devguard

Audits

Keep track of your audits by diligently recording each audit status, key findings, non-conformities, and tailored recommendations, ensuring timely, accurate corrective actions for the continuity of your certifications.

Overview

The Audits feature allows you to create, manage, and track audits across your organization. Audits help you document the full lifecycle of a certification or internal review, including audit details, findings, non-conformities, and corrective measures.

By recording both audit information and findings, you gain transparency over the audit process, ensure corrective actions are followed through, and create audit-ready reports to share with stakeholders.

Common use cases include:

  • ISO 27001 Certification Audit
  • Re-certification Audit
  • Quarterly Internal Audit
  • Vendor External Audit

Audit Management

An Audit represents a single review event, such as a certification, re-certification, or internal audit.

You can create, edit, update, and delete audits as needed. An audit is marked as finished when an End Date is provided, but audits and their details remain editable until that point.

Audit Fields

FieldDescriptionExample
NameThe audit’s name (required)2025Q1 Re-certification Audit
SlugUnique identifier for referencing the audit (required)2025-q1
TypeType of audit (required)Internal, Certification, External
Started atStart date of the audit17.03.2025
Ended atEnd date of the audit (marks audit as finished)20.03.2025
AuditorPerson or entity conducting the auditJohn Doe
NotesAdditional information or contextual notesManagement system shows improvements

Findings Management

Findings represent the detailed results of an audit, such as non-conformities (NCs), recommendations, or observations.

Findings can be created, edited, updated, and deleted at any time. They can also be marked as Completed or Incomplete depending on remediation progress.

Finding Fields

FieldDescriptionExample
NameName/title of the finding (required)Management Review Not Detailed Enough
SlugUnique identifier for referencing the finding (required)nc-2
IdentifierShort code for the finding (e.g., NC-1, NC-2)NC-2
DeadlineDue date for addressing the finding (integrates with Deadlines)31.12.2025
FindingsDetailed description of the issueThe management review was incomplete...
CausesRoot causes or contributing factorsInsufficient knowledge transfer
MeasuresPlanned corrective or preventive actionsImprove review process and reporting
NotesOptional contextual notesReviewed in last team meeting

Integration with Deadlines

If a Deadline is set on a finding, it will appear in the Deadlines view, ensuring it is visible in broader compliance planning.

Reporting

Audits include a Generate Report feature, which creates a PDF summary of the audit and its findings. This report is managed via the Reports feature and includes:

  • Audit details (type, auditor, start and end dates)
  • Findings (with identifiers, causes, measures, and deadlines)
  • Completion status of each finding

Reports can be shared with stakeholders, auditors, or regulators as formal evidence of audit activity.

Best Practices

  • Plan audits carefully: Define audit types and scope clearly when creating new audits.
  • Keep findings structured: Use consistent identifiers (e.g., NC-1, NC-2) to make reports easier to read and track.
  • Leverage deadlines: Always set deadlines for non-conformities to ensure they are addressed on time.
  • Update statuses: Mark findings as Completed or Incomplete to reflect real progress.
  • Use reporting: Generate PDF reports to provide structured evidence of compliance and corrective action.
  • Maintain traceability: Ensure that audits and findings are linked back to relevant controls, assets, or policies for full coverage.

For example, in a Re-certification Audit, you may record a finding such as NC-1 – KPIs not measured since September 2024, assign a deadline, and track remediation. Once addressed, the finding is marked as Completed, and this status will be reflected in both the Audit detail view and the Deadlines view.

By tracking audits and findings in this structured way, your organization can demonstrate compliance maturity, remediate issues effectively, and provide strong evidence during external audits or certifications.

How is this guide?

On this page