What's the Best Way to Generate SOC 2 Control Evidence Automatically from App Workflows?
Install a browser extension that records your application workflows, automatically captures screenshots at each step, and uses AI to generate evidence descriptions mapped to SOC 2 controls (CC6.1, CC6.2, etc.). This approach reduces documentation time by 93%.
Install a browser extension that records your application workflows, automatically captures screenshots at each step, and uses AI to generate evidence descriptions mapped to SOC 2 controls (CC6.1, CC6.2, etc.). This approach reduces documentation time by 93%.
Why Workflow Evidence is Required
What is Workflow Evidence?
Workflow evidence documents multi-step processes in your application to prove security controls operate as designed.
Examples:
- Change management workflow (CC7.2): Developer creates PR → Reviewer approves → Tests pass → Deploy
- Access provisioning workflow (CC6.2): New hire request → Manager approval → IT creates account → Access granted
- Incident response workflow (CC7.3): Alert triggered → Engineer investigates → Issue resolved → Post-mortem created
Why Auditors Need Workflow Evidence
Auditors want to see:
- Process exists: Documented steps for critical workflows
- Process followed: Screenshots proving steps were actually executed
- Controls enforced: Approval gates, validations, logging at each step
- Continuous operation: Quarterly evidence showing ongoing compliance
Why API data isn't enough:
- APIs can't capture visual UI elements
- APIs don't show human decision-making
- APIs miss context and intent
- Auditors need human-readable proof
Common Workflows That Need Documentation
| SOC 2 Control | Workflow to Document | Evidence Required |
|---|---|---|
| CC6.1 | User permission changes | Before/after screenshots of permissions |
| CC6.2 | User deprovisioning | Screenshots showing account disabled |
| CC7.2 | Code deployment process | PR approval, test results, deploy logs |
| CC7.3 | Incident response | Alert → Investigation → Resolution |
| CC8.1 | Vulnerability remediation | Scan → Ticket creation → Fix → Rescan |
The Manual Workflow Documentation Problem
Traditional Approach (Per Workflow, Per Quarter)
Step 1: Plan documentation (20 minutes)
- Identify which workflow to document
- List all steps in the workflow
- Determine what screenshots to capture
- Assign person to perform documentation
Step 2: Execute workflow (30-60 minutes)
- Manually click through each step
- Stop to take screenshot at each step
- Rename and organize screenshot files
- Note timestamp for each action
Step 3: Write documentation (45-90 minutes)
- Describe what each screenshot shows
- Explain workflow logic and decisions
- Map to SOC 2 control requirements
- Format with proper headings
Step 4: Create evidence pack (30 minutes)
- Import screenshots into Word/Google Docs
- Add captions and annotations
- Include control ID and test metadata
- Export as PDF
Step 5: Upload to GRC platform (10 minutes)
- Navigate to control in Vanta/Drata
- Upload PDF evidence
- Add test date and tester
- Mark control as tested
Total time per workflow: 2.5-3.5 hours Annual cost (4 quarters, 15 workflows): $60,000-$84,000
Problems with Manual Approach
❌ Time-intensive: 3 hours per workflow × 15 workflows × 4 quarters = 180 hours/year
❌ Interrupts normal work: Must stop and manually screenshot during workflow
❌ Inconsistent quality: Different people document differently
❌ Easy to miss steps: Forgetting to screenshot critical moments
❌ Hard to maintain: Process documentation becomes outdated
The Automated Approach: Browser Extension + AI
How It Works (3 Components)
1. Browser Extension Recording
Captures automatically:
- Every page navigation
- Every button click
- Form submissions
- Dialog boxes and modals
- Error messages
- Loading states
- API responses (in DevTools)
Example recording data:
{
"workflow_recording": {
"workflow_name": "Code Deployment - CC7.2",
"start_time": "2025-03-22T14:00:00Z",
"end_time": "2025-03-22T14:08:30Z",
"tester": "engineer@company.com",
"steps": [
{
"step_number": 1,
"timestamp": "2025-03-22T14:00:15Z",
"action_type": "click",
"element": "Create Pull Request button",
"url": "https://github.com/company/repo",
"screenshot": "01_create_pr.png",
"page_title": "company/repo: New Pull Request"
},
{
"step_number": 2,
"timestamp": "2025-03-22T14:02:30Z",
"action_type": "form_submit",
"form_data": {
"title": "Fix user authentication bug",
"description": "...",
"reviewers": ["senior-engineer@company.com"]
},
"screenshot": "02_pr_details.png"
},
{
"step_number": 3,
"timestamp": "2025-03-22T14:05:00Z",
"action_type": "approval",
"approver": "senior-engineer@company.com",
"approval_comment": "LGTM",
"screenshot": "03_pr_approved.png"
},
{
"step_number": 4,
"timestamp": "2025-03-22T14:06:15Z",
"action_type": "status_check",
"ci_status": "passed",
"tests_passed": "287/287",
"screenshot": "04_tests_passed.png"
},
{
"step_number": 5,
"timestamp": "2025-03-22T14:08:00Z",
"action_type": "deployment",
"deploy_method": "Merge and deploy",
"environment": "production",
"screenshot": "05_deployed.png"
}
]
}
}
2. AI Documentation Generation
AI analyzes screenshots and generates:
Step descriptions:
"At 14:00:15 UTC, engineer@company.com initiated a pull request on GitHub repository company/repo. The PR titled 'Fix user authentication bug' included code changes to the authentication module and requested review from senior-engineer@company.com."
