Audit Catalog

Every system gets the same rigor. Our 204-audit catalog ensures comprehensive validation across security, performance, code quality, and user experience.

0
Audits
0
Categories
1-0
Scoring Scale
0
Objective & Repeatable

How Our Audits Work

1-5

Objective Scoring

Each area is scored 1-5 with clear criteria. No ambiguity, no opinions.

Detailed Findings

Every finding includes explanation, evidence, and severity rating.

Risk Identification

Issues are classified by severity so you know what to prioritize.

Actionable Steps

Recommendations are prioritized by impact to guide your roadmap.

Full Audit Catalog

Security

9

Security audits covering authentication, authorization, data protection, and vulnerability assessment.

API Security Audit

Advanced 3h
The API Security Audit is intended to: Assess API authentication mechanisms Evaluate authorization and access control Review input validation and output encoding Verify rate limiting and abuse prevention Identify vulnerabilities and misconfigurations

This document provides a structured checklist and evaluation framework for performing an API security audit. It covers authentication, authorization, input validation, rate limiting, and security best practices.

Authentication & Authorization Audit

Advanced 3h
The Authentication & Authorization Audit exists to: Validate secure user authentication mechanisms Assess password policies and credential storage Evaluate role-based access control implementation Review session management security Ensure proper permission enforcement This audit is typically performed: Before production launch After implementing new auth features When security concerns arise As part of compliance requirements During penetration testing preparation

This document defines a framework-agnostic Authentication & Authorization Audit for modern web applications. It evaluates the security and correctness of user identity verification and access control systems. This audit answers a critical question:

Cloud Security Posture Audit

Advanced 5h
The Cloud Security Posture Audit is intended to: Assess overall cloud security configuration Evaluate identity and access management Review network security architecture Verify data protection measures Identify compliance and monitoring gaps

This document provides a structured checklist and evaluation framework for performing a cloud security posture audit. It covers identity management, network security, data protection, compliance, and security monitoring across cloud environments.

Kubernetes & Container Security Audit

Advanced 4h
The Kubernetes & Container Security Audit is intended to: Assess Kubernetes cluster security configuration Evaluate pod security policies and standards Review network policies and isolation Verify secrets management practices Identify container image vulnerabilities

This document provides a structured checklist and evaluation framework for performing a Kubernetes and container security audit. It covers pod security, network policies, secrets management, image scanning, and cluster configuration.

Web Application Security Audit (Laravel)

Advanced 4h
Identify security risks and misconfigurations, validate adherence to Laravel and web security best practices, and assess readiness for production deployment.

A comprehensive security audit for Laravel-based web applications.

Web Application Security Audit (Laravel)

Advanced 2h 45m
The Security Audit is intended to: Identify security risks and misconfigurations Validate adherence to Laravel and web security best practices Assess readiness for production deployment Provide actionable remediation guidance

This document provides a structured checklist and evaluation framework for performing a security audit of a Laravel-based web application. It is suitable for internal reviews, client deliverables, and pre-production security validation.

WordPress Security Audit

Advanced 3h
The WordPress Security Audit is intended to: Assess WordPress installation security Evaluate plugin and theme vulnerabilities Review user access and authentication Verify server and hosting configuration Identify security hardening opportunities

This document provides a structured checklist and evaluation framework for performing a WordPress security audit. It covers core security, plugin/theme vulnerabilities, user management, server configuration, and security hardening.

Zero Trust Architecture Audit

Advanced 4h
The Zero Trust Architecture Audit is intended to: Assess zero trust maturity level Evaluate identity-centric security Review microsegmentation implementation Verify continuous validation mechanisms Identify gaps in zero trust adoption

This document provides a structured checklist and evaluation framework for performing a zero trust architecture audit. It covers identity verification, device trust, network segmentation, and continuous validation.

API Security Audit (Enhanced)

Advanced 4h
Evaluate API security posture with zero tolerance for critical vulnerabilities.

Comprehensive API security assessment using critical-veto scoring. Any critical security failure results in automatic audit failure. Demonstrates matrix questions, multi-select options, and repeating items.

Performance

9

Performance audits analyzing load times, resource optimization, caching, and scalability.

CDN & Edge Performance Audit

Intermediate 5h
The CDN & Edge Performance Audit is intended to: Assess CDN configuration and cache effectiveness Evaluate SSL/TLS and security settings Review edge function implementation Verify origin protection and optimization Identify performance improvement opportunities

This document provides a structured checklist and evaluation framework for performing a CDN and edge performance audit. It covers CloudFront/Cloudflare configuration, caching rules, SSL/TLS settings, and edge function optimization.

Content Analytics & Performance Audit

Intermediate 4h
The Content Analytics & Performance Audit is intended to: Evaluate analytics implementation Assess content performance measurement Review engagement and conversion tracking Verify content attribution models Ensure data-driven optimization

This document provides a structured checklist and evaluation framework for auditing content performance measurement and analytics. It covers traffic analysis, engagement metrics, conversion tracking, and content ROI.

Cost & Resource Efficiency Audit

Intermediate 5h
The Cost & Resource Efficiency Audit exists to: Review hosting and infrastructure costs Assess resource utilization efficiency Identify unused or over-provisioned resources Evaluate scaling economics Recommend cost optimization strategies This audit is typically performed: During budget planning cycles When costs unexpectedly increase Before major scaling decisions As part of operational reviews When evaluating infrastructure changes

This document defines a framework-agnostic Cost & Resource Efficiency Audit for modern web applications. It evaluates infrastructure spending, resource utilization, and optimization opportunities. This audit answers a critical question:

Mobile App Performance Profiling Audit

Intermediate 6h
The Mobile Performance Profiling Audit is intended to: Analyze app startup and runtime performance Identify memory leaks and inefficiencies Evaluate CPU and battery usage Review animation and UI performance Establish performance monitoring practices

This document provides a structured checklist and evaluation framework for performing an in-depth mobile app performance analysis. It covers startup time, memory, CPU, battery, and runtime optimization.

Performance & Load Testing Audit

Intermediate 7h
The Performance & Load Testing Audit is intended to: Assess performance testing strategy Evaluate load testing coverage Review test execution practices Verify analysis and reporting Identify performance testing gaps

This document provides a structured checklist and evaluation framework for performing a performance and load testing audit. It covers test design, execution, analysis, and continuous performance testing.

Performance & Scalability Audit (Laravel)

Intermediate 7h
The goal of this audit is to: Measure real-world application performance Identify bottlenecks and inefficiencies Validate scalability readiness Reduce future performance-related outages and rewrites Client Question Addressed: > “Will this stay fast when I have 10× the users?”

This document defines a structured Performance & Scalability Audit for a Laravel-based web application. It evaluates whether the application is fast today and capable of scaling reliably as usage grows. List the most significant performance constraints discovered during the audit.

Performance & Scalability Audit (Web Application)

Intermediate 6h
The Performance & Scalability Audit exists to: Establish a clear performance baseline Identify current and future bottlenecks Reduce risk before growth or launch Demonstrate professional engineering standards Guide informed technical decision-making This audit is typically performed: Before launch Before major feature releases Prior to scaling traffic or users When performance concerns arise

This document defines a framework-agnostic Performance & Scalability Audit for modern web applications. It is designed to demonstrate the processes, rigor, and value applied to every project, regardless of technology stack. This audit answers a critical business question:

Web Performance Optimization Audit

Intermediate 2h
Identify performance bottlenecks, optimize load times, improve Core Web Vitals, and enhance overall user experience.

A comprehensive performance audit for web applications.

Website Performance Audit (Enhanced)

Intermediate 5h
Identify and prioritize performance optimizations for web applications.

Comprehensive website performance assessment using points-based scoring. Evaluates Core Web Vitals, asset optimization, caching, and JavaScript performance with percentage-based metrics.

Code Quality

19

Code quality audits evaluating maintainability, best practices, and technical debt.

A/B Testing Program Audit

Intermediate 3h
The A/B Testing Program Audit is intended to: Assess A/B testing program maturity Evaluate testing methodology Review statistical rigor Verify platform utilization Identify optimization improvements

This document provides a structured checklist and evaluation framework for performing an A/B testing program audit. It covers testing methodology, platform utilization, and optimization culture.

Accessibility Testing Audit

Intermediate 4h
The Accessibility Testing Audit is intended to: Assess accessibility testing coverage Evaluate automated testing tools Review manual testing practices Verify assistive technology support Identify accessibility testing gaps

This document provides a structured checklist and evaluation framework for performing an accessibility testing audit. It covers automated testing, manual testing, assistive technology, and compliance.

Architecture & Code Quality Audit (Web Application)

Intermediate 6h
The Architecture & Code Quality Audit exists to: Assess structural soundness of the application Identify maintainability and scalability risks Reduce future rewrite and refactor costs Ensure the codebase can support team growth Demonstrate professional engineering standards This audit is typically performed: During onboarding to an existing project Before major feature expansion Prior to scaling a development team As part of a production readiness review

This document defines a framework-agnostic Architecture & Code Quality Audit for modern web applications. It is designed to evaluate whether a codebase is maintainable, extensible, and safe to evolve over time. This audit answers a critical long-term question:

Code Review Process Audit

Intermediate 3h
The Code Review Process Audit is intended to: Assess code review coverage and consistency Evaluate review tooling and automation Review quality gate effectiveness Verify team collaboration practices Identify process improvement opportunities

This document provides a structured checklist and evaluation framework for performing a code review process audit. It covers review practices, tooling, quality gates, team dynamics, and continuous improvement.

Documentation & Knowledge Transfer Audit

Intermediate 3h
The Documentation & Knowledge Transfer Audit exists to: Assess README and onboarding documentation quality Evaluate API and technical documentation Review architecture decision records Measure bus factor risk Ensure sustainable knowledge sharing This audit is typically performed: During team transitions Before major handoffs When onboarding challenges arise As part of project health reviews During due diligence processes

This document defines a framework-agnostic Documentation & Knowledge Transfer Audit for modern web applications. It evaluates the completeness and quality of documentation to reduce key-person dependencies. This audit answers a critical question:

Documentation Quality Audit

Intermediate 3h
The Documentation Quality Audit is intended to: Assess documentation coverage and completeness Evaluate documentation accuracy and currency Review documentation accessibility Verify documentation maintenance processes Identify improvement opportunities

This document provides a structured checklist and evaluation framework for performing a documentation quality audit. It covers technical documentation, API docs, user guides, process docs, and documentation maintenance.

