How-To GuidesRun Compliance Audit

Run Compliance Audit

Learn how to audit your application for accessibility, GDPR, and security compliance.

When to Audit

  • Before major releases — Ensure compliance isn’t broken
  • After design changes — New UI might have accessibility issues
  • After adding new features — Verify data handling is compliant
  • Monthly check-in — Maintain compliance baseline
  • Before customer audits — Show readiness to security/compliance teams

Step-by-Step Guide

1
Open Compliance Tab
Dashboard → Compliance
2
Create New Audit
Click 'New Audit' button
3
Enter Audit Details
Name, target URL, select frameworks
4
Run Audit
Click 'Start Audit' — takes 2-5 minutes
5
Review Results
View score, violations, and recommendations

Audit Configuration

Audit Name

Give your audit a descriptive name:

  • ✅ “Homepage WCAG Audit”
  • ✅ “GDPR Pre-Release Check”
  • ✅ “Security Headers Audit”
  • ❌ “Audit 1” (too vague)

Target URL

The page or application entry point to audit:

  • https://example.com — Full domain
  • https://app.example.com/dashboard — Specific page
  • Must be publicly accessible (or behind IP allowlist)

Select Frameworks

Choose which compliance standards to check:

FrameworkTimeCostWhen to Use
WCAG 2.1~2 minMinimalAlways (accessibility matters)
GDPR~1 minMinimalFor user data handling
SOC2~1 minMinimalFor security-conscious customers
All~5 minMinimalComprehensive check

Advanced Options

Max Pages to Audit: (default: 50)

  • Smaller apps: 10-20 pages
  • Medium apps: 50 pages
  • Large apps: 100-500 pages
  • Note: More pages = longer audit time

Exclude Patterns: (e.g., /admin/*, /api/*)

  • Skip admin pages (different compliance needs)
  • Exclude API endpoints (not web pages)
  • Skip staging/test pages

Understanding Results

Compliance Score (0-100)

Score 95-100: Excellent  ✅
Score 80-94:  Good       ✔️
Score 60-79:  Fair       ⚠️
Score 0-59:   Poor       ❌

Calculation:

Score = 100 - (total violation points)

-25 points per critical violation
-10 points per serious violation
-5 points per moderate violation
-2 points per minor violation

Violation Breakdown

View by:

  1. Severity — How critical each issue is
  2. Framework — Grouped by WCAG/GDPR/SOC2
  3. Page — Which pages have issues
  4. Type — Category of violation

Key Violations to Fix First

Critical (fixes immediately):

  • Missing alt text on images
  • Form inputs without labels
  • Color contrast too low
  • Cookie consent missing
  • No privacy policy

High (fix within week):

  • Broken keyboard navigation
  • Wrong heading hierarchy
  • Session timeout missing
  • Unsubscribe link missing

Medium (fix within month):

  • Focus indicator styling
  • ARIA attribute issues
  • Data disclosure warnings

Taking Action on Violations

For Each Violation

  1. Read description — Understand what the issue is
  2. View evidence — See screenshot of affected element
  3. Check fix steps — Follow recommended remediation
  4. Make code change — Update HTML/CSS/JavaScript
  5. Re-audit — Verify fix worked

Example Remediation

Issue: Missing alt text on hero image

<!-- Before (Critical violation) -->
<img src="/images/hero.jpg" class="hero-banner">
 
<!-- After (Fixed!) -->
<img src="/images/hero.jpg" alt="Product showcase with features and pricing" class="hero-banner">

Issue: Color contrast too low

/* Before (Serious violation) */
.description { color: #999999; background: #ffffff; }
/* Contrast ratio: 4.3:1 (need 4.5:1) */
 
/* After (Fixed!) */
.description { color: #666666; background: #ffffff; }
/* Contrast ratio: 5.2:1 ✓ */

Scheduling Recurring Audits

Automatically audit on a schedule:

  1. Audit ResultsSchedule Recurring Audit
  2. Frequency: Daily / Weekly / Monthly
  3. Time: Off-peak hours (e.g., 2 AM)
  4. Notifications: Email on failures only / Always

Recommended schedule:

  • Staging environment: Daily
  • Production: Weekly
  • Pre-release: Before deployment

Exporting Results

PDF Report

Suitable for sharing with:

  • Stakeholders
  • Compliance officers
  • Clients/customers
  • Board of directors

Contains:

  • Executive summary
  • Compliance score
  • Violation details
  • Screenshots
  • Remediation roadmap

CSV Export

For tracking in spreadsheets:

  • Violation list
  • Status (new/fixed/ignored)
  • Assignment (who should fix it)
  • Timeline

JSON Export

For:

  • Tool integration
  • Historical tracking
  • Automated processing

Compliance Roadmap

After audit, plan remediation:

  1. Identify high-impact fixes

    • Fixes that raise score most
    • Fixes that satisfy most audit failures

  2. Create tasks/issues

    • GitHub issue
    • Jira ticket
    • Linear issue

  3. Assign to team

    • Frontend team → WCAG issues
    • Security team → SOC2 issues
    • Legal/Privacy → GDPR issues

  4. Plan in sprint

    • Add to current/next sprint
    • Estimate effort
    • Set deadline

  5. Re-audit after fixes

    • Verify score improved
    • Check trending (score graph)

Common Audit Issues

”Audit Failed: Target URL Unreachable”

  • Check URL is live and accessible
  • Verify no authentication required
  • Confirm firewall allows external access
  • Check for IP restrictions

”Score Seems Wrong”

Remember:

  • Only surface-level checks (some issues require manual review)
  • GDPR checks cookie/privacy only (legal review still needed)
  • SOC2 checks security surface (formal audit required)

“Too Many Violations”

  • Prioritize critical/high only
  • Focus on one framework at a time
  • Fix accessibility first (applies to all users)
  • GDPR/SOC2 second (compliance requirement)

Compliance Roadmap: Track audit scores over time to show compliance improvement trajectory to auditors and stakeholders.

Test Auth FlowsUse Exploratory Testing