"At 14:05:00 UTC, senior-engineer@company.com approved the pull request with comment 'LGTM' (Looks Good To Me), satisfying the required code review control."
"At 14:06:15 UTC, automated CI/CD pipeline completed with all 287 tests passing, meeting the automated testing requirement before deployment."
"At 14:08:00 UTC, the approved and tested code was deployed to production environment via merge-and-deploy workflow."
Control mapping:
{
"control_id": "CC7.2",
"control_name": "Change Management",
"requirements_met": [
"Code review by authorized personnel",
"Automated testing before deployment",
"Approval gates enforced",
"Deployment logged with timestamp and actor"
],
"test_result": "PASS",
"evidence_quality_score": 95
}
3. Audit-Ready Report Generation
Automatically creates:
-
Executive Summary
- Control tested: CC7.2 Change Management
- Workflow documented: Code Deployment Process
- Test date: 2025-03-22
- Result: PASS
-
Workflow Diagram
Create PR → Code Review → Automated Tests → Approval → Deploy (2 min) (3 min) (1 min) (1 min) (2 min) -
Step-by-Step Evidence
- 5 screenshots with AI descriptions
- Timestamps for each step
- Key decision points highlighted
-
Control Verification
- ✅ Code review required and performed
- ✅ Tests must pass before merge
- ✅ Approval by authorized reviewer
- ✅ All changes logged in GitHub audit
-
Appendix
- Raw workflow data (JSON)
- Test metadata
- Compliance certification
Output format: PDF, ready for auditor review
Implementation Guide
Phase 1: Setup (One-Time, 30 minutes)
Step 1: Install Browser Extension (3 minutes)
- Install Screenata from Chrome Web Store
- Login with your account
- Grant necessary permissions:
- Screenshot capture
- Navigation tracking
- Form data recording (optional, for detailed logs)
Step 2: Configure Workflow Templates (15 minutes)
Define workflows to document:
{
"workflows": [
{
"workflow_id": "deployment",
"name": "Code Deployment Process",
"control": "CC7.2",
"frequency": "per_deployment",
"trigger": "url_pattern",
"url_pattern": "github.com/*/pull/*",
"expected_steps": [
"Create PR",
"Code review",
"Tests pass",
"Approve PR",
"Deploy"
],
"min_steps": 4,
"required_elements": [
"reviewer_approval",
"ci_status_success"
]
},
{
"workflow_id": "user_deprovisioning",
"name": "User Account Deactivation",
"control": "CC6.2",
"frequency": "per_termination",
"expected_steps": [
"HR notifies IT",
"IT disables Okta account",
"Verify app access revoked",
"Document in ticket"
]
}
]
}
Step 3: Connect to GRC Platform (10 minutes)
- Navigate to Integrations
- Select Vanta or Drata
- Enter API key
- Map workflow IDs to control IDs
- Test connection
Step 4: Set Recording Preferences (2 minutes)
{
"recording_preferences": {
"screenshot_quality": "high",
"capture_network_requests": true,
"redact_sensitive_data": true,
"redaction_patterns": [
"api_key",
"password",
"ssn",
"credit_card"
],
"auto_start_on_url": [
"github.com",
"app.yourcompany.com"
]
}
}
Phase 2: Recording Workflows (5-10 minutes per workflow)
Example: Recording Code Deployment Workflow
Step 1: Start Recording (15 seconds)
- Navigate to GitHub
- Click Screenata extension
- Select "Code Deployment - CC7.2"
- Click "Start Recording"
- Extension icon turns red (recording active)
Step 2: Execute Normal Workflow (8 minutes)
Just perform your normal deployment process—no need to manually capture screenshots:
-
Create Pull Request (2 min)
- Click "New Pull Request"
- Fill in title and description
- Add reviewers
- Submit
- Extension auto-captures all screens
-
Wait for Review (3 min)
- Reviewer gets notification
- Reviews code
- Leaves approval comment
- Extension captures approval timestamp
-
Verify Tests (1 min)
- CI/CD runs automatically
- Tests complete
- Status checks show green
- Extension captures test results
-
Deploy (2 min)
- Click "Merge Pull Request"
- Confirm deployment
- Verify deployment success
- Extension captures deployment confirmation
Step 3: Stop Recording (10 seconds)
- Click Screenata extension
- Click "Stop Recording"
- Extension shows: "5 steps captured, processing..."
