Generate Your First Audit Package

Generate a professional, auditor-ready compliance package in less than 5 minutes. No manual work, no spreadsheets—just click and deliver.

Time to Complete: 5 minutes

What You’ll Get

When you generate an audit package, LanternOps automatically creates:

• Complete list of compliance controls and implementation status
• Evidence collected from all your integrations
• Service-to-control mappings showing what satisfies each requirement
• Professional PDF report ready to send to auditors
• Timestamp and validation metadata for audit trail

Prerequisites

Before generating your first audit package:

• At least one compliance framework enabled (CIS, NIST, CMMC, SOC 2, HIPAA, or PCI DSS)
• One or more integrations connected and syncing (NinjaOne, Huntress, Microsoft 365, etc.)
• Service catalog configured with your offerings
• Customer assigned to at least one service

Step-by-Step Instructions

Step 1: Navigate to Compliance

1. Log in to your LanternOps dashboard
2. Click Compliance in the main navigation
3. Select Frameworks from the submenu

Step 2: Select Customer and Framework

1. Choose the customer you want to generate a package for
2. Select the compliance framework:
   • CIS Controls v8.1 - General cybersecurity best practices
   • NIST CSF 2.0 - Enterprise risk management framework
   • CMMC Level 2 - Department of Defense contractor requirements
   • HIPAA - Healthcare data protection
   • SOC 2 - Service organization controls
   • PCI DSS - Payment card data security

Step 3: Generate Package

1. Click Generate Audit Package
2. The system will:
   • Query the RAG system for all controls in the selected framework
   • Map your services to applicable controls
   • Collect evidence from all connected integrations
   • Calculate implementation status per control
   • Compile everything into a professional PDF

Processing time: 30-60 seconds for most packages

Step 4: Review the Package

The generated PDF includes:

Executive Summary

• Overall compliance percentage
• Number of controls satisfied
• Services delivering compliance
• Date generated and validity period

Control-by-Control Analysis

• Control ID and title
• Implementation status (Implemented, Partial, Not Implemented)
• Services satisfying this control
• Evidence collected with timestamps
• Technical details and validation results

Evidence Appendix

• Integration data sources
• Collection timestamps
• Validation methods
• Raw data references

Step 5: Download and Share

1. Click Download PDF
2. The file is saved to your device
3. Share with:
   • External auditors
   • Compliance officers
   • Customer stakeholders
   • Cyber insurance providers
   • Certification bodies

Understanding Your Results

Implementation Status Indicators

✅ Implemented (Green)

• Service is active for this customer
• Evidence collected from integrations
• Control fully satisfied
• Ready for audit

⚠️ Partial (Yellow)

• Service partially covers control
• Some evidence exists
• Additional services may be needed
• Audit may require explanation

❌ Not Implemented (Red)

• No service covers this control
• No evidence collected
• Represents a gap
• May be a revenue opportunity

Evidence Quality

Automated Evidence (Best)

• Collected automatically from integrations
• Real-time or near real-time data
• Timestamps and validation included
• Auditor-preferred format

Manual Evidence (Good)

• Uploaded by your team
• Requires periodic refresh
• Accepted by most auditors
• Needs documentation of process

Inferred Evidence (Acceptable)

• Derived from service subscriptions
• No direct integration data
• May require supplemental proof
• Useful for initial assessments

Troubleshooting

Package Shows Low Compliance Percentage

Cause: Not enough services configured or integrations connected

Solution:

1. Add more services to your service catalog
2. Map services to controls (or let RAG do it automatically)
3. Connect additional integrations to collect evidence
4. Ensure integrations are syncing (check last sync time)

Missing Evidence for Controls

Cause: Integration not collecting the right data

Solution:

1. Navigate to Integrations → Select the integration
2. Click Test Connection to verify it’s working
3. Check Last Sync timestamp (should be within 15 minutes)
4. Review integration settings and permissions
5. Manually trigger sync if needed

PDF Generation Fails

Cause: Timeout or system error during compilation

Solution:

1. Refresh the page and try again
2. Ensure your browser allows pop-ups from LanternOps
3. If problem persists, try a different browser
4. Contact support with customer name and framework

Controls Show as “Partial” Instead of “Implemented”

Cause: RAG determined service doesn’t fully cover control requirements

Solution:

1. Review the control requirements in detail
2. Check if you need additional services to achieve full coverage
3. Consider this a revenue opportunity (upsell additional service)
4. Document why partial coverage is acceptable for this customer

Best Practices

For First-Time Generation

1. Start with CIS Controls v8.1 (most universal framework)
2. Generate for a customer with good service coverage
3. Review the package yourself before sharing
4. Use it to identify gaps in your service offerings

For Regular Use

1. Regenerate quarterly before customer QBRs
2. Update before audits to ensure latest evidence included
3. Archive previous versions to show improvement over time
4. Share proactively with customers to demonstrate value

To Maximize Value

1. Generate for all frameworks the customer needs
2. Compare frameworks to find easiest compliance wins
3. Use gaps as conversation starters for revenue opportunities
4. Include in proposals to show compliance capability

What Happens Behind the Scenes

When you click “Generate Audit Package,” LanternOps:

1. RAG Query: Asks the AI system “What controls exist in this framework for this customer?”
2. Service Mapping: AI matches customer services to controls semantically
3. Evidence Collection: Gathers all integration data relevant to each control
4. Status Calculation: Determines implementation status based on evidence
5. PDF Generation: Compiles professional report with branding
6. Audit Trail: Logs generation event for compliance tracking

No manual mapping required - the RAG system understands relationships automatically.

Next Steps

After generating your first audit package:

• Review gaps and identify revenue opportunities
• Share with customer to demonstrate compliance progress
• Set reminder to regenerate quarterly
• Generate packages for other frameworks
• Use in customer QBRs to prove value

Related Guides

• Set Up Service Catalog - Configure services that deliver compliance
• Review Revenue Opportunities - Turn gaps into revenue
• Configure Customer Dashboards - Share real-time compliance status
• Add Integration - Connect data sources for evidence collection

Need Help?

Common Questions:

• Q: How often should I regenerate packages?

• A: At minimum quarterly, or whenever services/evidence changes significantly

• Q: Can I customize the PDF format?

• A: Yes, contact support for custom branding and formatting options

• Q: Do auditors accept these packages?

• A: Yes, packages are designed to meet auditor requirements with complete evidence trails

Support Resources:

• View Video Tutorial
• Understanding Compliance Frameworks
• Contact Support

Ready to see LanternOps in your environment?

Join the Founding Partner Pilot (60 days) and get a client-ready compliance + security reporting layer connected to your PSA/RMM/security stack.

No credit card required

~30-minute setup (typical)

Limited founding partner spots

Request a Demo →