FAQ

Answers to common questions about ForgeComply.

General

What is ForgeComply?

ForgeComply is a compliance management platform that helps organizations prepare for SOC 2 and ISO 27001 audits. It provides structured workflows for evaluating controls, generating policies, collecting evidence, and producing audit-ready reports.

Who is ForgeComply for?

Startups and SMBs pursuing compliance certifications, security teams managing ongoing compliance, and founders who need to demonstrate security posture to customers, investors, or partners.

What frameworks does ForgeComply support?

Currently SOC 2 (Type I and Type II) and ISO 27001 (Stage 1 and Stage 2).

Does ForgeComply guarantee audit success?

No. ForgeComply helps you prepare for audits by organizing your controls, policies, and evidence. Passing an audit depends on your actual security implementation. We provide the structure; you provide the substance.

Assessments

What is an assessment?

An assessment is a compliance project for a specific framework and audit type. For example, "SOC 2 Type I - Q1 2025" or "ISO 27001 Stage 1."

Can I have multiple assessments?

Yes. Organizations often have multiple assessments (e.g., completing Type I, then starting Type II).

Can I change the framework after creating an assessment?

No. Each assessment is tied to a specific framework and audit type. Create a new assessment for a different framework.

Can I delete an assessment?

Contact support for assessment deletion requests.

Controls

How should I answer controls?

Answer based on your actual implementation:

Yes — Fully implemented and operating
No — Not implemented
Partial — In progress or partially implemented
N/A — Not applicable (provide justification)

Be honest. Auditors will verify your claims.

What do the statuses mean?

Pass — All requirements met (answer, owner, policy, evidence)
At Risk — Partially complete
Fail — Critical gaps exist
Not Started — No action taken

Who should be the control owner?

A specific person who can speak to the control's implementation and provide evidence if needed. Assign individuals, not teams.

Can I change my answer later?

Yes, anytime before generating reports. After reports are generated, make changes and generate new reports.

Policies

Does AI write my policies?

No. Policies are generated from templates based on your organization's profile and control responses. You review, edit, and approve. AI provides guidance during Guided Setup, not policy content.

What's the difference between Draft and Approved?

Draft — Generated but not reviewed/approved
Approved — Reviewed and officially accepted

Only approve policies that accurately reflect your practices.

Can I import existing policies?

Currently, policies are generated within ForgeComply. You can copy content from existing policies into the editor.

Evidence

What counts as evidence?

Documentation that proves your controls are implemented: screenshots, exports, logs, training records, review reports, etc.

How much evidence do I need?

Quality over quantity. Clear, relevant evidence is better than volume.

What if an auditor wants more evidence?

Be prepared to provide additional evidence. Generate new reports after adding more.

Is evidence stored securely?

Yes. Evidence is encrypted at rest and accessed via time-limited, signed URLs.

Reports

What are reports?

Reports are immutable, point-in-time snapshots of your compliance status. They don't auto-update.

Why don't reports update automatically?

Auditors need confidence that reports reflect a specific point in time. Immutability ensures audit integrity.

Can I edit reports after generating them?

No. Reports are immutable. Make changes to your assessment and generate new reports.

What report types are generated?

Audit Readiness Summary
Control Matrix
Evidence Index
Exceptions Report

Auditors

Can auditors see my drafts?

No. Auditors only see generated reports and approved policies.

Can auditors modify anything?

No. Auditors have read-only access to reports and linked evidence.

What can auditors access?

Reports page
Individual report details
Evidence files linked to reports
Report downloads

How do I invite an auditor?

Go to Settings → Team Members → Invite User → Select "Auditor" role.

AI Assistance

Is AI required?

No. AI assistance is optional. You can complete your entire assessment without it.

Does AI content appear in reports?

No. Nothing from AI assistance appears in your audit reports.

What does AI see?

Only the current control context, your response status, and framework information. Not your evidence, policies, or notes.

Does AI store my data?

No. AI observations are generated on-demand and not persisted.

Is my data used to train AI?

No. Your data is not used for AI training.

Guided Setup

What is Guided Setup?

An optional workflow that walks you through controls step-by-step. Ideal for first-time users.

Can I use ForgeComply without Guided Setup?

Yes. Guided Setup is optional. Work through controls in any order you prefer.

Can I switch between Guided Setup and normal mode?

Yes, anytime. Your progress is preserved.

What happens when Guided Setup ends?

You've worked through all controls. Continue by reviewing policies, uploading evidence, and generating reports.

Teams & Organizations

Can multiple people work simultaneously?

Yes. Team members can work on different controls at the same time. Coordinate to avoid conflicts.

What roles are available?

Admin — Full access
Member — Working access, limited settings
Auditor — Read-only reports access

Can I be in multiple organizations?

Yes. Switch organizations using the dropdown in the sidebar.

Technical

What browsers are supported?

Modern versions of Chrome, Firefox, Safari, and Edge.

Is there a mobile app?

ForgeComply is web-based and works on mobile browsers, though desktop is recommended for detailed work.

What's the file size limit for evidence?

25MB per file.

What file types are supported for evidence?

Images (PNG, JPG, GIF), documents (PDF, DOCX), spreadsheets (XLSX, CSV), and text files.

Account & Billing

How do I reset my password?

Click "Forgot password" on the login page.

How do I delete my account?

Contact [email protected].

How do I export my data?

Contact [email protected] for data export requests.

Getting Help

Where can I get support?

Documentation — docs.forgecomply.com
Email — [email protected]

How do I report a bug?

Click the thumbs down feedback button in the app or email [email protected].

How do I request a feature?

Email [email protected] with your suggestion.

Questions Not Covered?

Contact [email protected] and we'll help you out.

General​

What is ForgeComply?​

Who is ForgeComply for?​

What frameworks does ForgeComply support?​

Does ForgeComply guarantee audit success?​

Assessments​

What is an assessment?​

Can I have multiple assessments?​

Can I change the framework after creating an assessment?​

Can I delete an assessment?​

Controls​

How should I answer controls?​

What do the statuses mean?​

Who should be the control owner?​

Can I change my answer later?​

Policies​

Does AI write my policies?​

What's the difference between Draft and Approved?​

Can I import existing policies?​

Evidence​

What counts as evidence?​

How much evidence do I need?​

What if an auditor wants more evidence?​

Is evidence stored securely?​

Reports​

What are reports?​

Why don't reports update automatically?​

Can I edit reports after generating them?​

What report types are generated?​

Auditors​

Can auditors see my drafts?​

Can auditors modify anything?​

What can auditors access?​

How do I invite an auditor?​

AI Assistance​

Is AI required?​

Does AI content appear in reports?​

What does AI see?​

Does AI store my data?​

Is my data used to train AI?​

Guided Setup​

What is Guided Setup?​

Can I use ForgeComply without Guided Setup?​

Can I switch between Guided Setup and normal mode?​

What happens when Guided Setup ends?​

Teams & Organizations​

Can multiple people work simultaneously?​

What roles are available?​

Can I be in multiple organizations?​

Technical​

What browsers are supported?​

Is there a mobile app?​

What's the file size limit for evidence?​

What file types are supported for evidence?​

Account & Billing​

How do I reset my password?​

How do I delete my account?​

How do I export my data?​

Getting Help​

Where can I get support?​

How do I report a bug?​

How do I request a feature?​

Questions Not Covered?​