FAQ

No. AuditLoom is designed to translate work into owners, evidence, and exports. Details stay accessible, not in your way.

Controls describe what you do. Evidence proves you did it, and stays fresh over time.

Yes. Evidence is reusable and traceable, so 20+ projects don’t create 20x work.

A defensible pack: mapping, status, timestamps, and evidence you can trace and verify.

Free is designed as a realistic demo: 1 project, 1 editor and 1 GB of storage. You can run one starter module for 14 days to experience a framework workflow end-to-end.

No. You can create a workspace and start with the Free plan without entering payment details. Upgrade when you need more scale, editors or additional modules.

AuditLoom provides module workflows that structure controls, responsibilities, and required artifacts. You keep a single evidence base and reuse it across all supported frameworks while maintaining full traceability.

Yes. While our standard plan is cloud-hosted (secure EU-based multi-tenant SaaS), we offer Enterprise plans with self-hosted / VPC deployment options on AWS, Azure, or GCP for organizations with strict data residency and sovereign cloud requirements.

Yes. Workspaces support multiple users with roles and permissions so compliance, security and engineering can contribute without losing ownership and accountability.

Yes. Changes to key objects can be traced so you can demonstrate who changed what, when, and why during audits or buyer reviews.

Data is stored in your workspace database and file storage. Retention policies and export flows are designed to support audit readiness and buyer due diligence.

SSO and SCIM are typically part of enterprise deployments. If you need centralized access management, evaluate the Enterprise plan for rollout options.

Yes. You can export packs and evidence-backed artifacts so procurement questionnaires and audits can be answered with consistent, traceable outputs.

Start with a Free workspace to validate workflows. When ready, upgrade the plan, enable the needed modules, invite stakeholders, and standardize projects using reusable evidence and exports.

There are no limits on core features! You get full access to the EU AI Act, ISO 42001, NIST AI RMF, NIS2, and SOC 2 compliance modules. You can invite your team, set up evidence freshness rules, and export a real, defensible audit pack to test the platform on the field.

It is extremely simple. You can bulk upload files (PDFs, Word documents, spreadsheets) or connect your Google Drive, Microsoft 365, or GitHub repositories in seconds. AuditLoom's AI will parse the documents and automatically map the evidence to the relevant controls, showing you your compliance gaps immediately.

Absolutely. There is zero vendor lock-in with AuditLoom. You can download a complete export of all your evidence, court-admissible TSA timestamp certificates, and the offline verification script at any time — even during your free trial.

AuditLoom provides a dedicated SOC 2 module mapped to the Trust Services Criteria (TSC) for Security, Availability, Processing Integrity, Confidentiality, and Privacy. You can reuse the same evidence base (such as access reviews, encryption policies, and incident response logs) to satisfy SOC 2 controls alongside EU AI Act, ISO 42001, and NIS2 without duplicating efforts.

Unlike standard databases that can be retroactively edited, AuditLoom applies cryptographic hashing and retrieves official timestamps from EU-accredited Time Stamping Authorities (TSAs). This creates an immutable chain of custody, proving dataset integrity and the exact state of your compliance evidence at any point in time, which is legally admissible in court or regulatory audits.