Your Compliance Posture.
In Your Pocket.

SOC 2, GDPR, Cyber Essentials & NIS2 self-assessment — on mobile.

GRC Pocket Auditor is a mobile-first compliance self-assessment app for founders, IT managers, and ops leads who need to know their security posture — fast, offline, and without hiring a consultant.

Fully offline.
No account. No cloud sync. Your data stays on your device — always.
4 frameworks included
SOC 2Trust criteria
GDPRData privacy
Cyber EssentialsUK gov
NIS2EU directive
Sample readiness score — Access Controls domain
68%
3 High gaps · 5 Medium gaps · 4 Low gaps identified

Built for people who need answers, not consultants

Three roles. One situation: a customer, auditor, or regulator is asking about your security posture — and you need to know where you stand right now.

The Founder

Enterprise customer asking for a SOC 2 report

You've just landed a big client who won't sign until they see your SOC 2 posture. You need to know how ready you are before paying for a full audit.

The IT Manager

Legal team needs GDPR confirmation before contract signing

A new partnership agreement requires you to confirm GDPR compliance. You need a structured way to assess and document your data protection position.

The Ops Lead

Bidding on a UK government contract requiring Cyber Essentials

The tender requires Cyber Essentials certification. You need to self-assess your current posture and get a prioritized remediation plan before applying.

From download to gap report in under an hour

GRC Pocket Auditor is designed to be fast, focused, and immediately useful — no setup, no configuration, no consultant required.

1

Pick your framework

Choose SOC 2, GDPR, Cyber Essentials, or NIS2 — or run all four for the full picture.

2

Answer the questions

Work through 170 CISSP-verified questions with plain-English explainers. Takes 30–60 minutes depending on framework.

3

Get your readiness score

See your score by domain, with severity-rated gaps highlighted. The full audit is always free — no account needed.

4

Unlock your results & remediation kit

Pay a one-time fee to unlock your PDF audit report, a downloadable remediation kit with policy templates and fix guides, and JSON backup/restore for your assessment data.

The audit is always free. Pay only for what helps you fix it.

Run the full self-assessment for any framework at no cost. Unlock detailed results and remediation kits after completion.

The audit is always free. You only pay a one-time fee per framework to unlock results, PDF reports, and remediation kits.

SOC 2

Remediation Kit

$29.99
One-time

50 questions across 5 trust domains. Built for US SaaS and tech companies.

Detailed gap report
Fully editable remediation kits with policy templates
PDF export
Backup/restore of audit answers
Get the App
Cyber Essentials

Remediation Kit

$19.99
One-time

30 questions. Designed for UK-based SMEs and government contractors.

Detailed gap report
Fully editable remediation kits with policy templates
PDF export
Backup/restore of audit answers
Get the App
GDPR

Remediation Kit

$34.99
One-time

50 questions across 6 data protection pillars. For EU and global organizations.

Detailed gap report
Fully editable remediation kits with policy templates
PDF export
Backup/restore of audit answers
Get the App
NIS2

Remediation Kit

$29.99
One-time

40 questions across 10 obligation areas. For EU-sector essential and important entities.

Detailed gap report
Fully editable remediation kits with policy templates
PDF export
Backup/restore of audit answers
Get the App
Expert Guidance

60-min Expert Session

$249
Per 60-minute session
1-on-1 video session with a certified NodeCypher expert
Walk through your readiness report together
Prioritized remediation plan for your context
Preparation advice for formal certification
Session recording provided afterward
Book a Session

Need more than a self-assessment? Talk to an expert.

NodeCypher's security team offers advisory sessions, remote audits, and retainer packages for organizations that need deeper support.

Advisory Session

60-min Expert Session

$249
Per 60-minute session

One-on-one video session with a certified NodeCypher expert. Walk through your readiness report and get a prioritized remediation plan for your specific context.

Book a Session
Remote Audit

One-Framework Audit

from $799
One framework, two hours, written report

A certified NodeCypher expert reviews your self-assessment, interviews your team, and delivers a written audit report with formal findings and a remediation roadmap for certification prep. Final scope and price are confirmed on a short scoping call before any work begins.

Request a Quote

CISSP-Verified

All 170 questions reviewed and verified by CISSP-certified security professionals

Questions written and verified by CISSP-certified professionals

GRC Pocket Auditor was designed by NodeCypher's security team — practitioners with CISSP certification and decades of real-world experience across government, enterprise, and NGO compliance environments.

Every question in the app is mapped to a specific control in the relevant framework, reviewed for accuracy, and written in language that non-specialists can understand. The gap severity ratings and remediation priorities are based on real-world audit findings — not theoretical frameworks.

This is the self-assessment tool we wished existed before our own clients started asking for SOC 2 and GDPR confirmations.

Get the Free Compliance Readiness Checklist

A quick-reference PDF covering the top gaps we see across SOC 2, GDPR, Cyber Essentials, and NIS2 assessments — before you even open the app.

Thanks! Check your inbox shortly.

We'll only use your email to send you the Compliance Readiness Checklist. We won't add you to a mailing list or use it for anything else. See how we handle your data →

Common questions about GRC Pocket Auditor

Straight answers about what this app is, what it isn't, and how it works.

What frameworks does GRC Pocket Auditor support?

The app currently supports four frameworks: SOC 2 (US SaaS/tech trust criteria), GDPR (EU/global data privacy), Cyber Essentials (UK government-backed cybersecurity baseline), and NIS2 (EU critical infrastructure directive). You can run any single framework or all four for a full picture of your posture.

Do I need an account to use the app?

No. GRC Pocket Auditor works fully offline with no account, login, or cloud sync required. You can complete an entire self-assessment without ever connecting to the internet, and your answers stay on your device unless you choose to export them.

How long does an assessment take?

Most users complete a single framework in 30 to 60 minutes, depending on complexity — SOC 2 and GDPR have 50 questions each, Cyber Essentials has 30, and NIS2 has 40. Each question includes a plain-English explainer so no prior compliance background is required.

Who verifies the questions?

All 170 questions across the four frameworks were written and verified by CISSP-certified security professionals from NodeCypher's team. Each question is mapped to a specific control in its framework and reviewed for real-world accuracy, not just theoretical compliance language.

What do I get if I pay to unlock results?

Unlocking a framework gives you a detailed severity-rated gap report, a downloadable remediation kit with editable policy templates and fix guides, a PDF export of your results, and backup/restore of your answers. The self-assessment itself is always free — you only pay to unlock the deeper output.

Is this a substitute for a formal certified audit?

No. GRC Pocket Auditor is a self-assessment readiness tool, not a certified audit. It helps you understand your gaps before pursuing formal certification, but SOC 2, Cyber Essentials, and other certifications still require an accredited third-party auditor or certifying body. Use it to prepare, not to certify.

Is my data private and secure?

Yes. The app is fully offline with no account and no cloud sync — your assessment answers are stored locally on your device only. Nothing is transmitted to NodeCypher or any third party unless you explicitly export or share a report yourself.

How much does it cost?

The audit is always free to run. Unlocking results costs a one-time fee per framework: $19.99 for Cyber Essentials, $29.99 for SOC 2 or NIS2, and $34.99 for GDPR. A full bundle unlocking all four frameworks permanently is $79.99. No subscriptions.