Internationalization (i18n) Architecture Audit

Intermediate 4h
The Internationalization Architecture Audit is intended to: Evaluate i18n code implementation Assess string externalization Review locale management Verify framework configuration Ensure scalable multi-language support

This document provides a structured checklist and evaluation framework for auditing internationalization code architecture. It covers string externalization, locale handling, and framework implementation.

Knowledge Base Architecture Audit

Intermediate 3h
The Knowledge Base Architecture Audit is intended to: Evaluate information architecture Assess taxonomy and categorization Review content relationships Verify findability and navigation Ensure knowledge management best practices

This document provides a structured checklist and evaluation framework for auditing knowledge base structure and information architecture. It covers taxonomy, content relationships, and knowledge management.

Localization Testing Audit

Intermediate 3h
The Localization Testing Audit is intended to: Evaluate linguistic testing coverage Assess functional localization testing Review internationalization testing Verify locale-specific functionality Ensure localization quality standards

This document provides a structured checklist and evaluation framework for auditing localization testing processes and quality. It covers linguistic testing, functional testing, and localization bug management.

Maintainability & Onboarding Audit

Intermediate 3h
The Maintainability & Onboarding Audit exists to: Measure developer onboarding time and friction Assess code clarity and organization Evaluate configuration and environment complexity Review tribal knowledge risks Ensure sustainable long-term development This audit is typically performed: When planning team growth After onboarding challenges During codebase health reviews Before major refactoring efforts As part of acquisition due diligence

This document defines a framework-agnostic Maintainability & Onboarding Audit for modern web applications. It evaluates how quickly new developers can become productive and how sustainable the codebase is for ongoing development. This audit answers a critical question:

Microservices Architecture Audit

Intermediate 5h
The Microservices Architecture Audit is intended to: Assess service boundaries and design Evaluate inter-service communication Review deployment and operations Verify observability implementation Identify architectural improvements

This document provides a structured checklist and evaluation framework for performing a microservices architecture audit. It covers service design, communication, deployment, and operations.

Mobile Testing & Quality Assurance Audit

Intermediate 4h
The Mobile Testing & QA Audit is intended to: Evaluate test coverage and quality Assess UI automation implementation Review device and platform testing Verify CI/CD pipeline integration Ensure quality gate effectiveness

This document provides a structured checklist and evaluation framework for auditing mobile-specific testing practices and coverage. It covers unit testing, UI automation, device testing, and CI/CD integration.

Mobile Testing Audit

Intermediate 3h
The Mobile Testing Audit is intended to: Assess mobile testing coverage Evaluate device and OS coverage Review automation strategy Verify mobile-specific testing Identify mobile testing gaps

This document provides a structured checklist and evaluation framework for performing a mobile testing audit. It covers device coverage, test automation, platform testing, and mobile-specific concerns.

SaaS Multi-Tenancy Architecture Audit

Intermediate 5h
The SaaS Multi-Tenancy Audit is intended to: Verify tenant data isolation Assess cross-tenant security Review resource allocation and limits Evaluate tenant provisioning processes Ensure compliance with data residency

This document provides a structured checklist and evaluation framework for auditing tenant isolation and multi-tenant architecture. It covers data separation, resource limits, and tenant lifecycle management.

Serverless Architecture Audit

Intermediate 4h
The Serverless Architecture Audit is intended to: Assess serverless function configuration and security Evaluate cold start mitigation strategies Review timeout and error handling Verify IAM role least privilege Identify performance and cost optimization opportunities

This document provides a structured checklist and evaluation framework for performing a serverless architecture audit. It covers Lambda/Functions configuration, cold start optimization, timeout handling, IAM roles, and serverless best practices.

Technical Debt Audit

Intermediate 4h
The Technical Debt Audit is intended to: Assess technical debt levels Evaluate debt tracking practices Review prioritization approach Verify remediation progress Identify debt management improvements

This document provides a structured checklist and evaluation framework for performing a technical debt audit. It covers debt identification, measurement, prioritization, and remediation.

Test Automation Strategy Audit

Intermediate 4h
The Test Automation Strategy Audit is intended to: Assess test automation maturity Evaluate framework selection Review CI/CD integration Verify coverage and quality Identify automation improvements

This document provides a structured checklist and evaluation framework for performing a test automation strategy audit. It covers test pyramid, framework selection, CI integration, and maintenance.

Testing Coverage Audit

Intermediate 3h
The Testing Coverage Audit exists to: Evaluate test coverage percentage and quality Assess critical path testing completeness Review test automation reliability Identify testing gaps and risks Ensure sustainable testing practices This audit is typically performed: Before major releases When test failures increase During team scaling As part of quality reviews When refactoring legacy code

This document defines a framework-agnostic Testing Coverage Audit for modern web applications. It evaluates test quality, coverage, and automation to assess confidence in code changes. This audit answers a critical question:

TypeScript Code Quality Audit

Intermediate 3h
The TypeScript Code Quality Audit is intended to: Assess TypeScript configuration and strictness Evaluate type safety and coverage Review patterns and best practices Verify error handling with types Identify type system improvements

This document provides a structured checklist and evaluation framework for performing a TypeScript code quality audit. It covers type safety, configuration, patterns, generics, and migration strategies.

Operations

6

Operations audits covering deployment, monitoring, logging, and infrastructure reliability.

Data Integrity & Backup Audit

Advanced 4h
Evaluate data integrity controls, backup strategies, and recovery capabilities to ensure data protection and business continuity.

This document defines a framework-agnostic Data Integrity & Backup Audit for modern web applications. It evaluates data protection, consistency, and recoverability to ensure business continuity. This audit answers a critical question:

Database Health Audit

Intermediate 3h
Evaluate database performance, maintenance practices, and operational health to ensure reliable and efficient data operations.

This document defines a framework-agnostic Database Health Audit for modern web applications. It evaluates database design, performance, and scalability to ensure reliable data layer operations. This audit answers a critical question:

DevOps & Deployment Audit

Intermediate 3h 20m
Evaluate DevOps practices, deployment automation, infrastructure management, and operational readiness for reliable software delivery.

This document defines a framework-agnostic DevOps & Deployment Audit for modern web applications. It evaluates the reliability, automation, and safety of deployment processes. This audit answers a critical question:

Infrastructure Monitoring Audit

Intermediate 3h
Evaluate infrastructure monitoring coverage, alerting, and response capabilities to ensure system reliability and rapid issue detection.

This document provides a structured checklist and evaluation framework for performing an infrastructure monitoring audit. It covers metrics collection, alerting, dashboards, and incident response.

Log Management Audit

Intermediate 2h 40m
Evaluate log management practices including collection, storage, security, and analysis capabilities for operational and security purposes.

This document provides a structured checklist and evaluation framework for performing a log management audit. It covers log collection, storage, analysis, and security.

Logging & Observability Audit

Advanced 3h 40m
Evaluate logging, monitoring, and observability practices to ensure system visibility, troubleshooting capability, and proactive issue detection.

This document defines a framework-agnostic Logging & Observability Audit for modern web applications. It evaluates the ability to monitor, diagnose, and respond to issues in production. This audit answers a critical question:

User Experience

4

UX audits evaluating usability, accessibility, design consistency, and user satisfaction.

Accessibility & Compliance Audit

Intermediate 6h
Evaluate website accessibility compliance with WCAG 2.1 guidelines to ensure equal access for users with disabilities.

This document defines a framework-agnostic Accessibility & Compliance Audit for modern web applications. It evaluates whether an application is usable by all users, including those with disabilities, and assesses legal compliance risks. This audit answers a critical question:

Mobile Responsiveness Audit

Intermediate 4h
Evaluate website responsiveness and mobile user experience across devices and screen sizes.

This document defines a framework-agnostic Mobile Responsiveness Audit for modern web applications. It evaluates cross-device compatibility and mobile user experience. This audit answers a critical question:

SEO & Discoverability Audit

Intermediate 5h
Evaluate website search engine optimization and discoverability to improve organic search visibility.

This document defines a framework-agnostic SEO & Discoverability Audit for modern web applications. It evaluates search engine optimization and content findability. This audit answers a critical question:

User Experience (UX) Audit

Advanced 6h
Comprehensively evaluate user experience across the entire customer journey to identify friction points and improvement opportunities.

This document defines a framework-agnostic User Experience Audit for modern web applications. It evaluates usability, efficiency, and satisfaction of real user interactions. This audit answers a critical question:

Integrations

10

Integration audits reviewing third-party services, APIs, and external dependencies.

CRM Integration Audit

Intermediate 4h
The CRM Integration Audit is intended to: Assess CRM integration architecture Evaluate data synchronization Review workflow automation Verify data quality across systems Identify integration improvements

This document provides a structured checklist and evaluation framework for performing a CRM integration audit. It covers data synchronization, workflow automation, and system connectivity.

Crypto Wallet Integration Audit

Intermediate 5h
> Client Question: "Is my wallet integration secure and providing a safe user experience?" This audit evaluates wallet connection flows, transaction signing security, and protection against common web3 phishing vectors.

A comprehensive audit of web3 wallet connections, transaction signing, and dApp-wallet interaction security.

Integration & API Health Audit

Intermediate 3h
The Integration & API Health Audit exists to: Review external service dependencies Assess API error handling and resilience Evaluate timeout and retry logic Review authentication security for integrations Identify rate limiting and fallback strategies This audit is typically performed: Before production launch When integration issues occur After adding new third-party services During reliability reviews When scaling to higher volumes

This document defines a framework-agnostic Integration & API Health Audit for modern web applications. It evaluates the reliability and maintainability of third-party connections and API dependencies. This audit answers a critical question:

Layer 2 / Rollup Integration Audit

Intermediate 6h
> Client Question: "Is my Layer 2 integration secure and properly handling cross-chain operations?" This audit evaluates L2 rollup integrations, bridge security, and the assumptions made about finality and data availability.

