SOC 2 · THROUGH CHAT

Do your entire SOC 2 inside Claude.

GRC MCP connects to Claude or ChatGPT and runs your whole SOC 2 Type 1 program — scope, policies, controls, evidence, and audit handoff.

Get started →See how it works ↓
Auditor-agnosticGRC-platform-agnosticCloud-agnostic
ChatGPT
Upsert our vendors: AWS, Vercel, Stripe.
Added 3 vendors to your inventory.
grc_upsert_vendor
Claude
Message Claude…
CC6
Policy approved
Readiness 100%
Evidence 1/1
BUILT FOR THE WAY SOC 2 ACTUALLY GETS DONE
Claude ChatGPT Auditor-agnostic Exports to standard GRC platforms
THE THESIS

A GRC platform is really just four things.

A structured model of your program, the requirements, an evidence repository, and a "what do I do next." Chat delivers all four — with none of the dashboard tax.

01

A structured model

Your scope, inventories, controls, and risks — stored, versioned, queryable.

02

The requirements

Every policy and control mapped to CC1–CC9, tailored to your system.

03

An evidence repository

Encrypted, hashed, immutable. Built for an auditor to trust.

04

What to do next

Claude always knows your phase, your gaps, and your next best action.

ZERO → AUDIT-READY

Seven phases. One chat window.

Every step happens in the same conversation — Claude moves you from an empty program to an auditor-ready package.

00

Activate & connect

Buy a membership, connect GRC MCP to Claude.

→ connector
01

Scope your system

Claude interviews you and writes your System Description.

grc_update_scope
02

Inventory intake

Employees, vendors, systems — captured in conversation.

grc_upsert_vendor
03

Generate policies

Tailored authoring prompts — your AI drafts the policy, not us. We version & track acks.

grc_generate_policygrc_attach_policy_draft
04

Controls & evidence

Upload a screenshot; we file it against the right control. Manual only — no integrations.

grc_request_evidence_uploadgrc_attach_evidence
05

Risk & readiness

Guided risk assessment + a gap report with a remediation backlog.

grc_run_readiness_assessment
06

Remediate & gate

Burn down gaps until 100% covered.

grc_check_audit_readiness
07

Auditor handoff

Generate and share your auditor package — in the web app.

→ web app

You upload. Claude does the rest.

You
Answer a few questions
Upload the screenshots Claude asks for
Approve your policies
GRC MCP + Claude
Writes your system description
Generates every policy prompt
Maps controls to CC1–CC9
Validates your evidence
Runs your risk + readiness assessment
Tells you exactly what's left

Wherever you already chat with AI.

Remote MCP over Streamable HTTP with OAuth 2.1. Connect once; your program follows you across clients.

ClaudeSonnet 4.5
Am I audit-ready?
Running your readiness check across CC1–CC9. Here's where you stand.
grc_run_readiness_assessment
Reply to Claude…
ChatGPT
Generate my Information Security Policy.
Here's your tailored authoring prompt — draft it in chat and I'll version and track it.
grc_generate_policy
Message ChatGPT…
THE SYSTEM OF RECORD

A file cabinet, a checkout, and a connect button.

The web app does only what chat can't: secure upload, durable storage, billing, and your auditor handoff. No dashboard to learn.

GRC MCP — Files
Drop screenshots here — tell Claude to file them.
mfa_okta.pngCC6.1
backup_policy_v2.pdfA1.2
aws_iam_export.csvunfiled
evidence_artifactverified ✓
controlCC6.1
sourcemanual upload
captured_byamir@acme.io
captured_at2026-06-12T14:08Z
sha-256a3f1c9…e07b
EVIDENCE INTEGRITY

Evidence an auditor can trust.

Every artifact is hashed, encrypted with a per-tenant key, and written to an append-only, hash-chained log. Auditor access is read-only, time-boxed, watermarked, and fully logged.

Get started now. Transition when you're ready.

Get started with GRC MCP and then transition to a GRC platform when you're ready. When you need Type 2 or multiple frameworks, export your whole program into a standard GRC platform with your own account — GRC MCP stays your system of record.

GRC MCP
your GRC platform
MEMBERSHIP

SOC 2 Type 1, starting from $500 a year.

SOC 2 Type 1 — Full program

1-year membership
from$500/ year

For companies with fewer than ten employees. Everything you need to go from zero to audit-ready, run entirely through chat.

Full SOC 2 Type 1 program
Every policy authoring prompt
Manual evidence vault
Risk + readiness assessment
Auditor package + portal
Export to a standard GRC platform

Questions, answered.

Do I need a GRC platform?+

GRC MCP isn't a GRC platform. It's a format and methodology — a better way to interact with the GRC platforms you already have, and to run your whole SOC 2 Type 1 program straight from chat.

Is the evidence collection automated?+

No — manual upload by design. You drop a screenshot; an AI validates each artifact and files it against the right control. No integrations to configure or break.

Which AI clients are supported?+

Any client that speaks remote MCP — Claude and ChatGPT today, over Streamable HTTP with OAuth 2.1. Connect once; your program follows you.

Who does the actual audit?+

An independent CPA firm — we're auditor-agnostic. We generate the package they need and a read-only portal to review it.

Can I move to another platform later?+

Yes. Export your whole program into a standard GRC platform with your own account whenever you're ready for Type 2 or multiple frameworks.

How fast is audit-ready?+

Typically under three weeks, depending on how quickly you upload the evidence Claude asks for.

/start-soc2

Do your SOC 2 inside Claude.

Connect in one click. Be audit-ready in weeks.

Get started Request a demo