Public Launch·July 2026 Research Preview·Available now

SOC 2® audit,
done in your
Claude Code

From readiness to a signed report, your own Claude Code is all you need.

AICPA SOC Licensed AICPA SOC auditor
Get Free Research Access →
Claude Code
Claude Codev2.1.112
Opus 4.7 · Claude Max
How it works

Five steps. One conversation.

Like working with an expert who knows both SOC 2 and your company, at your own pace.

Step 1

Scope your audit

We guide you to determine the Trust Service Criteria (TSC) in scope, identify the critical systems, and decide which systems and tools are in or out of scope.

claude code
Step 2

Scan system configurations

Your AI runs read-only CLI commands to pull your system configurations, and submits the raw output directly to us. You approve every command first.

claude code
Step 3

Read your policies

Your AI reads your security policies and documentation directly from your machine. Read-only. You approve every command first.

claude code
Step 4

Follow-up questions

We ask follow-up questions based on the scan results to get a full picture of your operations. You reply naturally.

claude code
Step 5

Auditor review & signed report

All evidence submitted for deep review with a human in the loop. If everything looks good, your signed SOC 2® report is sent to you within 48 hours.

claude code
claude code
How we maintain quality

Quality that compounds.

Every engagement sharpens the next. Each audit ships against our highest bar, and lifts the bar for the one after.

Reasoning Engine Compounding strengthen AICPA Standards •  SSAE 18 •  Trust Services Criteria •  Points of Focus •  Description Criteria The Brain Claude Opus 4.7 The Knowledge Chiaro’s proprietary SOC 2 framework. Engagement Data Raw audit data and AI verdicts. Skills Reusable audit procedures, codified and refined across engagements. Calibration Examples Every override becomes a training signal for the engine on the next audit. Human Judgement An experienced auditor reviews key judgments, overriding AI verdicts as necessary.
End to end solutions

One-stop shop for your SOC 2.

An audit that barely feels like one. All you need is your own AI and the Chiaro MCP. No prep service, no GRC tool.

Readiness

Mock Exam

A full audit dry run. No signed report at the end.

  • Independent examination
  • Dedicated CPA support
  • Deep gap analysis
Public launch · July 2026
Examination

Full SOC 2 Audit

A real audit, signed and delivered to your buyers.

  • Independent examination
  • Dedicated CPA support
  • Final SOC 2 report
Public launch · July 2026
End to end

Mock Exam  +  Full Audit

We get you from unprepared to fully ready, then the real audit.

  • Everything in Mock Exam
  • Everything in Full SOC 2 Audit
Public launch · July 2026
Available now

Research preview.

We’re looking for a few research partners to work alongside us and help shape what Chiaro becomes. Run a real SOC 2 with us, tell us what’s working and what’s not. Let’s build together.

You get

A readiness mock exam and a full SOC 2 audit, on us.

We get

Your honest product feedback.

FAQs
Is Chiaro a GRC tool?
No. Chiaro is an audit product built and operated by a licensed CPA firm. It’s all you need to get your full SOC 2 report. GRC tools are compliance software. They help you get ready for an audit, but they can’t perform the audit itself, you still have to hire a CPA firm separately.
Who is the auditor?
Y Assurance PLLC, a licensed CPA firm registered with the Texas State Board of Public Accountancy and authorized to perform SOC 2 audits. Chiaro is the product of Y Assurance PLLC. No third party is involved in this process.
What’s the catch?
Just your feedback. Tell us what’s working and what’s not.
How much of our time will this take?
The full readiness and SOC 2 audit is self-paced, with us assisting and supporting throughout. We only ask for about 30 minutes a week to share feedback.
Do you need access to our systems?
No. Everything runs inside your own AI tool. Commands run locally, you approve each one, only the output comes back to us. We never hold credentials.
Who’s an ideal partner?
B2B SaaS companies looking to get their first SOC 2. Pre-revenue is fine.
What if it’s a bad fit mid-way?
Walk away, no obligation. We only ask that you tell us what didn’t work so we can fix it.