Hyperproof is a robust, all-in-one compliance operations platform that allows organizations to stay on top of all their security assurance and compliance work. With Hyperproof, organizations can identify compliance requirements, implement controls, collect and store proof, automate routine tasks, and much more.

Many organizations prefer to conduct their audits directly in Hyperproof to eliminate the typical back-and-forth between the organization and the auditor. Using Hyperproof also helps organizations greatly reduce the number of times clients are asked for the same evidence by different audit teams.

As an auditor, your role in Hyperproof varies depending on the client’s preferences—some clients may grant an auditor full access to their Hyperproof organization, while others may add an auditor as a contact, meaning that the auditor never actually logs in to the platform.

For auditors who are added to their client’s Hyperproof organization, you will be able to review all documentation the client has uploaded to Hyperproof, as well as communicate with the client right from the platform. Hyperproof keeps historical records with version control, so both you and the client can stay up-to-speed

with the audit in real-time.

To begin your audit, engage an external auditor. The external auditor sends you a Document Request List (DLR) that they will use as the basis for the audit. See Creating an audit and importing a request list.

The auditor creates a new audit in Hyperproof and titles it. The title might be [YEAR] SOC 2 Type 2.

To use the DLR sent to you by the external auditor, it must be in CSV format so it can be imported into Hyperproof when you create your audit.

When you start collecting and linking proof to a request, change the request status to indicate you have started working on it. Link the necessary proof to each request. If you choose to use labels, those must also be linked to requests. Once proof has been linked to a request, change the request status to Submitted. See Linking proof to a request.

You or your internal auditor can export the audit, download the ZIP file, and securely transfer it to the external auditor. Note that you can also invite your external auditor to Hyperproof, where they can log in to review requests and proof. See External auditors in Hyperproof and Documentation for external auditors.

To export audit information:

Once you have submitted all of your audit requests to the external auditor, they review the audit and determine if all of the requests have been addressed.

If all requests have been satisfied, your internal auditor moves on to the next steps.

If any requests remain unsatisfied, your internal auditor updates the Document Request List, ensures the linked proof is satisfactory, re-exports the updated audit, and then delivers it to the external auditor for another review.

Once the external auditor has approved all requests in your audit, they produce a Type 2 report outside of Hyperproof.

You and your internal auditor meet to determine what succeeded, what failed, and what should be repeated in future audits.

Your internal auditor changes the audit status to Completed.