Secure Audit Platform
Our own secure audit platform. Work programs, findings, evidence and communication in one place. Built with security-by-design: role-based access, encrypted storage and full audit trail.
Secure Audit Platform
Digital audit and compliance platform - Secure environment
Our own secure audit platform. Work programs, findings, evidence and communication in one place. Built with security-by-design: role-based access, encrypted storage and full audit trail.
The external audit module is designed for IT auditors conducting independent assurance engagements such as SOC 2, ISAE 3402, ISAE 3000 and DigiD assessments. The platform supports the entire audit process from planning to reporting, while safeguarding auditor independence.
Work program
A work program is generated per engagement based on the selected standard and scope. The auditor tests each control on design, existence and operating effectiveness, recording the assessment with supporting documentation and references to evidence.
Sampling
For controls that are periodic or event-driven, the platform supports sampling. The client uploads the population list (for example, a list of changes or access requests over the audit period). The platform calculates the sample size and draws a random sample. The client then provides evidence for each selected item.
Information requests
The auditor sends targeted information requests to the client through the platform. The client sees exactly which information or documentation is requested per control and can upload evidence directly. The status of each request is visible to both parties at all times.
The internal audit module is designed for organizations that perform or commission internal IT audits. Unlike external audit, the internal auditor can make recommendations aimed at improvement. The platform supports this with functionality for follow-up and management reporting.
Work program
The internal auditor works with a work program linked to the relevant framework (ISO 27001, ISO 42001, NEN 7510 or a custom framework). Each control is tested on design, existence and operating effectiveness. The work program contains guidance and testing criteria to ensure the approach is reproducible and consistent.
Findings & recommendations
Each finding receives a risk classification and a concrete recommendation for improvement. The responsible party receives a notification and can add an action plan with an owner and target date. The status of each finding (open, in progress, completed) is visible at all times.
Follow-up
Open findings are tracked until the remediation action has been implemented and retested. Retesting takes place within the same file, preserving the complete history. This way, internal audit becomes a continuous improvement process rather than a one-time exercise.
All audit documentation is managed centrally: work papers, evidence, population lists and reports. Documents are stored encrypted and accessible only to authorized users based on role separation (auditor, reviewer, client).
The platform provides version control, a complete audit trail of all actions and complies with applicable recordkeeping requirements for audit files. Communication between auditor and client runs through the built-in messaging system, linked to specific controls or findings.
Looking for an IT auditor?
Every organization is unique. Get in touch for a no-obligation conversation about IT audit, compliance or risk management.