A comprehensive audit of Layer 2 scaling solution implementations, bridges, and cross-layer communication.

LLM Integration Audit

Intermediate 5h
The LLM Integration Audit is intended to: Assess LLM API integration patterns Evaluate prompt engineering quality Review response handling and validation Verify cost management and optimization Identify safety and compliance considerations

This document provides a structured checklist and evaluation framework for performing an LLM integration audit. It covers API integration, prompt engineering, response handling, cost management, and safety considerations.

Mobile Backend API Integration Audit

Intermediate 4h
The Mobile Backend API Integration Audit is intended to: Evaluate API version management Assess authentication and token handling Review caching and optimization strategies Verify error handling and resilience Ensure graceful deprecation handling

This document provides a structured checklist and evaluation framework for auditing mobile app backend API integration patterns. It covers versioning, authentication, caching, and error handling.

Payment Gateway Integration Audit

Intermediate 5h
The Payment Gateway Integration Audit is intended to: Verify payment processor integration reliability Assess error handling and recovery mechanisms Evaluate webhook configuration and processing Review refund and dispute handling procedures Ensure PCI compliance scope is minimized

This document provides a structured checklist and evaluation framework for performing a payment gateway integration audit. It covers Stripe, PayPal, and other processor integrations including error handling, webhook reliability, refund processing, and PCI compliance scope.

Stripe Integration Best Practices Audit

Intermediate 4h
The Stripe Integration Best Practices Audit is intended to: Verify Stripe account configuration is optimal Assess integration quality and reliability Evaluate Stripe feature utilization Ensure compliance and security requirements met Maximize payment success rates and minimize costs

This document provides a structured checklist and evaluation framework for performing a Stripe integration best practices audit. It covers account configuration, integration quality, Stripe feature utilization, and compliance to ensure reliable payment processing and optimal use of Stripe capabilities.

Third-Party Integration Audit

Intermediate 5h
The Third-Party Integration Audit is intended to: Assess integration architecture Evaluate security implementation Review reliability patterns Verify monitoring and alerting Identify integration risks

This document provides a structured checklist and evaluation framework for performing a third-party integration audit. It covers API integrations, security, reliability, and maintenance.

Webhook Implementation Audit

Intermediate 3h
The Webhook Implementation Audit is intended to: Assess webhook design and implementation Evaluate security measures Review reliability patterns Verify monitoring and operations Identify webhook improvements

This document provides a structured checklist and evaluation framework for performing a webhook implementation audit. It covers webhook design, security, reliability, and operations.

Compliance

14

Regulatory compliance audits for GDPR, HIPAA, SOC2, PCI-DSS, and data privacy frameworks.

CCPA Consumer Privacy Audit

Advanced 5h
The CCPA Consumer Privacy Audit is intended to: Assess compliance with California Consumer Privacy Act requirements Evaluate consumer rights implementation (know, delete, opt-out, non-discrimination) Verify data collection and sale disclosure practices Review opt-out mechanisms and "Do Not Sell" processes Prepare for CPRA (California Privacy Rights Act) enhanced requirements

This document provides a structured checklist and evaluation framework for performing a CCPA (California Consumer Privacy Act) compliance audit. It covers consumer privacy rights, data collection disclosure requirements, and opt-out mechanisms for organizations processing California resident data.

Content Governance & Compliance Audit

Advanced 3h
The Content Governance & Compliance Audit is intended to: Evaluate content governance framework Assess legal and regulatory compliance Review accessibility standards Verify content lifecycle management Ensure risk mitigation

This document provides a structured checklist and evaluation framework for auditing content governance, legal compliance, and accessibility. It covers content policies, regulatory requirements, and accessibility standards.

Cookie Consent & Tracking Audit

Advanced 3h
The Cookie Consent & Tracking Audit is intended to: Assess compliance with cookie consent requirements (GDPR, ePrivacy, CCPA) Evaluate consent banner implementation and user experience Verify consent management platform (CMP) functionality Review third-party script and tracking governance Identify unauthorized or non-compliant tracking technologies

This document provides a structured checklist and evaluation framework for performing a cookie consent and tracking compliance audit. It covers cookie banners, consent management, analytics compliance, and third-party script governance under GDPR, CCPA, and ePrivacy regulations.

Data Retention & Deletion Audit

Advanced 4h
The Data Retention & Deletion Audit is intended to: Assess compliance with data minimization principles Evaluate retention policy implementation across systems Verify automated and manual deletion procedures Review archival practices and legal hold management Identify data retained beyond justified periods

This document provides a structured checklist and evaluation framework for performing a data retention and deletion compliance audit. It covers retention policies, automated deletion procedures, archival practices, and legal hold management across organizational data stores.

GDPR Compliance Audit

Advanced 8h
The GDPR Compliance Audit is intended to: Assess compliance with EU General Data Protection Regulation requirements Identify gaps in data privacy practices and documentation Evaluate consent management and data subject rights implementation Verify lawful basis for data processing activities Review cross-border data transfer mechanisms

This document provides a structured checklist and evaluation framework for performing a GDPR (General Data Protection Regulation) compliance audit. It covers data privacy, consent management, data subject rights, and cross-border transfer requirements for organizations processing EU citizen data.

HIPAA Technical Safeguards Audit

Advanced 6h
The HIPAA Technical Safeguards Audit is intended to: Evaluate access control implementations Assess audit controls and logging Review integrity controls for ePHI Verify transmission security measures Ensure technical compliance with 45 CFR § 164.312

This document provides a structured checklist and evaluation framework for performing a HIPAA Technical Safeguards audit. It covers the technical controls required under the HIPAA Security Rule to protect electronic Protected Health Information (ePHI).

PCI-DSS Compliance Audit

Advanced 8h
The PCI-DSS Compliance Audit is intended to: Assess compliance with PCI-DSS requirements Identify gaps in cardholder data protection Evaluate network security and access control measures Review vulnerability management and monitoring practices Prepare for QSA assessment or SAQ completion

This document provides a structured checklist and evaluation framework for performing a PCI-DSS (Payment Card Industry Data Security Standard) compliance audit. It covers the 12 requirements for protecting cardholder data and maintaining a secure payment environment.

Privacy Policy & Terms Audit

Advanced 3h
The Privacy Policy & Terms Audit is intended to: Assess privacy policy completeness against regulatory requirements Verify terms of service legal adequacy Evaluate policy accessibility and user experience Ensure alignment between stated practices and actual data processing Identify gaps requiring legal review or update

This document provides a structured checklist and evaluation framework for performing a privacy policy and terms of service audit. It covers policy completeness, legal accuracy, accessibility, and compliance with global privacy regulations.

Regional Compliance & Legal Audit

Advanced 5h
The Regional Compliance & Legal Audit is intended to: Evaluate regional privacy compliance Assess local legal requirements Review market-specific regulations Verify payment and tax compliance Ensure safe market entry

This document provides a structured checklist and evaluation framework for auditing regional legal compliance and market-specific requirements. It covers privacy regulations, local laws, and market entry requirements.

Regulatory Compliance Audit

Advanced 6h
The Regulatory Compliance Audit is intended to: Identify applicable regulatory requirements Assess compliance program effectiveness Review documentation and record-keeping Evaluate monitoring and reporting Minimize regulatory and legal risk

This document provides a structured checklist and evaluation framework for performing a Regulatory Compliance audit. It covers industry regulations, compliance programs, documentation, and monitoring to ensure business operations meet applicable regulatory requirements.

SOC 2 Type II Readiness Audit

Advanced 8h
The SOC 2 Type II Readiness Audit is intended to: Assess readiness for a formal SOC 2 Type II examination Identify gaps in controls across Trust Services Criteria Evaluate control design and operating effectiveness Prepare documentation required for SOC 2 examination Reduce risk of qualified opinion or exceptions

This document provides a structured checklist and evaluation framework for performing a SOC 2 Type II readiness audit. It covers the five Trust Services Criteria (TSC): Security, Availability, Processing Integrity, Confidentiality, and Privacy.

Software Licensing Compliance Audit

Advanced 4h
The Software Licensing Compliance Audit is intended to: Document all software licenses in use Verify usage within licensed scope Assess open source compliance obligations Ensure audit readiness Minimize legal and financial liability

This document provides a structured checklist and evaluation framework for performing a software licensing compliance audit. It covers license inventory, usage compliance, open source obligations, and audit readiness to ensure proper software usage and minimize compliance risk.

Tax Compliance & Calculation Audit

Advanced 4h
The Tax Compliance & Calculation Audit is intended to: Verify tax rates are configured correctly per jurisdiction Ensure tax calculations are accurate Assess tax reporting and filing readiness Evaluate handling of special tax scenarios Prevent regulatory penalties and audit risk

This document provides a structured checklist and evaluation framework for performing a tax compliance and calculation audit. It covers tax configuration, calculation accuracy, reporting, and special scenarios to ensure proper tax collection and regulatory compliance across jurisdictions.

Terms of Service & Privacy Policy Audit

Advanced 3h
The Terms of Service & Privacy Policy Audit is intended to: Ensure Terms of Service are complete and protective Verify Privacy Policy meets regulatory requirements Assess document enforceability Review jurisdiction-specific compliance Protect the business while maintaining transparency

This document provides a structured checklist and evaluation framework for performing a Terms of Service and Privacy Policy audit. It covers legal document completeness, regulatory compliance, enforceability, and jurisdiction-specific requirements to ensure website legal documents protect the business and meet regulatory requirements.

E-Commerce

5

E-commerce audits covering checkout flows, payments, inventory, and online store operations.

E-Commerce Checkout Flow Audit

Intermediate 4h
Evaluate checkout flow optimization, conversion barriers, and payment experience to maximize revenue and customer satisfaction.

This document provides a structured checklist and evaluation framework for performing an e-commerce checkout flow audit. It covers cart functionality, checkout UX, abandonment risks, payment integration, and mobile checkout optimization.

