finding Fields
| Field | Description | Example |
|---|---|---|
Name | Name/title of the finding (required) | Management Review Not Detailed Enough |
Slug | Unique identifier for referencing the finding (required) | nc-2 |
Identifier | Short code for the finding (e.g., NC-1, NC-2) | NC-2 |
Deadline | Due date for addressing the finding (integrates with Deadlines) | 31.12.2025 |
Findings | Detailed description of the issue | The management review was incomplete... |
Causes | Root causes or contributing factors | Insufficient knowledge transfer |
Measures | Planned corrective or preventive actions | Improve review process and reporting |
Notes | Optional contextual notes | Reviewed in last team meeting |
Integration with Deadlines
If a Deadline is set on a finding, it will appear in the Deadlines view, ensuring it is visible in broader compliance planning.
Reporting
Audits include a Generate Report feature, which creates a PDF summary of the audit and its findings. This report is managed via the Reports feature and includes:
- Audit details (type, auditor, start and end dates)
- Findings (with identifiers, causes, measures, and deadlines)
- Completion status of each finding
Reports can be shared with stakeholders, auditors, or regulators as formal evidence of audit activity.
Best Practices
- Plan audits carefully: Define audit types and scope clearly when creating new audits.
- Keep findings structured: Use consistent identifiers (e.g., NC-1, NC-2) to make reports easier to read and track.
- Leverage deadlines: Always set deadlines for non-conformities to ensure they are addressed on time.
- Update statuses: Mark findings as Completed or Incomplete to reflect real progress.
- Use reporting: Generate PDF reports to provide structured evidence of compliance and corrective action.
- Maintain traceability: Ensure that audits and findings are linked back to relevant controls, assets, or policies for full coverage.
For example, in a Re-certification Audit, you may record a finding such as NC-1 – KPIs not measured since September 2024, assign a deadline, and track remediation. Once addressed, the finding is marked as Completed, and this status will be reflected in both the Audit detail view and the Deadlines view.
By tracking audits and findings in this structured way, your organization can demonstrate compliance maturity, remediate issues effectively, and provide strong evidence during external audits or certifications.
How is this guide?
Policies
Your organization's policies define how work gets done and ensure everyone follows the same standards. Use this section to create, edit and update policies so they stay compliant with the frameworks you enabled.
Collections
Collections are an all-in-one data vault. Manage acronyms, definitions, labels, locations, roles, schedules, and variables in one centralized place — to be used in various data sources. It's everything you need to keep your data clear, current, and always within reach.