The product you can use today
This is the bulk of ComplyReady — and it's all live right now, free during open beta. Connect your infrastructure, verify your posture, and answer real security reviews from verified data.
AWS cloud scanning
Connect AWS read-only and scan it against roughly 70 SOC 2 controls — encryption, IAM, logging, network, and more — each mapped to the criteria it satisfies, with remediation for anything that fails.
GitHub source-control scanning
Scan your GitHub organization across about 20 checks: 2FA enforcement, branch protection, required reviews, secret scanning, and other change-management controls.
Questionnaires answered from verified data
Upload any vendor security questionnaire — PDF, Excel, or Word. ComplyReady answers it directly from your verified cloud and source configuration, with the scan evidence cited.
AI-assisted answers with human review
For questions a scan can't answer, AI drafts a response from your profile and prior answers. Nothing is auto-approved — you review and confirm before anything is used.
Audit-ready policy generation
Generate security policies tailored to your actual stack — access control, incident response, encryption, and more — fully editable and version-tracked.
SOC 2 readiness view
A live readiness checklist where controls are auto-verified from your scans, so your status reflects what's actually configured instead of a manual self-assessment.
Public trust center
Publish a clean, public trust page that shows prospects your security posture and policies — without emailing another PDF.
Free during open beta
Everything above is free while ComplyReady is in open beta. No credit card, no payment, no trial countdown.
On the way — and honest about where each one is
These are actively being built or tested. We're labeling each by its real maturity rather than calling it done — early access means it's working but still being proven with our first users.
Kubernetes scanning
A read-only, in-cluster agent that checks your Kubernetes setup against CC6, CC8, and CC9 controls. It runs inside your cluster and pushes results out — no kubeconfig or cluster credentials are ever stored. In early access and being tested with our first users.
Google Cloud (GCP) scanning
SOC 2 scanning for Google Cloud, working the same way AWS does today — connect, scan, verify. Actively in progress.
Re-checking answers after you fix and re-scan
Closing the verify → fix → re-verify loop: when a scan flags a gap, fix it, re-scan, and have the affected questionnaire answers re-checked against the fresh results — so “verified” always means verified right now.
Directions we're considering
These are not commitments and have no timeline — they're the directions we think matter most for a serious compliance posture. Which ones we build, and in what order, is shaped by what beta users tell us they need.
Continuous monitoring
Scheduled scans, drift detection, and alerts when your posture changes — the direction that keeps you continuously compliant instead of compliant only on the day you checked. This is where we most want to take verification next.
More clouds & integrations
Additional cloud providers and tooling integrations, prioritized by what beta users actually connect and ask for.
Deeper coverage & more frameworks
Broader control coverage and compliance frameworks beyond SOC 2 over time — shaped by demand rather than a fixed plan.