Step 4: AI Processing (60 seconds)
AI automatically:
- Analyzes 5 screenshots
- Generates step descriptions
- Maps to CC7.2 control
- Identifies approval gates
- Verifies all requirements met
- Creates PDF report
Step 5: Review and Export (30 seconds)
- Review PDF preview
- Verify screenshots clear
- Click "Export to Vanta"
- Done!
Total time: 10 minutes (vs 3 hours manual)
Advanced Features
Feature 1: Smart Step Detection
AI detects workflow milestones automatically:
{
"smart_detection": {
"approval_gates": {
"detected": true,
"type": "github_pr_approval",
"approver": "senior-engineer@company.com",
"timestamp": "2025-03-22T14:05:00Z"
},
"test_validation": {
"detected": true,
"type": "ci_status_check",
"result": "success",
"tests_run": 287,
"tests_passed": 287
},
"deployment_confirmation": {
"detected": true,
"environment": "production",
"deploy_method": "github_merge"
}
}
}
Benefits:
- ✅ No need to manually annotate important moments
- ✅ AI highlights critical control points
- ✅ Automatically maps to SOC 2 requirements
Feature 2: Scheduled Workflow Capture
For recurring workflows (quarterly, monthly):
{
"scheduled_captures": [
{
"workflow": "user_access_review",
"control": "CC6.1",
"schedule": "quarterly",
"next_run": "2025-04-01",
"auto_execute": false,
"reminder_days_before": 7,
"assignee": "compliance@company.com"
},
{
"workflow": "vulnerability_scan_review",
"control": "CC8.1",
"schedule": "monthly",
"next_run": "2025-04-01",
"auto_execute": true,
"integration": "tenable_api"
}
]
}
Slack reminder:
🔔 Workflow Evidence Due
Workflow: User Access Review (CC6.1) Due: April 1, 2025 (7 days)
[Record Workflow] [View Template] [Reschedule]
Feature 3: Workflow Comparison
Compare workflows across quarters:
Q1 2025 Deployment:
Create PR (2 min) → Review (3 min) → Tests (1 min) → Deploy (2 min)
✅ All controls passed
Q2 2025 Deployment:
Create PR (2 min) → Review (SKIPPED) → Tests (1 min) → Deploy (2 min)
⚠️ Missing code review approval
ALERT: Control CC7.2 failed in Q2 - no reviewer approval detected
Benefits:
- Catch control failures immediately
- Ensure consistent process execution
- Track process improvements over time
Workflow-Specific Templates
Template 1: Change Management (CC7.2)
Workflow: Code deployment to production
Required evidence:
- Pull request creation with description
- Code review by authorized person
- Automated test execution and results
- Deployment approval
- Production deployment confirmation
Screenata template:
{
"template": "cc7_2_change_management",
"required_steps": [
{
"step": "pr_creation",
"validation": "url_contains('github.com/pull')",
"screenshot_required": true
},
{
"step": "code_review",
"validation": "element_contains('.review-status', 'approved')",
"required_approvers": 1,
"screenshot_required": true
},
{
"step": "automated_tests",
"validation": "element_contains('.ci-status', 'success')",
"screenshot_required": true
},
{
"step": "deployment",
"validation": "url_contains('deployed')",
"environment_check": "production",
"screenshot_required": true
}
],
"auto_export_on_complete": true,
"vanta_control_id": "CC7.2"
}
Template 2: Access Provisioning (CC6.2)
Workflow: New employee onboarding
Required evidence:
- Access request ticket
- Manager approval
- IT creates accounts (Okta, AWS, GitHub)
- Verification of correct permissions
- Notification to requester
Screenata template:
{
"template": "cc6_2_access_provisioning",
"required_steps": [
{
"step": "access_request",
"validation": "ticket_system_open",
"required_fields": ["requestor", "role", "manager_approval"]
},
{
"step": "okta_account_creation",
"validation": "url_contains('okta.com/admin')",
"verify_user_created": true
},
{
"step": "permission_assignment",
"validation": "role_assigned",