Inventory & Order Management Audit

Advanced 5h
Evaluate inventory accuracy, order processing efficiency, and fulfillment workflows to minimize stockouts and improve customer satisfaction.

This document provides a structured checklist and evaluation framework for performing an inventory and order management audit. It covers stock tracking, overselling prevention, order lifecycle management, and fulfillment processes.

Pricing & Promotions Audit

Intermediate 3h
Evaluate pricing accuracy, promotion configuration, and discount security to protect margins while driving conversions.

This document provides a structured checklist and evaluation framework for performing a pricing and promotions audit. It covers price accuracy, discount logic, coupon security, promotional display, and pricing strategy implementation.

Product Catalog & Search Audit

Intermediate 4h
Evaluate product data quality, search functionality, and catalog navigation to improve product discovery and conversion.

This document provides a structured checklist and evaluation framework for performing a product catalog and search audit. It covers product data quality, search relevance, filtering capabilities, and faceted navigation.

Shipping & Tax Calculation Audit

Advanced 4h
Verify shipping and tax calculation accuracy to ensure compliance and prevent revenue leakage from miscalculations.

This document provides a structured checklist and evaluation framework for performing a shipping and tax calculation audit. It covers shipping rate accuracy, tax compliance, international shipping, and address validation.

Cloud & Infrastructure

5

Cloud infrastructure audits for AWS, Azure, GCP, containers, and serverless architectures.

AWS Infrastructure Audit

Advanced 6h
Evaluate AWS infrastructure security, reliability, and cost optimization across all major services and configurations.

This document provides a structured checklist and evaluation framework for performing an AWS infrastructure audit. It covers IAM security, VPC configuration, S3 bucket security, EC2 best practices, CloudWatch monitoring, and cost optimization.

Disaster Recovery & Business Continuity Audit

Advanced 5h
Evaluate disaster recovery and business continuity planning, procedures, and testing to ensure organizational resilience.

This document provides a structured checklist and evaluation framework for performing a disaster recovery and business continuity audit. It covers RTO/RPO definitions, failover procedures, backup testing, and runbook completeness.

Infrastructure as Code Audit

Advanced 4h
Evaluate Infrastructure as Code practices including code quality, security, state management, and CI/CD integration.

This document provides a structured checklist and evaluation framework for performing an Infrastructure as Code (IaC) audit. It covers Terraform/CDK quality, state management, drift detection, secrets handling, and IaC best practices.

Infrastructure Automation Audit

Intermediate 3h 20m
Evaluate infrastructure automation maturity including provisioning, configuration management, and operational automation.

This document provides a structured checklist and evaluation framework for performing an infrastructure automation audit. It covers Infrastructure as Code, configuration management, and automation practices.

Load Balancer & Scaling Audit

Intermediate 3h
Evaluate load balancer configuration, auto-scaling policies, and high availability setup for optimal performance and reliability.

This document provides a structured checklist and evaluation framework for performing a load balancer and scaling audit. It covers ALB/NLB configuration, auto-scaling policies, health checks, SSL termination, and high availability.

Frontend & JavaScript

7

Frontend framework audits for React, Vue, Angular, Node.js, and modern JavaScript applications.

Browser Compatibility Audit

Intermediate 4h
The Browser Compatibility Audit is intended to: Assess cross-browser functionality Evaluate CSS compatibility and fallbacks Review JavaScript feature support Verify mobile browser compatibility Identify graceful degradation gaps

This document provides a structured checklist and evaluation framework for performing a browser compatibility audit. It covers cross-browser testing, polyfills, CSS compatibility, progressive enhancement, and graceful degradation.

Frontend Build & Bundle Audit

Advanced 4h
The Frontend Build & Bundle Audit is intended to: Assess build tool configuration and efficiency Evaluate bundle size and optimization Review code splitting strategies Verify tree shaking effectiveness Identify build performance improvements

This document provides a structured checklist and evaluation framework for performing a frontend build and bundle audit. It covers Webpack/Vite configuration, bundle optimization, code splitting, tree shaking, and build performance.

Next.js Application Audit

Advanced 4h
The Next.js Application Audit is intended to: Assess Next.js architecture and rendering strategies Evaluate data fetching and caching patterns Review API routes and middleware implementation Verify image and performance optimization Identify deployment and scaling considerations

This document provides a structured checklist and evaluation framework for performing a Next.js application audit. It covers SSR/SSG strategies, API routes, image optimization, ISR, middleware, and App Router patterns.

Node.js Backend Audit

Advanced 4h 15m
The Node.js Backend Audit is intended to: Assess Node.js application architecture and patterns Evaluate async/await and promise handling Review security implementation and middleware Verify error handling and logging Identify performance and scalability concerns

This document provides a structured checklist and evaluation framework for performing a Node.js backend audit. It covers Express/Fastify patterns, async handling, security practices, clustering, and Node.js best practices.

React Application Audit

Intermediate 4h 15m
The React Application Audit is intended to: Assess React component architecture and patterns Evaluate state management implementation Review hooks usage and custom hooks quality Verify performance optimization practices Identify testing coverage and quality gaps

This document provides a structured checklist and evaluation framework for performing a React application audit. It covers component architecture, state management, hooks usage, performance optimization, and testing practices.

React Native Application Audit

Advanced 3h 15m
The React Native Application Audit is intended to: Assess cross-platform code quality Evaluate native module integration Review performance optimization Verify platform-specific implementations Identify React Native best practices gaps

This document provides a structured checklist and evaluation framework for performing a React Native application audit. It covers cross-platform code quality, native integration, performance, and deployment.

Vue.js Application Audit

Intermediate 4h
The Vue.js Application Audit is intended to: Assess Vue component architecture and patterns Evaluate Composition API and reactivity usage Review state management implementation Verify routing and navigation patterns Identify performance and testing gaps

This document provides a structured checklist and evaluation framework for performing a Vue.js application audit. It covers Composition API usage, state management with Pinia, routing, SSR considerations, and Vue 3 best practices.

WordPress & CMS

5

CMS audits for WordPress security, performance, plugins, and headless CMS architectures.

Content Migration Audit

Advanced 5h
Evaluate content migration planning, execution, and validation to ensure complete and accurate transfer of content between systems.

This document provides a structured checklist and evaluation framework for performing a content migration audit. It covers migration planning, data mapping, content transformation, validation, and rollback procedures.

Editorial Workflow Audit

Intermediate 3h
Evaluate content creation, review, and publishing workflows to ensure quality, efficiency, and proper governance.

This document provides a structured checklist and evaluation framework for performing an editorial workflow audit. It covers content creation, review processes, publishing workflows, and team collaboration.

Headless CMS Audit

Advanced 4h
Evaluate headless CMS architecture, API design, content modeling, and integration patterns for scalability and maintainability.

This document provides a structured checklist and evaluation framework for performing a headless CMS audit. It covers API design, content modeling, frontend integration, performance, and security considerations.

WordPress Plugin Audit

Intermediate 3h
Evaluate WordPress plugin security, performance impact, update status, and necessity to maintain a secure and efficient site.

This document provides a structured checklist and evaluation framework for performing a WordPress plugin audit. It covers plugin architecture, hooks system, database interactions, security, and WordPress plugin standards.

WordPress Theme Audit

Intermediate 3h 20m
Evaluate WordPress theme security, performance, code quality, and maintainability to ensure a solid foundation for the website.

This document provides a structured checklist and evaluation framework for performing a WordPress theme audit. It covers theme structure, template hierarchy, performance, security, and WordPress coding standards.

AI & Modern Tech

6

Emerging technology audits for AI/ML integration, LLMs, chatbots, and RAG systems.

AI Chatbot Audit

Advanced 3h 20m
Evaluate AI chatbot implementation quality, conversation design, safety measures, and user experience for conversational AI systems.

This document provides a structured checklist and evaluation framework for performing an AI chatbot audit. It covers conversation design, NLU quality, integration, user experience, and safety considerations.

AI Ethics & Governance Audit

Advanced 4h
Evaluate AI ethics practices, governance frameworks, fairness measures, and responsible AI development across the organization.

This document provides a structured checklist and evaluation framework for performing an AI ethics and governance audit. It covers ethical AI principles, governance frameworks, transparency, accountability, and regulatory compliance.

AI/ML Model Audit

Expert 5h
Evaluate ML model development practices, validation, deployment, and monitoring for production machine learning systems.

This document provides a structured checklist and evaluation framework for performing an AI/ML model audit. It covers model development, training data, evaluation, deployment, and monitoring considerations.

RAG System Audit

Advanced 4h
Evaluate Retrieval-Augmented Generation system quality, including retrieval accuracy, generation quality, and operational reliability.

This document provides a structured checklist and evaluation framework for performing a Retrieval-Augmented Generation (RAG) system audit. It covers document processing, embedding strategy, retrieval quality, generation, and system reliability.

Voice Interface Audit

Advanced 3h
Evaluate voice interface design, speech recognition accuracy, and user experience for voice-enabled applications.

This document provides a structured checklist and evaluation framework for performing a voice interface audit. It covers voice UX design, speech recognition, natural language processing, and privacy.

VR/AR Application Audit

Expert 4h
Evaluate VR/AR application quality, performance, user safety, and immersive experience design.

This document provides a structured checklist and evaluation framework for performing a VR/AR application audit. It covers user experience, performance, safety, and platform compliance.

Business Process

8

Business process audits for user journeys, conversion funnels, onboarding, and analytics.

Agile Practices Audit

Intermediate 3h
The Agile Practices Audit is intended to: Assess agile methodology implementation Evaluate team effectiveness Review ceremony and artifact quality Verify continuous improvement practices Identify agile adoption gaps

This document provides a structured checklist and evaluation framework for performing an agile practices audit. It covers Scrum/Kanban implementation, team dynamics, and continuous improvement.

Analytics & Tracking Audit

Intermediate 4h
The Analytics & Tracking Audit is intended to: Assess analytics implementation completeness Evaluate event tracking accuracy Review reporting and dashboard quality Verify attribution modeling Identify privacy and compliance gaps

This document provides a structured checklist and evaluation framework for performing an analytics and tracking audit. It covers data collection, event tracking, reporting, attribution, and privacy compliance.

