Audit Readiness
The audit readiness workflow assesses whether your evidence actually satisfies the controls you'll be audited against. It ingests evidence artifacts — documents and screenshots — maps each to the relevant controls, evaluates sufficiency, and produces a structured findings report before your auditor ever sees it.
Unlike Policy Coverage and Policy Generation, audit readiness is not a single fixed slash command — you drive it through the expert chat, which lets the orchestrator route to the audit-readiness and evidence-sufficiency agents over the evidence you've uploaded.
Workflow
- Upload evidence. Add your artifacts with document
type=evidence, tagging each with theframework_idandcontrol_idit supports (and anexpires_at). See the Documents API. - Ask the expert to assess readiness, scoping to the relevant frameworks and documents.
- Read the findings. Each evidence item is evaluated against its control with a verdict and the specific gaps to close.
1. Upload evidence
Evidence documents require framework_id, control_id, and expires_at:
curl -X POST https://compliance.secberus.ai/v1/documents \
-H "authorization: YOUR_API_KEY" \
-F "file=@mfa-screenshot.png" \
-F "type=evidence" \
-F "framework_id=pci_dss_v4" \
-F "control_id=8.4.2" \
-F "expires_at=2026-12-31T00:00:00Z"
Image evidence (screenshots, console captures, diagrams) is analyzed by an image-description agent into a compliance-focused text summary, so it can be evaluated just like a text document.
2. Assess readiness
curl -N -X POST https://compliance.secberus.ai/v1/expert \
-H "authorization: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"messages": [
{ "role": "user", "content": "Assess our audit readiness for PCI DSS v4 against the evidence I uploaded. Which controls have sufficient evidence and which are gaps?" }
],
"frameworks": ["pci_dss_v4"]
}'
3. Read the findings
The agent streams a structured assessment, one finding per evidence item, with a verdict and reasoning:
data: 8.4.2 (MFA for admin access) → SUFFICIENT
data: Evidence: mfa-screenshot.png shows MFA enforced for the admin console.
data: 10.2.1 (audit log content) → PARTIAL
data: Evidence covers authentication events but not configuration changes.
data: Gap: add evidence of change-event logging.
Evidence and gap verdicts
The underlying agents use two verdict scales:
Evidence sufficiency — for an evidence artifact evaluated against a control:
| Verdict | Meaning |
|---|---|
SUFFICIENT |
The evidence fully demonstrates the control is met. |
PARTIAL |
The evidence is relevant but incomplete; gaps are listed. |
INSUFFICIENT |
The evidence does not demonstrate the control. |
Gap analysis — for a policy passage compared to a control requirement:
| Verdict | Meaning |
|---|---|
MEETS_OR_EXCEEDS |
The policy satisfies the control. |
INSUFFICIENT |
The policy does not satisfy the control; a summary explains why. |
Every finding cites the framework and control IDs and the source artifact it drew from.
Prerequisites
- Evidence documents uploaded with
type=evidenceand theirframework_id/control_idtags. See the Documents API. - Valid framework IDs (from
GET /v1/frameworks).
Related
- Documents API — upload and manage evidence, including expiry tracking.
- Policy Coverage — the policy-side counterpart to evidence audit readiness.