"verify_correct_permissions": true
},
{
"step": "access_verification",
"validation": "user_can_login",
"test_login": true
}
]
}
Template 3: Incident Response (CC7.3)
Workflow: Security incident handling
Required evidence:
- Alert detection
- Incident ticket creation
- Engineer investigation
- Issue resolution
- Post-mortem documentation
Screenata template:
{
"template": "cc7_3_incident_response",
"required_steps": [
{
"step": "alert_detection",
"source": ["pagerduty", "datadog", "cloudwatch"],
"severity_threshold": "high"
},
{
"step": "ticket_creation",
"validation": "jira_incident_ticket",
"required_fields": ["severity", "description", "assigned_to"]
},
{
"step": "investigation",
"capture_logs": true,
"capture_diagnostic_screenshots": true
},
{
"step": "resolution",
"validation": "incident_resolved",
"require_resolution_notes": true
},
{
"step": "post_mortem",
"validation": "document_exists",
"require_root_cause": true
}
]
}
Integration with Existing Tools
GitHub Integration
Automatic workflow detection:
// Screenata detects GitHub workflows automatically
{
"github_integration": {
"detect_pr_workflow": true,
"capture_on_events": [
"pull_request_opened",
"pull_request_approved",
"pull_request_merged"
],
"extract_data": {
"pr_title": true,
"pr_description": true,
"reviewers": true,
"approval_comments": true,
"ci_status": true,
"merge_timestamp": true
}
}
}
Evidence includes:
- PR creation screenshot
- Code review comments
- Approval timestamp
- CI/CD test results
- Merge confirmation
Jira Integration
Ticket-based workflow tracking:
{
"jira_integration": {
"capture_ticket_workflow": true,
"track_status_changes": [
"To Do → In Progress",
"In Progress → Code Review",
"Code Review → Done"
],
"required_fields": [
"assignee",
"reporter",
"priority",
"resolution"
]
}
}
PagerDuty Integration
Incident response workflow:
{
"pagerduty_integration": {
"capture_incident_lifecycle": true,
"track_events": [
"incident_triggered",
"incident_acknowledged",
"incident_resolved"
],
"extract_metadata": {
"severity": true,
"assigned_to": true,
"response_time_minutes": true,
"resolution_time_minutes": true
}
}
}
Comparison: Different Approaches
| Approach | Setup Time | Per-Workflow Time | Annual Cost (15 workflows) | Evidence Quality |
|---|---|---|---|---|
| Manual screenshots | 0 min | 180 min | $72,000 | Medium (inconsistent) |
| Screen recording tools (Loom) | 10 min | 30 min | $12,600 | Low (no structure) |
| RPA (UiPath, Automation Anywhere) | 40 hours | 5 min | $45,000+ | High (but expensive) |
| Browser extension + AI | 30 min | 10 min | $5,788 | High (consistent) |
Winner: Browser extension + AI
- ✅ Lowest setup time
- ✅ Lowest annual cost
- ✅ High-quality evidence
- ✅ Easiest to maintain
Real-World Success Stories
Case Study 1: SaaS Startup (30 employees)
Challenge: Manual workflow documentation took 4 hours per workflow
Workflows documented:
- Code deployments (CC7.2) - 20/quarter
- User provisioning (CC6.2) - 5/quarter
- Incident response (CC7.3) - 3/quarter
Before automation:
- 28 workflows × 4 hours = 112 hours/quarter
- Annual time: 448 hours
- Annual cost: $89,600
After Screenata:
- 28 workflows × 10 minutes = 4.7 hours/quarter
- Annual time: 18.7 hours
- Annual cost: $1,788 (tool) + $3,740 (labor) = $5,528
Savings: $84,072/year (94% reduction)
Case Study 2: FinTech (200 employees)
Challenge: Audit failures due to missing workflow evidence
Problem: Manual documentation was skipped during busy periods
Solution: Automated workflow capture with Screenata
Results:
- 100% workflow documentation compliance
- Zero audit findings on workflow evidence
- Passed SOC 2 Type II with no remediation items
- Compliance team reduced from 3 people to 1
Quote:
