Skip to main content
Notifications
You're all caught up.
View all notifications
OnlyHIPAA
← All documentation

Auditor Packet

The Auditor Packet is a single ZIP you can hand an external auditor — a point-in-time snapshot of the evidence they typically ask for, generated from Reports → Auditor Packet.

What's in it

  • findings.csv — every finding (code, title, risk, status, category, assessment, due date).
  • policies.csv — your policies (type, version, status, effective/review dates).
  • risk-register.csv — the risk register (likelihood, impact, score, treatment, status, due date).
  • evidence/ — the actual evidence files plus a manifest.csv listing each one (only the current version of each file; superseded versions are skipped).
  • README.txt — a cover sheet with the organization, the generated timestamp, who prepared it, and which sections are included.

Notes

  • The packet is a point-in-time snapshot — the README timestamp is the "as of" date.
  • Generating it requires an admin or auditor role (the same permission as any export), and it is rate-limited to one packet every couple of minutes.
  • Evidence files are read only from your organization's evidence store; a file that can't be located is listed in the manifest as unavailable rather than silently dropped.
OnlyHIPAA

Making HIPAA compliance accessible for every healthcare organization.

HIPAA SOC 2 NIST CSF

View our security posture →

Product

  • Frameworks
  • Sherpa AI
  • Risk Analysis
  • Compliance Operations
  • Reporting
  • Integrations & API
  • Pricing

Company

  • About Us
  • Team
  • Mission
  • Contact

Legal

  • Privacy Policy
  • Terms of Service
  • BAA Template
  • Security

Resources

  • Documentation
  • HIPAA Guide
  • Blog
  • Status Page

© 2026 OnlyHIPAA, Inc. All rights reserved.

OnlyHIPAA provides tools to assist with HIPAA compliance but does not constitute legal advice. Consult qualified legal counsel for specific compliance guidance.