Change Management Audit

Advanced 2h 45m
The Change Management Audit is intended to: Assess change management processes Evaluate risk assessment practices Review approval workflows Verify rollback capabilities Identify process improvements

This document provides a structured checklist and evaluation framework for performing a change management audit. It covers change processes, risk assessment, approval workflows, and rollback procedures.

Conversion Funnel Audit

Intermediate 4h
The Conversion Funnel Audit is intended to: Assess funnel structure and flow Evaluate conversion rates at each stage Identify drop-off points and friction Review optimization opportunities Verify measurement and testing capabilities

This document provides a structured checklist and evaluation framework for performing a conversion funnel audit. It covers funnel stages, drop-off analysis, optimization opportunities, and conversion rate optimization practices.

Customer Support System Audit

Intermediate 3h 45m
The Customer Support System Audit is intended to: Assess support channel availability and quality Evaluate ticket management efficiency Review self-service resources Verify SLA compliance Identify customer satisfaction improvement opportunities

This document provides a structured checklist and evaluation framework for performing a customer support system audit. It covers support channels, ticket management, self-service, SLAs, and customer satisfaction.

Email & Notification System Audit

Intermediate 4h 15m
The Email & Notification System Audit is intended to: Assess email infrastructure and deliverability Evaluate transactional email effectiveness Review marketing email performance Verify notification preferences and compliance Identify deliverability and engagement issues

This document provides a structured checklist and evaluation framework for performing an email and notification system audit. It covers transactional emails, marketing automation, push notifications, deliverability, and user preferences.

User Onboarding Flow Audit

Intermediate 4h
The User Onboarding Flow Audit is intended to: Assess signup and registration experience Evaluate activation and first-run experience Review user education and guidance Verify retention mechanisms Identify friction points and drop-off areas

This document provides a structured checklist and evaluation framework for performing a user onboarding flow audit. It covers signup process, activation, user education, retention hooks, and success metrics.

Vendor Management Audit

Intermediate 2h 45m
The Vendor Management Audit is intended to: Assess vendor management practices Evaluate contract and SLA compliance Review vendor risk assessment Verify performance monitoring Identify vendor management improvements

This document provides a structured checklist and evaluation framework for performing a vendor management audit. It covers vendor selection, contract management, performance monitoring, and risk assessment.

Data & Database

7

Database audits covering schema design, data integrity, backup strategies, query optimization, and data lifecycle management.

Data Pipeline Audit

Advanced 3h 30m
The Data Pipeline Audit is intended to: Assess pipeline architecture and design Evaluate reliability and fault tolerance Review data quality checks Verify monitoring and alerting Identify improvement opportunities

This document provides a structured checklist and evaluation framework for performing a data pipeline audit. It covers architecture, reliability, monitoring, and data quality.

Data Warehouse Audit

Advanced 3h 15m
The Data Warehouse Audit is intended to: Assess data warehouse architecture Evaluate data modeling practices Review performance and optimization Verify data quality and governance Identify improvement opportunities

This document provides a structured checklist and evaluation framework for performing a data warehouse audit. It covers architecture, data modeling, performance, and governance.

IoT Data Pipeline Audit

Advanced 3h 45m
> Client Question: "Is my IoT data pipeline secure, scalable, and compliant with data protection requirements?" This audit evaluates the security and reliability of IoT data collection, processing, and storage systems.

A comprehensive audit of IoT telemetry ingestion, processing, and analytics infrastructure.

MongoDB Database Audit

Advanced 3h 30m
The MongoDB Database Audit is intended to: Assess schema design and data modeling Evaluate query performance and indexing Review security configurations Verify backup and recovery procedures Identify MongoDB-specific issues

This document provides a structured checklist and evaluation framework for performing a MongoDB database audit. It covers schema design, indexing, security, and operational practices.

MySQL Database Audit

Advanced 3h 15m
The MySQL Database Audit is intended to: Assess database configuration and optimization Evaluate query performance Review security settings Verify backup and recovery procedures Identify MySQL-specific issues

This document provides a structured checklist and evaluation framework for performing a MySQL database audit. It covers configuration, performance, security, and operational practices.

PostgreSQL Database Audit

Advanced 3h 15m
The PostgreSQL Database Audit is intended to: Assess database configuration and optimization Evaluate query performance Review security settings Verify backup and recovery procedures Identify PostgreSQL-specific issues

This document provides a structured checklist and evaluation framework for performing a PostgreSQL database audit. It covers configuration, performance, security, and operational practices.

Redis Database Audit

Intermediate 3h 15m
The Redis Database Audit is intended to: Assess Redis configuration and optimization Evaluate memory management Review security settings Verify high availability configuration Identify Redis-specific issues

This document provides a structured checklist and evaluation framework for performing a Redis database audit. It covers configuration, memory management, security, and operational practices.

API & Microservices

3

API audits for design patterns, versioning, documentation, rate limiting, service mesh, and contract testing.

API Documentation Audit

Basic 3h
Evaluate API documentation quality, completeness, and developer experience.

This document provides a structured checklist and evaluation framework for auditing API documentation quality and completeness. It covers OpenAPI specs, developer experience, and documentation accuracy.

GraphQL API Audit

Advanced 6h
Evaluate GraphQL API implementation maturity covering schema design, security, performance, and operational readiness.

This document provides a structured checklist and evaluation framework for performing a GraphQL API audit. It covers schema design, security, performance, and developer experience.

REST API Design Audit

Intermediate 5h
Evaluate REST API design quality, security, and adherence to industry standards.

This document provides a structured checklist and evaluation framework for performing a REST API design audit. It covers API design principles, security, documentation, and developer experience.

DevOps & CI/CD

5

DevOps audits covering pipeline efficiency, deployment automation, environment parity, release management, and feature flags.

CI/CD Pipeline Audit

Advanced 4h
Evaluate CI/CD pipeline design, security, efficiency, and reliability to ensure fast, safe, and consistent software delivery.

This document provides a structured checklist and evaluation framework for performing a CI/CD pipeline audit. It covers build processes, testing automation, deployment strategies, security, and reliability.

Docker Environment Audit

Advanced 4h
Evaluate Docker container infrastructure, image security, orchestration practices, and operational maturity for containerized applications.

This document provides a structured checklist and evaluation framework for performing a Docker environment audit. It covers image management, container configuration, security, and operational practices.

Mobile Release & Deployment Audit

Advanced 3h 20m
Evaluate mobile app release processes, app store compliance, versioning, and deployment strategies for iOS and Android applications.

This document provides a structured checklist and evaluation framework for auditing mobile release processes and deployment practices. It covers build automation, code signing, staged rollouts, and monitoring.

Release Management Audit

Intermediate 3h
Evaluate release management processes, version control practices, deployment strategies, and change management for reliable software delivery.

This document provides a structured checklist and evaluation framework for performing a release management audit. It covers release processes, versioning, deployment strategies, and rollback procedures.

SaaS Feature Flagging & Entitlements Audit

Intermediate 3h
Evaluate feature flag management, entitlement systems, and progressive delivery practices for controlled feature releases.

This document provides a structured checklist and evaluation framework for auditing feature access control and entitlement management. It covers feature flags, plan-based gating, and rollout strategies.

Vendor & Third-Party Risk

4

Vendor risk audits for SLA compliance, dependency audits, supply chain security, and vendor security posture assessment.

Employment & Contractor Agreement Audit

Intermediate 5h
Evaluate employment and contractor agreements for completeness, compliance, and risk mitigation.

This document provides a structured checklist and evaluation framework for performing an Employment and Contractor Agreement audit. It covers employment agreements, contractor documentation, worker classification, and compliance documentation to ensure proper workforce documentation and minimize misclassification risk.

Third-Party Privacy Risk Audit

Advanced 6h
Evaluate privacy risks associated with third-party vendors that process personal data.

A comprehensive audit of vendor privacy practices, data processor agreements, and third-party risk management.

Translation Management System (TMS) Audit

Intermediate 4h
Evaluate translation management system configuration, workflow efficiency, and vendor management practices.

This document provides a structured checklist and evaluation framework for auditing translation management systems and workflows. It covers TMS configuration, workflow automation, and vendor management.

Vendor Contract Management Audit

Intermediate 4h
Evaluate vendor contract management practices including inventory, performance monitoring, and risk mitigation.

This document provides a structured checklist and evaluation framework for performing a Vendor Contract Management audit. It covers contract inventory, risk assessment, performance management, and contract terms to ensure effective vendor relationship management and risk mitigation.

Disaster Recovery & Business Continuity

1

DR/BC audits covering backup verification, RTO/RPO compliance, failover testing, and incident response playbooks.

Disaster Recovery Audit

Advanced 8h
Evaluate the organization's disaster recovery capabilities, ensuring business continuity in the event of system failures, natural disasters, or cyber incidents.

This document provides a structured checklist and evaluation framework for performing a disaster recovery audit. It covers DR planning, backup strategies, recovery procedures, and testing.

Mobile Applications

8

Mobile app audits for iOS/Android guidelines, app store compliance, offline sync, push notifications, and deep linking.

Android Application Audit

Advanced 8h
The Android Application Audit is intended to: Assess code quality and architecture Evaluate Play Store guideline compliance Review security implementations Verify performance optimization Identify Android-specific issues

This document provides a structured checklist and evaluation framework for performing an Android application audit. It covers Kotlin/Java code quality, Play Store guidelines, security, and performance.

App Store Optimization (ASO) Audit

Intermediate 4h
The App Store Optimization Audit is intended to: Assess app store listing effectiveness Evaluate keyword optimization Review visual assets quality Verify conversion optimization Identify discoverability improvements

This document provides a structured checklist and evaluation framework for performing an App Store Optimization audit. It covers metadata, visuals, ratings, and discoverability across iOS App Store and Google Play Store.

