The Problem
Getting certified for SOC2 and similar compliance frameworks is often confusing, expensive, and time-consuming for small and mid-sized businesses. Organizations must collect evidence, map documentation to regulatory requirements, and hire an external auditor to verify everything. The existing process is manual, fragmented, and offers little visibility into progress or readiness.
Our client wanted to change that by building a smart, AI-powered compliance platform that helps companies prepare for audits efficiently and accurately. While the MVP would focus on SOC2, the infrastructure had to be flexible enough to support other frameworks like NIST, HIPAA, ISO 27001, and more.
Our Solution
We built Audit Caddie, a modular, AI-powered compliance management platform that helps users gather and map their documentation to required domains, track progress toward certification, and generate reports and policies using AI.
The system provides companies with a clean dashboard to upload evidence, track completion status, collaborate with team members, and interact with an AI “Caddie” chatbot that helps generate policy templates and clarify domain requirements. Behind the scenes, our development team integrated secure token tracking, AI document classification using BERT, and a scalable admin system for client control.
What We Did
To future-proof the system, we built the backend to support multiple compliance frameworks. Although the frontend only displays SOC2 for now, the core logic allows switching between standards, token allocation, domain generation, and report exports on a per-framework basis.
Each compliance framework is broken down into domains. For SOC2, that’s over 60 domains like “Cybersecurity Intrusion Protocol.” Our AI system uses a customized BERT model to classify uploaded documents and auto-map them to the appropriate domains, saving users time and reducing confusion.
Audit Caddie supports multi-user teams with granular role control. Admin users can invite teammates, view token usage, manage uploads, and access team-wide chats. Regular users are limited to their own actions and progress, ensuring clarity and data security.
We integrated “Caddie,” a GPT-style chatbot that assists users by answering questions and generating compliance policies. These policies are outputted into downloadable templates with content dynamically populated by AI prompts, customizable and maintained by SuperAdmins.
Each user sees a dashboard showing compliance progress as a percentage. The “Compliance Notebook” lists all active domains, associated evidence, and progress markers. Users can easily upload new documents, tag them (evidence, policy, requirement), and recalculate progress.
Uploaded files are auto-tagged with AI-detected metadata like subject, inferred content, and upload timestamps. Users can manually adjust tags and link files to different domains. Files are stored via django-storages with support for S3 or Backblaze.
SuperAdmins can view all user actions, edit AI prompt logic, and audit system usage. Prompts are versioned and tagged, allowing for export traceability. SuperAdmins also get full access to chat logs and framework benchmarking tools.
The app operates on a token-based model. Admins can view token usage by user, see detailed logs, and limit usage based on subscriptions. This enables transparent metering and monetization of AI services and policy generation.
When a new user is onboarded, they complete a comprehensive intake form that determines their applicable domains. This intake form is shared across all compliance frameworks, making standard expansion easier.
Users can export their progress and generated policies in a shareable format (PDF and DOCX, under development). Exports are tagged with prompt IDs for traceability and audit purposes.
Client Success Stories
Trusted by Businesses Worldwide for Our Expertise and Results
See AllAquila Bernard
Coach
Their customer service is excellent — they’re incredibly accessible and available, which I appreciate. Furthermore, they have enough experience and bandwidth to fulfill all my needs. They’re one of the best vendors I’ve worked with.
Oscar Martinez
Project Manager
Idea Maker's portfolio is what drew us in. Their design style was in alignment with what we were after. We had initial consultations with 3 companies that we had narrowed it down to. Once we had our initial meeting with Tom at Idea Maker we knew we had the right choice to make. Their communication style works well for us.
JR Krebs
Project Lead, Legal Company
I have never had a site like this built before. I felt that Idea Maker and Tom had built numerous sites like this, and they were pros.
Ryan Beachum
Founder & CEO, HelloVacay
This is a boutique development firm where the Founder is directly involved with the project and the primary contact. This is unlike many development firms where you are simply handed off to developers that are not stakeholders. This is an important distinction that results in much better project accountability.
John Larkin
CEO, Advance CPE
The way they understand the requirements we present to them is fairly solid. Both in terms of bringing their own interpretation in nailing the requirements and their design sense. By the time we launched, I had gotten significantly more value from our collaboration than what we had discussed in the original specs.
Brennan Lodge
Founder, BLodgic LLC
Idea Maker is distinguished for their personalized collaboration and white glove services. The team is dependable and reliable, sticking to the project's plan, offering feedback, and pushing back on the right things.
Let's Talk About Your Project!
Book a Call