Audit Readiness

The audit readiness workflow assesses whether your evidence actually satisfies the controls you'll be audited against. It ingests evidence artifacts — documents and screenshots — maps each to the relevant controls, evaluates sufficiency, and produces a structured findings report before your auditor ever sees it.

Unlike Policy Coverage and Policy Generation, audit readiness is not a single fixed slash command — you drive it through the expert chat, which lets the orchestrator route to the audit-readiness and evidence-sufficiency agents over the evidence you've uploaded.


Workflow

  1. Upload evidence. Add your artifacts with document type=evidence, tagging each with the framework_id and control_id it supports (and an expires_at). See the Documents API.
  2. Ask the expert to assess readiness, scoping to the relevant frameworks and documents.
  3. Read the findings. Each evidence item is evaluated against its control with a verdict and the specific gaps to close.

1. Upload evidence

Evidence documents require framework_id, control_id, and expires_at:

curl -X POST https://compliance.secberus.ai/v1/documents \
  -H "authorization: YOUR_API_KEY" \
  -F "file=@mfa-screenshot.png" \
  -F "type=evidence" \
  -F "framework_id=pci_dss_v4" \
  -F "control_id=8.4.2" \
  -F "expires_at=2026-12-31T00:00:00Z"

Image evidence (screenshots, console captures, diagrams) is analyzed by an image-description agent into a compliance-focused text summary, so it can be evaluated just like a text document.

2. Assess readiness

curl -N -X POST https://compliance.secberus.ai/v1/expert \
  -H "authorization: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "messages": [
      { "role": "user", "content": "Assess our audit readiness for PCI DSS v4 against the evidence I uploaded. Which controls have sufficient evidence and which are gaps?" }
    ],
    "frameworks": ["pci_dss_v4"]
  }'

3. Read the findings

The agent streams a structured assessment, one finding per evidence item, with a verdict and reasoning:

data: 8.4.2 (MFA for admin access) → SUFFICIENT
data:   Evidence: mfa-screenshot.png shows MFA enforced for the admin console.
data: 10.2.1 (audit log content) → PARTIAL
data:   Evidence covers authentication events but not configuration changes.
data:   Gap: add evidence of change-event logging.

Evidence and gap verdicts

The underlying agents use two verdict scales:

Evidence sufficiency — for an evidence artifact evaluated against a control:

Verdict Meaning
SUFFICIENT The evidence fully demonstrates the control is met.
PARTIAL The evidence is relevant but incomplete; gaps are listed.
INSUFFICIENT The evidence does not demonstrate the control.

Gap analysis — for a policy passage compared to a control requirement:

Verdict Meaning
MEETS_OR_EXCEEDS The policy satisfies the control.
INSUFFICIENT The policy does not satisfy the control; a summary explains why.

Every finding cites the framework and control IDs and the source artifact it drew from.


Prerequisites

  • Evidence documents uploaded with type=evidence and their framework_id / control_id tags. See the Documents API.
  • Valid framework IDs (from GET /v1/frameworks).
  • Documents API — upload and manage evidence, including expiry tracking.
  • Policy Coverage — the policy-side counterpart to evidence audit readiness.