Flutter Application Audit

Advanced 7h
The Flutter Application Audit is intended to: Assess Dart code quality and architecture Evaluate widget tree efficiency Review platform-specific implementations Verify performance optimization Identify Flutter best practices gaps

This document provides a structured checklist and evaluation framework for performing a Flutter application audit. It covers Dart code quality, widget architecture, platform integration, and performance.

iOS Application Audit

Advanced 8h
The iOS Application Audit is intended to: Assess code quality and architecture Evaluate App Store guideline compliance Review security implementations Verify performance optimization Identify iOS-specific issues

This document provides a structured checklist and evaluation framework for performing an iOS application audit. It covers Swift/SwiftUI code quality, App Store guidelines, security, and performance.

Mobile App Analytics & Attribution Audit

Intermediate 5h
The Mobile Analytics & Attribution Audit is intended to: Evaluate analytics SDK integration quality Assess event tracking completeness and accuracy Review attribution provider configuration Verify privacy compliance (ATT, GDPR) Identify data collection gaps

This document provides a structured checklist and evaluation framework for auditing mobile analytics implementation and marketing attribution. It covers SDK integration, event tracking, attribution providers, and privacy compliance.

Mobile In-App Purchase & Monetization Audit

Advanced 6h
The Mobile IAP & Monetization Audit is intended to: Verify in-app purchase implementation correctness Assess subscription lifecycle management Review receipt validation and fraud prevention Evaluate revenue recognition accuracy Ensure store guideline compliance

This document provides a structured checklist and evaluation framework for auditing in-app purchases, subscriptions, and revenue integrity. It covers store integration, receipt validation, and billing compliance.

Mobile Offline & Sync Audit

Advanced 6h
The Mobile Offline & Sync Audit is intended to: Evaluate offline data persistence strategy Assess sync mechanism reliability Review conflict resolution logic Verify network state handling Ensure data consistency

This document provides a structured checklist and evaluation framework for auditing offline-first architecture and data synchronization. It covers local storage, conflict resolution, and sync reliability.

Mobile Push Notification Audit

Intermediate 5h
The Mobile Push Notification Audit is intended to: Evaluate push permission request strategy Assess notification delivery reliability Review notification content and UX Verify deep linking from notifications Ensure privacy and opt-out compliance

This document provides a structured checklist and evaluation framework for auditing push notification implementation and engagement. It covers permission handling, notification delivery, and user experience.

SaaS & Subscription

13

SaaS platform audits covering multi-tenancy, billing integration, usage metering, churn prevention, and onboarding flows.

Multi-Currency & International Billing Audit

Intermediate 4h
The Multi-Currency & International Billing Audit is intended to: Verify currency configuration and handling Assess international pricing strategy Evaluate international payment method support Review tax and compliance for international transactions Optimize global payment success rates

This document provides a structured checklist and evaluation framework for performing a multi-currency and international billing audit. It covers currency configuration, pricing strategy, international payments, and tax compliance to ensure reliable global revenue operations.

Payment Reconciliation & Settlement Audit

Intermediate 3h
The Payment Reconciliation & Settlement Audit is intended to: Verify payment records match bank statements Ensure processor settlements are accurate Identify and resolve payment exceptions Validate month-end close procedures Prevent financial misstatement and cash flow issues

This document provides a structured checklist and evaluation framework for performing a payment reconciliation and settlement audit. It covers daily reconciliation processes, settlement accuracy, exception management, and month-end close procedures to ensure financial records match actual cash flows.

Revenue Recognition & Billing Accuracy Audit

Intermediate 5h
The Revenue Recognition & Billing Accuracy Audit is intended to: Verify billing configurations match pricing strategies Ensure revenue recognition follows accounting standards (ASC 606/IFRS 15) Validate invoice accuracy against service delivery Assess billing system integration reliability Identify revenue leakage and billing errors

This document provides a structured checklist and evaluation framework for performing a revenue recognition and billing accuracy audit. It covers billing configuration, revenue recognition compliance, invoice accuracy, and billing system integration to ensure financial accuracy and regulatory compliance.

SaaS Agreement Review Audit

Intermediate 3h
The SaaS Agreement Review Audit is intended to: Evaluate subscription and pricing terms Assess service level commitments Review data handling and security provisions Verify customer protection clauses Balance business flexibility with customer fairness

This document provides a structured checklist and evaluation framework for performing a SaaS Agreement Review audit. It covers subscription terms, service levels, data handling, and customer protections to ensure SaaS agreements are balanced and protective for both providers and customers.

SaaS Customer Health & Success Audit

Intermediate 4h
The SaaS Customer Health & Success Audit is intended to: Evaluate customer health scoring methodology Assess risk prediction accuracy Review proactive engagement triggers Verify success milestone tracking Ensure retention optimization

This document provides a structured checklist and evaluation framework for auditing customer health scoring and success management. It covers health indicators, risk prediction, and proactive engagement strategies.

SaaS Data Portability & Export Audit

Intermediate 3h
The SaaS Data Portability & Export Audit is intended to: Evaluate data export capabilities Assess API data access options Review regulatory compliance (GDPR, CCPA) Verify data format standards Ensure smooth offboarding experience

This document provides a structured checklist and evaluation framework for auditing data export capabilities and portability compliance. It covers data export formats, API access, and regulatory compliance.

SaaS Onboarding & Activation Audit

Intermediate 3h
The SaaS Onboarding & Activation Audit is intended to: Evaluate signup and registration flow Assess first-time user experience Review activation milestone tracking Verify personalization effectiveness Ensure time-to-value optimization

This document provides a structured checklist and evaluation framework for auditing user onboarding flows and activation metrics. It covers signup experience, first-time user experience, and time-to-value optimization.

SaaS Subscription Lifecycle Audit

Intermediate 4h
The SaaS Subscription Lifecycle Audit is intended to: Evaluate subscription state management Assess plan change handling Review trial and cancellation flows Verify billing accuracy Ensure revenue recognition compliance

This document provides a structured checklist and evaluation framework for auditing subscription management and billing lifecycle. It covers plan management, upgrades/downgrades, cancellation, and revenue operations.

SaaS Usage Metering & Billing Audit

Intermediate 4h
The SaaS Usage Metering & Billing Audit is intended to: Verify usage event collection accuracy Assess metering aggregation logic Review billing integration Evaluate customer visibility Ensure billing accuracy

This document provides a structured checklist and evaluation framework for auditing usage-based billing and metering systems. It covers event collection, aggregation, and billing integration.

SaaS User Provisioning & SSO Audit

Intermediate 4h
The SaaS User Provisioning & SSO Audit is intended to: Evaluate SSO implementation quality Assess automated user provisioning Review directory synchronization Verify session management security Ensure enterprise readiness

This document provides a structured checklist and evaluation framework for auditing enterprise user management and SSO integration. It covers SCIM, SAML, OAuth/OIDC, and directory synchronization.

Subscription & Recurring Billing Audit

Intermediate 4h
The Subscription & Recurring Billing Audit is intended to: Assess subscription management system reliability Evaluate billing cycle and proration accuracy Review dunning and failed payment recovery Verify upgrade/downgrade and cancellation flows Identify churn risks and billing issues

This document provides a structured checklist and evaluation framework for performing a subscription and recurring billing audit. It covers subscription lifecycle management, billing cycles, dunning, upgrades/downgrades, and proration handling.

Subscription Billing & Dunning Audit

Intermediate 3h
The Subscription Billing & Dunning Audit is intended to: Verify subscription lifecycle processes work correctly Optimize dunning sequences for payment recovery Ensure payment method management reduces failures Track and improve subscription retention metrics Minimize involuntary churn from payment failures

This document provides a structured checklist and evaluation framework for performing a subscription billing and dunning audit. It covers subscription lifecycle management, dunning configuration, payment method management, and churn metrics to maximize revenue retention and minimize involuntary churn.

SaaS Application Audit (Enhanced)

Intermediate 6h
Assess SaaS platform maturity and identify areas for improvement.

Comprehensive SaaS platform assessment using maturity model scoring. Evaluates multi-tenancy, billing, scalability, and operational excellence across CMMI maturity levels.

Content & SEO

7

Content and SEO audits for content strategy, technical SEO, schema markup, Core Web Vitals, and crawlability.

Content Quality & E-E-A-T Audit

Intermediate 3h 30m
The Content Quality & E-E-A-T Audit is intended to: Evaluate E-E-A-T signal strength Assess content accuracy and depth Review author credibility Verify trust signals Ensure YMYL compliance where applicable

This document provides a structured checklist and evaluation framework for auditing content quality and E-E-A-T signals. It covers Experience, Expertise, Authoritativeness, and Trustworthiness.

Content Strategy & Planning Audit

Intermediate 3h 30m
The Content Strategy & Planning Audit is intended to: Evaluate content strategy alignment Assess editorial planning processes Review content governance Verify content quality standards Ensure strategic content ROI

This document provides a structured checklist and evaluation framework for auditing content strategy and editorial planning. It covers content pillars, editorial calendars, and content governance.

Link Building & Off-Page SEO Audit

Advanced 3h 15m
The Link Building & Off-Page SEO Audit is intended to: Evaluate backlink profile quality Assess link acquisition strategies Review competitor link gaps Verify link building practices Ensure sustainable link growth

This document provides a structured checklist and evaluation framework for auditing link building strategies and backlink profile health. It covers link acquisition, competitor analysis, and link quality assessment.

Local SEO Audit

Intermediate 3h 30m
The Local SEO Audit is intended to: Evaluate Google Business Profile optimization Assess local citation consistency Review reputation and reviews management Verify local content strategy Ensure local search visibility

This document provides a structured checklist and evaluation framework for auditing local search optimization. It covers Google Business Profile, local citations, reviews, and local content strategy.

Multilingual SEO Audit

Advanced 3h 30m
The Multilingual SEO Audit is intended to: Evaluate hreflang implementation Assess international targeting setup Review localized keyword strategies Verify search engine configurations Ensure global organic visibility

This document provides a structured checklist and evaluation framework for auditing multilingual and multi-regional SEO. It covers hreflang implementation, international targeting, and localized content optimization.