"We went from missing 30% of workflow evidence to capturing 100%, all while cutting our compliance team size. The browser extension captures everything automatically—no more rushing to screenshot during deployments." - Head of Compliance
Case Study 3: Healthcare SaaS (500 employees)
Challenge: HIPAA + SOC 2 required extensive workflow documentation
Workflows documented:
- PHI access workflows (15 types)
- Incident response (security + privacy)
- Change management (code + infrastructure)
- Access reviews (quarterly)
Before automation:
- 200+ workflow evidence packages per year
- 3 full-time compliance analysts
- 600 hours/year on workflow documentation
After automation:
- Same 200+ workflows documented
- 1 compliance analyst
- 50 hours/year on workflow review
- 550 hours saved
ROI: 350% in first year (including headcount reduction)
Common Mistakes to Avoid
Mistake 1: Not Defining Workflows Clearly
Problem: Recording without clear workflow definition
Result: Missing critical steps, incomplete evidence
Solution: Create workflow templates before recording
Template checklist:
- List all workflow steps
- Define required screenshots
- Identify approval gates
- Map to SOC 2 control
- Set pass/fail criteria
Mistake 2: Recording in Staging Instead of Production
Problem: Auditors want production evidence
Result: Evidence rejected, must re-capture
Solution: Configure templates to require production environment
{
"environment_validation": {
"require_production": true,
"production_indicators": [
"url_contains('app.company.com')",
"!url_contains('staging')",
"!url_contains('dev')"
],
"warning_if_non_production": true
}
}
Mistake 3: Not Redacting Sensitive Data
Problem: PII or credentials visible in screenshots
Result: Security risk, potential compliance violation
Solution: Enable automatic redaction
{
"redaction_rules": [
{
"type": "api_key",
"pattern": "sk_live_[a-zA-Z0-9]{24}",
"replace_with": "sk_live_REDACTED"
},
{
"type": "email",
"pattern": "[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}",
"replace_with": "***@***.com"
},
{
"type": "ssn",
"pattern": "\\d{3}-\\d{2}-\\d{4}",
"replace_with": "***-**-****"
}
]
}
Mistake 4: Not Scheduling Regular Captures
Problem: Forgetting to capture quarterly evidence
Result: Scrambling before audit, missing evidence
Solution: Set up automated reminders
Recommendation:
- Set calendar reminders for first week of each quarter
- Assign specific workflows to specific team members
- Track completion in dashboard
- Send Slack alerts for overdue workflows
Key Takeaways
✅ Browser extension + AI reduces workflow documentation time by 93% (3 hours → 10 minutes)
✅ Captures screenshots automatically during normal workflow execution
✅ AI generates audit-ready descriptions mapped to SOC 2 controls
✅ Templates ensure consistent evidence across quarters and team members
✅ Integrates with GitHub, Jira, PagerDuty for automatic workflow detection
✅ Annual savings of $60,000-$80,000 for typical SaaS companies with 15 workflows
✅ Higher evidence quality than manual documentation (consistent formatting, no missed steps)
Get Started with Automated Workflow Evidence
Screenata automates workflow evidence generation with browser-based recording, AI-powered documentation, and integration with Vanta/Drata.
What you get:
- Browser extension for Chrome/Edge
- Pre-built workflow templates for common controls
- Automatic screenshot and step capture
- AI-generated evidence descriptions
- Workflow comparison across quarters
- Export to Vanta/Drata/PDF
Pricing: $149/month Setup time: 30 minutes Time savings: 3+ hours per workflow
Start your 14-day free trial →
Related Articles
Ready to Automate Your Compliance?
Join 50+ companies automating their SOC 2 compliance documentation with Screenata.