Automates the collection and organization of compliance evidence for SOC2, ISO 27001, or HIPAA audits. Pulls evidence from AWS configurations, Google Drive policies, and Jira tickets, then organizes findings into a structured evidence package with control mappings and gap identification.
Gather and organize evidence for SOC2, ISO 27001, or HIPAA audits from your cloud environment and tools.
Integrations: AWS, Google Drive, Jira
Identify the framework and controls in scope:
| Framework | Common Controls / Domains | Evidence Sources |
|---|---|---|
| SOC2 | CC6 (Logical Access), CC6.6 (Change Mgmt), A1 (Risk), CC7 (System Ops) | AWS IAM, Jira, Drive, monitoring tools |
| A.9 (Access Control), A.12 (Ops Security), A.14 (Acquisition) |
| Same + asset inventory, policies |
| HIPAA | Access Control, Audit Controls, Integrity, Transmission Security | AWS, EHR configs, BAA docs, audit logs |
Ask the user for: framework, controls in scope (or control IDs), audit timeline, and what evidence sources they have (AWS, GDrive, Jira, etc.).
Create a control-to-evidence mapping:
| Control ID | Control Name | Evidence Type | Source | Collection Method |
|---|---|---|---|---|
| CC6.1 | Logical access | IAM policies, MFA config | AWS | IAM list-users, GetAccountPasswordPolicy, MFA status |
| CC6.6 | Change management | Change tickets, approval workflow | Jira | JQL for change-type tickets, workflow config |
| A1.2 | Risk assessment | Risk register, findings | Google Drive | Search for "risk register", "risk assessment" |
| CC7.1 | System monitoring | Config, alerts, logs | AWS | CloudWatch, CloudTrail, Config rules |
Document which MCP tools will pull from which sources and what queries or APIs to use.
Execute evidence collection:
AWS (via AWS MCP):
Google Drive (via Google Drive MCP):
Jira (via Jira MCP):
For each piece of evidence, record: source, collection date, control it supports, and any redaction needed.
Structure the evidence into an audit-ready package:
| Folder / Section | Contents |
|---|---|
| Control Mapping | Table linking each control to evidence IDs |
| Evidence by Control | Subfolder per control (e.g., CC6.1/) with screenshots, exports, configs |
| Evidence by Source | AWS/, GDrive/, Jira/ with raw exports |
| Gap Analysis | Spreadsheet or doc listing gaps per control |
| Narrative | Summary document describing the control environment |
Ensure file names are descriptive (e.g., CC6.1-IAM-users-export-2026-02-12.csv) and include collection timestamps.
Analyze evidence against control requirements:
| Gap Type | Example | Remediation |
|---|---|---|
| Missing evidence | No risk assessment for Q4 | Schedule and document risk review |
| Incomplete control | MFA not enforced for 2 users | Enable MFA, document exception process |
| Policy gap | No formal change approval | Document approval workflow, add Jira workflow |
| Configuration issue | S3 bucket unencrypted | Enable encryption, document exception |
For each gap:
Deliver: