The Problem
Getting certified for SOC2 and similar compliance frameworks is often confusing, expensive, and time-consuming for small and mid-sized businesses. Organizations must collect evidence, map documentation to regulatory requirements, and hire an external auditor to verify everything. The existing process is manual, fragmented, and offers little visibility into progress or readiness.
Our client wanted to change that by building a smart, AI-powered compliance platform that helps companies prepare for audits efficiently and accurately. While the MVP would focus on SOC2, the infrastructure had to be flexible enough to support other frameworks like NIST, HIPAA, ISO 27001, and more.
Our Solution
We built Audit Caddie, a modular, AI-powered compliance management platform that helps users gather and map their documentation to required domains, track progress toward certification, and generate reports and policies using AI.
The system provides companies with a clean dashboard to upload evidence, track completion status, collaborate with team members, and interact with an AI “Caddie” chatbot that helps generate policy templates and clarify domain requirements. Behind the scenes, our development team integrated secure token tracking, AI document classification using BERT, and a scalable admin system for client control.
What We Did
Modular Framework Architecture
To future-proof the system, we built the backend to support multiple compliance frameworks. Although the frontend only displays SOC2 for now, the core logic allows switching between standards, token allocation, domain generation, and report exports on a per-framework basis.
Smart Domain Mapping
Each compliance framework is broken down into domains. For SOC2, that’s over 60 domains like “Cybersecurity Intrusion Protocol.” Our AI system uses a customized BERT model to classify uploaded documents and auto-map them to the appropriate domains, saving users time and reducing confusion.
Custom User Roles and Collaboration
Audit Caddie supports multi-user teams with granular role control. Admin users can invite teammates, view token usage, manage uploads, and access team-wide chats. Regular users are limited to their own actions and progress, ensuring clarity and data security.
AI-Powered Policy Generation
We integrated “Caddie,” a GPT-style chatbot that assists users by answering questions and generating compliance policies. These policies are outputted into downloadable templates with content dynamically populated by AI prompts, customizable and maintained by SuperAdmins.
Compliance Notebook & Dashboard
Each user sees a dashboard showing compliance progress as a percentage. The “Compliance Notebook” lists all active domains, associated evidence, and progress markers. Users can easily upload new documents, tag them (evidence, policy, requirement), and recalculate progress.
Secure File Management & Metadata Tagging
Uploaded files are auto-tagged with AI-detected metadata like subject, inferred content, and upload timestamps. Users can manually adjust tags and link files to different domains. Files are stored via django-storages with support for S3 or Backblaze.
SuperAdmin Panel for Prompt & User Management
SuperAdmins can view all user actions, edit AI prompt logic, and audit system usage. Prompts are versioned and tagged, allowing for export traceability. SuperAdmins also get full access to chat logs and framework benchmarking tools.
Token System Integration
The app operates on a token-based model. Admins can view token usage by user, see detailed logs, and limit usage based on subscriptions. This enables transparent metering and monetization of AI services and policy generation.
Intake Form-Driven Onboarding
When a new user is onboarded, they complete a comprehensive intake form that determines their applicable domains. This intake form is shared across all compliance frameworks, making standard expansion easier.
Report Export and Audit Tools
Users can export their progress and generated policies in a shareable format (PDF and DOCX, under development). Exports are tagged with prompt IDs for traceability and audit purposes.
See What Our Clients Think About Our Services
Check out what one of our top clients has to say about Idea Maker.
PlaneFax
Aviation Marketplace Platform
The team was very responsive and easy to work with. They are professional, talented, and experienced team. They were able to meet all our requirements.
Idea Maker is distinguished for their personalized collaboration and white glove services. The team is dependable and reliable, sticking to the project's plan, offering feedback, and pushing back on the right things.
The way they understand the requirements we present to them is fairly solid. Both in terms of bringing their own interpretation in nailing the requirements and their design sense. By the time we launched, I had gotten significantly more value from our collaboration than what we had discussed in the original specs.
This is a boutique development firm where the Founder is directly involved with the project and the primary contact. This is unlike many development firms where you are simply handed off to developers that are not stakeholders. This is an important distinction that results in much better project accountability.
I have never had a site like this built before. I felt that Idea Maker and Tom had built numerous sites like this, and they were pros.
Idea Maker's portfolio is what drew us in. Their design style was in alignment with what we were after. We had initial consultations with 3 companies that we had narrowed it down to. Once we had our initial meeting with Tom at Idea Maker we knew we had the right choice to make. Their communication style works well for us.
Their customer service is excellent — they’re incredibly accessible and available, which I appreciate. Furthermore, they have enough experience and bandwidth to fulfill all my needs. They’re one of the best vendors I’ve worked with.
Let's Talk About Your Project!
Tom Kwon
CEO
If you’re interested in discussing how we can collaborate to meet your goals and overcome challenges – whether on the technical side or the business side – I’m just a message away. Let’s dive into a conversation!
Some of Our Awards and Recognitions
