GRC Pocket Auditor is a mobile-first compliance self-assessment app for founders, IT managers, and ops leads who need to know their security posture — fast, offline, and without hiring a consultant.
Three roles. One situation: a customer, auditor, or regulator is asking about your security posture — and you need to know where you stand right now.
You've just landed a big client who won't sign until they see your SOC 2 posture. You need to know how ready you are before paying for a full audit.
A new partnership agreement requires you to confirm GDPR compliance. You need a structured way to assess and document your data protection position.
The tender requires Cyber Essentials certification. You need to self-assess your current posture and get a prioritized remediation plan before applying.
GRC Pocket Auditor is designed to be fast, focused, and immediately useful — no setup, no configuration, no consultant required.
Choose SOC 2, GDPR, Cyber Essentials, or NIS2 — or run all four for the full picture.
Work through 170 CISSP-verified questions with plain-English explainers. Takes 30–60 minutes depending on framework.
See your score by domain, with severity-rated gaps highlighted. The full audit is always free — no account needed.
Pay a one-time fee to unlock your PDF audit report, a downloadable remediation kit with policy templates and fix guides, and JSON backup/restore for your assessment data.
Run the full self-assessment for any framework at no cost. Unlock detailed results and remediation kits after completion.
The audit is always free. You only pay a one-time fee per framework to unlock results, PDF reports, and remediation kits.
50 questions across 5 trust domains. Built for US SaaS and tech companies.
30 questions. Designed for UK-based SMEs and government contractors.
50 questions across 6 data protection pillars. For EU and global organizations.
40 questions across 10 obligation areas. For EU-sector essential and important entities.
NodeCypher's security team offers advisory sessions, remote audits, and retainer packages for organizations that need deeper support.
One-on-one video session with a certified NodeCypher expert. Walk through your readiness report and get a prioritized remediation plan for your specific context.
Book a SessionA certified NodeCypher expert reviews your self-assessment, interviews your team, and delivers a written audit report with formal findings and a remediation roadmap for certification prep. Final scope and price are confirmed on a short scoping call before any work begins.
Request a QuoteAll 170 questions reviewed and verified by CISSP-certified security professionals
GRC Pocket Auditor was designed by NodeCypher's security team — practitioners with CISSP certification and decades of real-world experience across government, enterprise, and NGO compliance environments.
Every question in the app is mapped to a specific control in the relevant framework, reviewed for accuracy, and written in language that non-specialists can understand. The gap severity ratings and remediation priorities are based on real-world audit findings — not theoretical frameworks.
This is the self-assessment tool we wished existed before our own clients started asking for SOC 2 and GDPR confirmations.
A quick-reference PDF covering the top gaps we see across SOC 2, GDPR, Cyber Essentials, and NIS2 assessments — before you even open the app.
Straight answers about what this app is, what it isn't, and how it works.
The app currently supports four frameworks: SOC 2 (US SaaS/tech trust criteria), GDPR (EU/global data privacy), Cyber Essentials (UK government-backed cybersecurity baseline), and NIS2 (EU critical infrastructure directive). You can run any single framework or all four for a full picture of your posture.
No. GRC Pocket Auditor works fully offline with no account, login, or cloud sync required. You can complete an entire self-assessment without ever connecting to the internet, and your answers stay on your device unless you choose to export them.
Most users complete a single framework in 30 to 60 minutes, depending on complexity — SOC 2 and GDPR have 50 questions each, Cyber Essentials has 30, and NIS2 has 40. Each question includes a plain-English explainer so no prior compliance background is required.
All 170 questions across the four frameworks were written and verified by CISSP-certified security professionals from NodeCypher's team. Each question is mapped to a specific control in its framework and reviewed for real-world accuracy, not just theoretical compliance language.
Unlocking a framework gives you a detailed severity-rated gap report, a downloadable remediation kit with editable policy templates and fix guides, a PDF export of your results, and backup/restore of your answers. The self-assessment itself is always free — you only pay to unlock the deeper output.
No. GRC Pocket Auditor is a self-assessment readiness tool, not a certified audit. It helps you understand your gaps before pursuing formal certification, but SOC 2, Cyber Essentials, and other certifications still require an accredited third-party auditor or certifying body. Use it to prepare, not to certify.
Yes. The app is fully offline with no account and no cloud sync — your assessment answers are stored locally on your device only. Nothing is transmitted to NodeCypher or any third party unless you explicitly export or share a report yourself.
The audit is always free to run. Unlocking results costs a one-time fee per framework: $19.99 for Cyber Essentials, $29.99 for SOC 2 or NIS2, and $34.99 for GDPR. A full bundle unlocking all four frameworks permanently is $79.99. No subscriptions.