Audits can feel complex, but with the right preparation and collaboration, they can run smoothly and efficiently. Secureframe’s Audit Module is designed to streamline this process, helping you and your auditor stay aligned, organized, and audit-ready from start to finish. Below are some best practices to help your team get the most out of your audit experience.

Step 1: Set Up Your Audit Thoughtfully

Define your observation window carefully.
Choose start and end dates that capture the correct evidence period for your audit. When the audit is created, Secureframe will automatically include only active, in-scope evidence that falls within this window and make it visible to your auditor.

Add auditors only when ready.
You can create and prepare your audit before granting auditor access. This lets your team review and update evidence first. You can either add the auditor with a future access start date so they gain access automatically when the audit begins, or wait to add them later once your team is ready to share the content.

Use auditor access settings intentionally.
You can control which Secureframe modules your auditor can view. Determine which modules are necessary for their review, such as the Data Room, and hide others like Tests or Controls since auditors already have access to the in-scope items within the active audit.

Step 2: Review Your Evidence Before Review

Make sure all tests are marked as “Submitted.”
Tests with passing, in-scope evidence are automatically marked as Submitted when the audit is created. Review all others marked Not ready to confirm evidence is complete before auditor access begins. 

Keep evidence organized in the main Tests module.
Any evidence uploaded during the audit automatically links back to your Tests module. This helps maintain a single source of truth for future audits.

Provide clear and complete context.
Where relevant, include short notes or descriptions within tests in the active audit. You can add these notes in the Auditor comments tab so your auditor can see them during their review. You’ll automatically receive an email notification if they leave a comment back.

Step 3: Maintain Clear Communication

Use the right comments tab in each test.
Auditor comments are shared with your auditor for formal requests and clarifications.
Internal comments are for private discussion within your company before responding.

Add new requests as a test when needed.
If the auditor needs something that is not covered by an existing test, use the Add test flow to create an upload test. Either your team or the auditor can add this test. Newly added tests appear in your main Tests module for future tracking and will be visible in the active audit. 

Respond promptly to “Action required” items.
When auditors flag tests as Action required, they’ll usually leave notes explaining what’s missing or unclear. Once addressed, update the response back to Submitted so they know it’s ready for review again. Feel free to drop any comments. 

Rely on email notifications to stay aligned.
Secureframe automatically sends emails to both your team and the auditor when tests are updated, comments are added, or an auditor adds a new test. These notifications help ensure no request is missed.

Step 4: Complete and Close Out Your Audit