On-Page SEO Audit

Intermediate 3h 30m
The On-Page SEO Audit is intended to: Evaluate meta tag optimization Assess content quality and relevance Review heading hierarchy Verify keyword implementation Ensure on-page best practices

This document provides a structured checklist and evaluation framework for auditing on-page SEO elements. It covers meta tags, content optimization, heading structure, and keyword implementation.

Technical SEO Audit

Advanced 3h 30m
The Technical SEO Audit is intended to: Evaluate crawlability and indexability Assess site architecture and structure Review Core Web Vitals performance Verify structured data implementation Ensure search engine best practices

This document provides a structured checklist and evaluation framework for auditing technical SEO implementation. It covers crawlability, indexability, site architecture, and Core Web Vitals.

Localization & i18n

3

Internationalization audits covering translation workflows, RTL support, date/currency formatting, and cultural adaptation.

Content Localization Audit

Intermediate 5h
Evaluate content localization quality, cultural adaptation, and translation processes.

This document provides a structured checklist and evaluation framework for auditing content localization quality and processes. It covers translation quality, cultural adaptation, and content parity.

Locale Formatting & Standards Audit

Intermediate 4h
Evaluate locale-specific formatting implementation for dates, numbers, currencies, and other regional standards.

This document provides a structured checklist and evaluation framework for auditing locale-specific formatting and data standards. It covers date/time, numbers, currency, and address formatting across regions.

RTL & Bidirectional Text Audit

Advanced 4h
Evaluate RTL (right-to-left) language support and bidirectional text handling.

This document provides a structured checklist and evaluation framework for auditing right-to-left (RTL) language support and bidirectional text handling. It covers layout mirroring, text direction, and mixed-content scenarios.

Documentation & Knowledge

6

Documentation audits for code docs, API documentation, runbooks, knowledge base accuracy, and onboarding materials.

Developer Documentation Audit

Intermediate 3h
Evaluate developer documentation quality, completeness, and maintainability to ensure developers can effectively use APIs, SDKs, and technical resources.

This document provides a structured checklist and evaluation framework for auditing developer-focused documentation. It covers code documentation, SDK guides, and developer experience.

Documentation Metrics & Analytics Audit

Intermediate 2h
Evaluate documentation analytics implementation and metrics tracking to enable data-driven documentation improvements.

This document provides a structured checklist and evaluation framework for auditing documentation measurement and optimization. It covers analytics setup, performance metrics, and continuous improvement.

Documentation Tooling & Platform Audit

Intermediate 2h 30m
Evaluate documentation platform capabilities, tooling, and infrastructure to ensure efficient content creation and delivery.

This document provides a structured checklist and evaluation framework for auditing documentation tools and platforms. It covers authoring tools, publishing platforms, and workflow automation.

Internal Documentation Audit

Intermediate 3h
Evaluate internal knowledge base and documentation quality for team productivity and knowledge sharing.

This document provides a structured checklist and evaluation framework for auditing internal documentation and team knowledge. It covers runbooks, wikis, and operational documentation.

Technical Writing Standards Audit

Intermediate 2h 30m
Evaluate technical writing quality, style consistency, and adherence to documentation standards.

This document provides a structured checklist and evaluation framework for auditing technical writing quality and standards. It covers style guides, consistency, and documentation best practices.

User Documentation & Help Center Audit

Basic 2h 40m
Evaluate end-user documentation and help center quality to ensure users can self-serve and find answers effectively.

This document provides a structured checklist and evaluation framework for auditing user-facing documentation and help resources. It covers help centers, knowledge bases, and end-user guides.

Blockchain & Web3

6

Web3 audits covering smart contract security, wallet integration, gas optimization, and decentralization patterns.

Blockchain & Smart Contract Audit

Expert 3h
The Blockchain & Smart Contract Audit is intended to: Assess smart contract security Evaluate blockchain architecture Review operational practices Verify access controls Identify blockchain-specific vulnerabilities

This document provides a structured checklist and evaluation framework for performing a blockchain and smart contract audit. It covers smart contract security, blockchain architecture, and operational practices.

Blockchain Node Operations Audit

Advanced 3h 30m
> Client Question: "Is my blockchain node infrastructure secure and reliable for production use?" This audit evaluates node security, RPC protection, key management, and operational procedures for blockchain infrastructure.

A comprehensive audit of self-hosted blockchain node infrastructure, RPC endpoints, and validator security.

Cross-chain Interoperability Audit

Expert 3h 45m
> Client Question: "Is my cross-chain integration secure against bridge exploits and message manipulation?" This audit evaluates bridge architecture, validator security, and message verification for cross-chain protocols.

A comprehensive audit of cross-chain bridges, interoperability protocols, and multi-chain asset management.

DAO Governance Audit

Advanced 3h 45m
> Client Question: "Is my DAO governance secure, fair, and resistant to manipulation?" This audit evaluates governance smart contracts, voting mechanisms, and decision-making processes for decentralized organizations.

A comprehensive audit of decentralized autonomous organization governance mechanisms, voting systems, and treasury management.

NFT Platform Audit

Expert 3h 45m
> Client Question: "Is my NFT platform secure, compliant with standards, and ready for public minting?" This audit evaluates NFT contract security, metadata handling, marketplace functionality, and creator royalty implementations.

A comprehensive audit of NFT minting, marketplace, metadata systems, and smart contract implementations for ERC-721 and ERC-1155 tokens.

Token Economics Audit

Expert 3h 45m
> Client Question: "Is my token's economic model sustainable and resistant to manipulation?" This audit validates token mechanics, distribution fairness, and identifies potential economic attack vectors.

A comprehensive audit of token distribution, vesting schedules, staking mechanisms, and economic model sustainability.

IoT & Edge Computing

6

IoT audits for device security, firmware updates, edge processing, and connectivity resilience.

Edge Computing Audit

Advanced 3h
The Edge Computing Audit is intended to: Assess edge architecture design Evaluate deployment practices Review edge security Verify operational capabilities Identify edge computing improvements

This document provides a structured checklist and evaluation framework for performing an edge computing audit. It covers edge architecture, deployment, security, and operations.

Edge Computing Platform Audit

Advanced 2h 45m
> Client Question: "Is my edge computing platform secure and properly managing distributed workloads?" This audit evaluates edge node security, workload isolation, and data processing compliance at the edge.

A comprehensive security audit of edge computing infrastructure, workloads, and edge-to-cloud communication.

IoT Communication Protocol Audit

Advanced 3h 15m
> Client Question: "Are my IoT device communications secure and properly authenticated?" This audit evaluates protocol configurations, encryption, and access controls for IoT communication channels.

A comprehensive security audit of IoT messaging protocols including MQTT, CoAP, and related communication security.

IoT Firmware Update Audit

Advanced 3h 30m
> Client Question: "Is my firmware update process secure and resistant to malicious updates?" This audit evaluates OTA update security, ensuring only authentic firmware is installed and devices remain operational during updates.

A comprehensive audit of over-the-air (OTA) update mechanisms and firmware lifecycle security.

IoT Fleet Management Audit

Advanced 4h
> Client Question: "Is my IoT device fleet secure and efficiently managed at scale?" This audit evaluates fleet management security covering device provisioning, monitoring, and lifecycle operations for thousands of devices.

A comprehensive audit of large-scale IoT device fleet operations, provisioning, and lifecycle management.

Real-Time Systems Audit

Expert 3h
The Real-Time Systems Audit is intended to: Assess real-time performance requirements Evaluate message delivery reliability Review scalability architecture Verify fault tolerance Identify real-time system improvements

This document provides a structured checklist and evaluation framework for performing a real-time systems audit. It covers latency requirements, message delivery, scalability, and reliability.

Privacy Engineering

8

Privacy-focused audits covering data minimization, consent management, anonymization, and privacy by design principles.

Consent Management Audit

Intermediate 6h
> Client Question: "Is my consent management system compliant with GDPR and other privacy regulations?" This audit evaluates consent mechanisms, preference centers, and consent lifecycle management.

A comprehensive audit of consent collection, storage, and management systems for GDPR and privacy compliance.

Cross-Border Data Transfer Audit

Advanced 7h
> Client Question: "Are our international data transfers compliant with GDPR and other cross-border data regulations?" This audit evaluates transfer impact assessments, legal mechanisms, and data localization compliance.

A comprehensive audit of international data transfers, transfer mechanisms, and compliance with data localization requirements.

Data Anonymization & Pseudonymization Audit

Advanced 6h
> Client Question: "Is my anonymized data truly anonymous and resistant to re-identification attacks?" This audit evaluates anonymization techniques, k-anonymity, differential privacy implementation, and re-identification risk.

A comprehensive audit of data de-identification techniques, anonymization effectiveness, and re-identification risk assessment.

Data Subject Rights (DSAR) Audit

Intermediate 6h
> Client Question: "Can we efficiently fulfill data subject rights requests within regulatory timeframes?" This audit evaluates DSAR processes, automation, identity verification, and response quality for GDPR, CCPA, and other regulations.

A comprehensive audit of data subject access request handling and privacy rights fulfillment processes.

PII Discovery & Classification Audit

Advanced 7h
> Client Question: "Do we know where all personal data resides in our systems and how it's classified?" This audit evaluates PII discovery tools, data classification accuracy, and data inventory completeness.

A comprehensive audit of personal data discovery, classification, and data mapping processes.

Privacy by Design Audit

Advanced 8h
> Client Question: "Is my system designed with privacy as a foundational principle, not an afterthought?" This audit evaluates how well privacy-by-design principles are embedded into architecture, development processes, and operations. > Data used only for stated purposes.
Check Status Score Notes
Purposes clearly defined
Purpose binding enforced
Secondary use requires consent
Compatible use assessment
No function creep
Purpose documented in code
Data segregation by purpose

A comprehensive audit of privacy-by-design principles implementation throughout the software development lifecycle.

Privacy Impact Assessment (PIA/DPIA) Audit

Intermediate 5h
> Client Question: "Is our privacy impact assessment process effective at identifying and mitigating privacy risks?" This audit evaluates DPIA methodology, timing, risk assessment quality, and integration with development processes.

A comprehensive audit of privacy impact assessment processes, methodology, and integration with project lifecycles.

