Claw GRC/Docs
Start Free
📄

Reports & PDFs

Claw GRC generates professional PDF compliance reports at any point in time. Six report types cover everything from a quick executive summary to a full audit package — all ready to share with auditors, customers, and the board.

The 6 Report Types

Each report type is designed for a specific audience and use case. Reports are generated as PDFs with your organization's name, logo, and branding.

Report TypeAudienceWhen to Use
SOC 2 ReadinessYour audit preparation team, prospective external auditorPre-audit
Executive SummaryC-suite, board of directors, investorsOngoing
Gap AnalysisCompliance team, control ownersRemediation
Risk RegisterRisk committee, legal counsel, insurance brokersQuarterly
Agent GovernanceEnterprise customers, board, AI ethics committeeAI oversight
Audit PackageExternal auditors (SOC 2, ISO 27001, FedRAMP)Audit time

SOC 2 Readiness Report

The SOC 2 Readiness Report is the most commonly generated report. It provides a detailed view of your SOC 2 compliance posture, showing auditors exactly where you stand before the formal audit begins.

Structure

  1. Executive Overview — Overall readiness score, audit period, framework version
  2. Trust Service Criteria Summary — Score per TSC category (CC, A, C, PI, P)
  3. Control Implementation Status — Full table of all 95 controls with status, owner, evidence count, and last evidence date
  4. Evidence Inventory — All linked evidence items with type, upload date, and hash
  5. Open Gaps — Controls with no evidence or stale evidence, prioritized by category importance
  6. Remediation Timeline — Projected time to 100% readiness based on current ticket velocity

Generate before your first auditor call

Share the SOC 2 Readiness Report with your auditor at the kickoff meeting. It demonstrates organizational maturity and helps the auditor understand your current posture, potentially reducing the number of fieldwork days required.

Executive Summary Report

The Executive Summary is designed for non-technical stakeholders who need a high-level view without compliance jargon. It's typically generated monthly or quarterly for board reporting.

Structure

  1. Compliance Health Score — Single number with trend chart showing last 12 months
  2. Active Frameworks — Current score per framework in a simple visual table
  3. Top 5 Risks — Executive-language risk summary with treatment status
  4. Security Events This Period — Count of critical/high findings and resolution rate
  5. AI Agent Governance Summary — Number of agents, trust score distribution, incidents
  6. Upcoming Compliance Milestones — Policy reviews due, audit dates, framework renewals

Gap Analysis Report

The Gap Analysis Report is a working document for your compliance team. It shows exactly which controls are missing evidence, which are partially implemented, and what needs to happen to close each gap.

Structure

  1. Gap Summary by Framework — Total gaps, critical gaps, estimated effort to close
  2. Control Gap Detail — For each open gap: control name, required evidence types, current evidence, missing evidence description
  3. Evidence Gaps by Owner — Grouped by control owner — useful for assigning remediation work
  4. Stale Evidence List — Evidence that needs refreshing with staleness date
  5. Cross-Framework Opportunities — Controls that can be satisfied by implementing one piece of evidence across multiple frameworks

Risk Register Report

A complete export of your risk register in PDF format, suitable for presentation to the risk committee, legal counsel, or your cyber insurance carrier. Includes the full AIRSS score breakdown for each risk and treatment plan status.

Structure

  1. Risk Overview — Risk distribution by category, AIRSS score histogram
  2. Heatmap Visualization — Full-color heatmap showing all risks by likelihood and impact
  3. Risk Register Table — Complete list with AIRSS scores, all 5 factor values, treatment strategy, owner, and review date
  4. Top 10 Risks Detail — Extended narrative for the 10 highest-scoring risks
  5. Treatment Progress — Status of all risk mitigation plans with linked controls
  6. Risk Trends — How the risk landscape has changed over the last 90 days

Agent Governance Report

The Agent Governance Report is unique to Claw GRC — it covers your AI agent workforce's compliance posture. This is increasingly requested by enterprise customers as part of vendor due diligence and by boards implementing AI governance policies.

Structure

  1. Agent Inventory — All registered agents with status, type, and trust score
  2. Trust Score Distribution — Histogram showing trust score spread across all agents
  3. Agent Interaction Summary — Aggregate interaction counts, approval rates, anomaly flags
  4. Chain Hash Integrity — Verification status of all interaction chain hashes
  5. Policy Compliance per Agent — Which agents are operating within policy bounds
  6. Suspended/Flagged Agents — Agents that have been suspended with reason and timeline
  7. AI Governance Framework Alignment — SOC 2, EU AI Act, ISO 42001 control coverage for AI systems

Include in enterprise vendor due diligence responses

The Agent Governance Report is the ideal response to enterprise customers asking "How do you govern your AI agents?" Export it as PDF, redact any sensitive agent names, and include it as an exhibit in your vendor security questionnaire response.

Audit Package

The Audit Package is the most comprehensive export — designed to provide an external auditor with everything they need for a SOC 2 Type II, ISO 27001, or FedRAMP audit in a single ZIP archive. It includes:

  • All the above report PDFs
  • Complete evidence inventory with file downloads
  • Policy PDF exports with version history
  • Control mapping tables (cross-framework)
  • Vendor assessment summaries
  • Penetration test and scan results
  • Risk register export
  • Agent interaction chain hash verification report

Audit Package size can be large

An Audit Package with 12 months of evidence can be 500 MB or more. The platform generates a download link (valid for 24 hours) rather than sending the ZIP via email. Generate the package at least 30 minutes before you need it — large evidence inventories take time to compile.

Sharing Reports

Reports can be shared three ways:

  1. Download PDF — Download to your local device and share manually (email, file sharing)
  2. Share Link — Generate a read-only share link. The recipient can view the report in-browser without a Claw GRC account. Share links expire after 30 days by default (configurable up to 90 days).
  3. Auditor Portal — Invite an external auditor directly to a read-only portal view. They can browse evidence, view controls, and leave comments without having edit access.
📎
Build Your Evidence Library
Strong reports require strong evidence — ensure everything is linked and fresh
⚠️
Risk Register
The Risk Register Report pulls directly from your AIRSS-scored risk entries