Privacy-Preserving Analytics Audit

Advanced 6h
> Client Question: "Can we derive valuable analytics insights while respecting user privacy and regulatory requirements?" This audit evaluates privacy-preserving analytics techniques, consent-based tracking, and cookieless measurement solutions.

A comprehensive audit of analytics implementations that protect user privacy while providing business insights.

Financial & Billing

4

Financial audits for revenue recognition, payment processing accuracy, reconciliation, and fraud prevention.

Accounts Receivable & Collections Audit

Intermediate 3h
Evaluate accounts receivable processes, collection procedures, and cash flow management for efficiency and compliance.

This document provides a structured checklist and evaluation framework for performing an accounts receivable and collections audit. It covers invoice delivery, payment terms, collection processes, and AR performance to optimize cash flow and minimize bad debt.

Financial Reporting & Analytics Audit

Advanced 3h 30m
Evaluate financial reporting accuracy, KPI calculations, and forecasting processes for data integrity and compliance.

This document provides a structured checklist and evaluation framework for performing a financial reporting and analytics audit. It covers revenue reporting, cash flow analysis, KPI accuracy, and report integrity to ensure financial data supports accurate decision-making.

Fraud Prevention & Risk Management Audit

Advanced 4h
Evaluate fraud detection, prevention, and risk management controls for financial transactions.

This document provides a structured checklist and evaluation framework for performing a fraud prevention and risk management audit. It covers fraud detection rules, transaction monitoring, account security, and dispute management to protect revenue and prevent financial losses.

Refund & Credit Management Audit

Intermediate 2h 30m
Evaluate refund and credit management processes for policy compliance, abuse prevention, and customer experience.

This document provides a structured checklist and evaluation framework for performing a refund and credit management audit. It covers refund policy compliance, processing procedures, credit management, and abuse prevention to ensure controlled refund operations while maintaining customer satisfaction.

Legal & Contract

4

Legal audits covering license compliance, terms of service, data processing agreements, and IP protection.

Data Processing Agreement (DPA) Audit

Advanced 4h
Verify Data Processing Agreements meet GDPR Article 28 requirements and adequately protect personal data in processor relationships.

This document provides a structured checklist and evaluation framework for performing a Data Processing Agreement audit. It covers GDPR Article 28 requirements, security measures, data subject rights, and termination provisions to ensure DPAs meet regulatory requirements and protect personal data appropriately.

Intellectual Property Protection Audit

Intermediate 3h
Evaluate intellectual property identification, protection measures, and enforcement strategies to safeguard organizational IP assets.

This document provides a structured checklist and evaluation framework for performing an Intellectual Property Protection audit. It covers IP inventory, protection measures, third-party IP compliance, and enforcement to ensure business intellectual property is properly protected and managed.

Master Service Agreement (MSA) Audit

Intermediate 3h 20m
Evaluate Master Service Agreement completeness, risk allocation, and operational provisions for effective vendor/client relationships.

This document provides a structured checklist and evaluation framework for performing a Master Service Agreement audit. It covers core terms, liability provisions, intellectual property, and compliance requirements to ensure contracts provide adequate protection while remaining commercially reasonable.

Partnership & Reseller Agreement Audit

Intermediate 3h
Evaluate partnership and reseller agreements for clear terms, appropriate protections, and alignment with business objectives.

This document provides a structured checklist and evaluation framework for performing a Partnership and Reseller Agreement audit. It covers partner terms, revenue sharing, obligations, and relationship management to ensure partnership agreements are clear, fair, and protective.

Marketing Technology

3

Marketing technology audits covering tag management, marketing automation, CRM integration, A/B testing, and personalization.

Marketing Automation Audit

Intermediate 5h
Evaluate marketing automation platform utilization, campaign effectiveness, lead management practices, and data quality to identify improvements.

This document provides a structured checklist and evaluation framework for performing a marketing automation audit. It covers platform utilization, campaign management, lead scoring, and integration.

Personalization Strategy Audit

Advanced 6h
Assess personalization maturity across strategy, data foundation, segmentation, content delivery, and measurement capabilities.

This document provides a structured checklist and evaluation framework for performing a personalization strategy audit. It covers data collection, segmentation, content delivery, and measurement.

Tag Management Audit

Intermediate 4h
Assess tag management implementation quality, governance practices, performance impact, and privacy compliance.

This document provides a structured checklist and evaluation framework for performing a tag management audit. It covers tag implementation, governance, performance, and data quality.

HIPAA Compliance

9

HIPAA compliance audits for healthcare organizations covering PHI protection, technical safeguards, administrative controls, physical security, and breach management.

HIPAA Administrative Safeguards Audit

Advanced 8h
The HIPAA Administrative Safeguards Audit is intended to: Evaluate security management processes Assess workforce security measures Review information access management Verify security awareness training Ensure administrative compliance with 45 CFR § 164.308

This document provides a structured checklist and evaluation framework for performing a HIPAA Administrative Safeguards audit. It covers the administrative actions, policies, and procedures required under the HIPAA Security Rule to manage the selection, development, implementation, and maintenance of security measures.

HIPAA Audit Readiness Assessment

Advanced 6h
The HIPAA Audit Readiness Assessment is intended to: Evaluate documentation completeness and accessibility Assess evidence collection and organization Review audit response procedures Identify gaps before OCR audit Prepare organization for successful audit outcome

This document provides a structured checklist and evaluation framework for performing a HIPAA Audit Readiness assessment. It evaluates an organization's preparedness for an OCR (Office for Civil Rights) HIPAA compliance audit, covering documentation, evidence, and response procedures.

HIPAA Breach Notification Audit

Advanced 4h
The HIPAA Breach Notification Audit is intended to: Evaluate breach identification procedures Assess breach risk assessment methodology Review notification processes and timelines Verify documentation and reporting Ensure compliance with Breach Notification Rule

This document provides a structured checklist and evaluation framework for performing a HIPAA Breach Notification audit. It covers the requirements for identifying, assessing, and notifying breaches of unsecured PHI under the HIPAA Breach Notification Rule (45 CFR §§ 164.400-414).

HIPAA Business Associate Agreement Audit

Advanced 5h
The HIPAA Business Associate Agreement Audit is intended to: Evaluate BAA inventory and completeness Assess BAA contractual provisions Review business associate compliance monitoring Verify subcontractor requirements Ensure compliance with 45 CFR § 164.502(e) and § 164.504(e)

This document provides a structured checklist and evaluation framework for performing a HIPAA Business Associate Agreement (BAA) audit. It covers the requirements for establishing and maintaining compliant business associate relationships under the HIPAA Privacy and Security Rules.

HIPAA PHI Inventory & Data Flow Audit

Advanced 6h
The HIPAA PHI Inventory & Data Flow Audit is intended to: Identify all locations where PHI is created, received, maintained, or transmitted Classify PHI by sensitivity and risk level Map data flows across systems and processes Support risk analysis requirements Enable effective access controls and safeguards

This document provides a structured checklist and evaluation framework for performing a HIPAA PHI Inventory and Data Flow audit. It covers the identification, classification, and tracking of Protected Health Information throughout the organization to support risk analysis and compliance efforts.

HIPAA Physical Safeguards Audit

Advanced 4h
The HIPAA Physical Safeguards Audit is intended to: Evaluate facility access controls Assess workstation use and security Review device and media controls Verify physical protection of ePHI systems Ensure compliance with 45 CFR § 164.310

This document provides a structured checklist and evaluation framework for performing a HIPAA Physical Safeguards audit. It covers the physical measures, policies, and procedures required under the HIPAA Security Rule to protect electronic information systems and related buildings and equipment.

HIPAA Privacy Rule Compliance Audit

Advanced 7h
The HIPAA Privacy Rule Compliance Audit is intended to: Evaluate PHI use and disclosure practices Assess patient rights implementation Review Notice of Privacy Practices Verify minimum necessary compliance Ensure Privacy Rule compliance with 45 CFR § 164.500-534

This document provides a structured checklist and evaluation framework for performing a HIPAA Privacy Rule Compliance audit. It covers the requirements for protecting individually identifiable health information and ensuring patient rights under 45 CFR Part 160 and Subparts A and E of Part 164.

HIPAA Risk Analysis Audit

Advanced 8h
The HIPAA Risk Analysis Audit is intended to: Verify risk analysis has been conducted Assess risk analysis methodology and thoroughness Review risk identification and documentation Evaluate risk management follow-through Ensure ongoing risk analysis compliance

This document provides a structured checklist and evaluation framework for performing a HIPAA Risk Analysis audit. It evaluates the organization's compliance with the HIPAA Security Rule requirement to conduct an accurate and thorough assessment of potential risks and vulnerabilities to ePHI (45 CFR § 164.308(a)(1)(ii)(A)).

HIPAA Training & Awareness Audit

Advanced 3h
The HIPAA Training & Awareness Audit is intended to: Evaluate training program comprehensiveness Assess training delivery and completion Review training content adequacy Verify ongoing awareness efforts Ensure compliance with training requirements

This document provides a structured checklist and evaluation framework for performing a HIPAA Training and Awareness audit. It covers the workforce training requirements under both the HIPAA Privacy Rule (§ 164.530(b)) and Security Rule (§ 164.308(a)(5)) to ensure all workforce members understand their responsibilities for protecting PHI.

When Audits Are Performed

1

Discovery

Evaluate existing systems before starting a project. Know what you're working with.

2

Build Validation

Verify quality at key milestones during development.

3

Pre-Launch

Comprehensive audit before going live. Catch issues before users do.

4

Periodic Review

Regular health checks to ensure systems stay secure and performant.

What You Receive

Every audit produces a professional report visible in your client portal. You see the scores, understand the findings, and have a clear path forward.

  • Executive summary for stakeholders
  • Detailed findings with evidence
  • Prioritized recommendations
  • Portal access for tracking remediation

Sample Audit Scores

Security
4/5
Performance
3/5
Code Quality
5/5
Testing
2/5

See how your system scores

Start with a discovery audit. We'll evaluate your system and give you a clear picture of where things stand.

Start Your Discovery