For finance and sustainability teams entering their first ISSB-aligned disclosure cycle. Every figure tracked from source to statement. Every change attributed. Every evidence file hashed.
Auditors don't want a beautiful disclosure. They want to know where every number came from, who calculated it, when it changed, and what document supports it.
Spreadsheets can't do that. Generic ESG platforms weren't built for it. And first-time IFRS S2 reporters discover this six weeks before the deadline.
Auditably is the disclosure system designed for what comes after you draft the report — when KPMG, PwC, EY or Deloitte walk in and ask to see the trail.
Not generic "ESG metrics." Auditably maps directly to the IFRS S2 disclosure architecture: four pillars, governance through metrics & targets, every required paragraph with its own data fields, evidence slots, and owner.
Your team works the standard. The standard is the product.
Append-only activity log on every disclosure, data point, and evidence upload. SHA-256 hashing for tamper detection. Read-only auditor role.
Export an auditor pack in one click: indexed evidence, complete activity log, assurance-ready under ISAE 3000 and ISSA 5000.
Before any commitment: take the IFRS S2 readiness scorecard. 25 questions across all four pillars. Personalised 12-page gap report.
Jurisdiction-aware. Industry-specific. No credit card.
Run the diagnosticA real, working application — not slideware. Here's what your team actually uses, built around the audit trail from the first click.
Dashboard. Every cycle scored by pillar — exactly what's done, in review, and blocking sign-off.
Disclosure detail. The IFRS S2 paragraph, the structured data point, the evidence, and who touched it — in one place.
| 14:32 UTC | a.tan | approved disclosure · para 6(a)(i) |
| 11:08 UTC | r.rafi | edited narrative · para 29(a)(ii) |
| 09:51 UTC | r.rafi | uploaded evidence · SHA-256 recorded |
| Yesterday | a.tan | submitted for review · para 25(b) |
Audit trail. Every change — who, what, when — written to an immutable log the moment it happens.
Auditor pack. One click. A ZIP your assurance provider can open and trust — disclosures, log, evidence, and a hash manifest.
Four things a spreadsheet can't do — and the reason a first-cycle disclosure survives its first audit.
Every reporting cycle starts pre-structured as the full set of IFRS S2 disclosure requirements — Governance, Strategy, Risk Management, Metrics & Targets. Nothing to scaffold, nothing forgotten.
Every write is logged the instant it happens, and the log is enforced append-only at the database level — even our own service key cannot rewrite or delete history. Evidence files are SHA-256 hashed on upload and re-verified on export.
When the assurance team asks for your working papers, you don't spend a week assembling them. One click produces a single ZIP, structured for the way auditors actually test — mapping every figure back to its source.
The person who prepares a disclosure isn't the person who approves it. Assign preparer, reviewer, and approver roles — and give your assurance provider a free read-only seat to drill in directly.
Tell Auditably your jurisdiction, reporting period, and entities in scope. The system loads the right disclosure template — NSRF, UK SRS, AASB S2, ESRS E1, SB 261, or vanilla IFRS S2.
Each IFRS S2 disclosure paragraph appears as its own work item: required data fields pre-defined, evidence slots ready, assigned owner, status tracking. No more "where does this go" guesswork.
Upload source evidence. Enter data points. Draft narrative — or let the AI copilot draft from your structured inputs. Every action is logged: user, timestamp, before-and-after, document hash. Roles for preparer, reviewer, approver, and read-only auditor.
One click. You get a ZIP with: PDF of all disclosures, complete activity log, indexed evidence files, SHA-256 hash manifest, CSV map of every data point to its source. Hand it directly to your assurance provider.
An honest map of the options. The middle column is where a first-cycle, mid-market reporter belongs.
Auditably doesn't invent a framework — it maps directly onto the standards your auditor already works from. That's where the credibility comes from.
Every reporting cycle is the 33 IFRS S2 disclosure paragraphs across the four pillars — referenced, guided, and tracked.
Scope 1, 2 (location- and market-based) and 3 data points follow the GHG Protocol Corporate Standard, with factor sources recorded.
The IFRS S2 industry-based guidance (SASB) surfaces the sector-specific metrics your assurer expects to see referenced.
The audit trail and auditor pack are structured for the evidence and walkthroughs sustainability assurance standards require.
A full methodology write-up — how each disclosure maps to the standard — is on the way at /methodology.
I kept watching first-cycle reporters do everything right — measure their emissions, draft careful narratives — and still get torn apart in their first assurance review. Not because the disclosure was wrong, but because nobody could show where each number came from, who checked it, or that it hadn't quietly changed.
Enterprise platforms solve this for the Fortune 500. Everyone below that tier was left with spreadsheets and a Word template. Auditably is the audit-trail-first system I wished those teams had: structured to the standard, immutable by design, and honest about what it is and isn't.
Persefoni and Watershed are enterprise carbon accounting platforms. They're excellent — and priced from $37,000 to $250,000+ per year. Their buyer is a Fortune 500 sustainability team with mature data infrastructure.
Auditably is the IFRS S2 disclosure system for the next tier down: listed companies entering their first ISSB-aligned cycle, working with leaner teams and a Big 4 advisor. We don't replace carbon accounting platforms at scale. We replace the spreadsheet-and-Word-template workflow that breaks at the first auditor review.
The core product supports IFRS S2 directly, plus jurisdiction-specific overlays for Malaysia (NSRF), UK (UK SRS S2), Australia (AASB S2), Singapore (SGX), California (SB 261), Brazil (CVM), Pakistan (SECP), Nigeria (FRC), Mexico (CNBV), and Indonesia. EU ESRS E1 crosswalk is available on request.
If your jurisdiction is using vanilla ISSB without local modifications, you're fully covered out of the box.
Two ways. First, the read-only auditor seat: invite your assurance provider directly into the platform with view-only access — they can drill into any disclosure, see the data points, view the activity log, and inspect evidence files.
Second, the auditor pack export: one click produces a ZIP containing PDF disclosures, complete activity log (CSV + PDF), all evidence files with SHA-256 hashes, and a master index mapping every disclosure to its underlying evidence. It's structured for ISAE 3000 and the forthcoming ISSA 5000 sustainability assurance standard.
Customer data is held in Supabase (Postgres) with row-level security and tenant isolation. Application infrastructure runs on Cloudflare. Evidence files are stored encrypted at rest with SHA-256 hash verification on upload and export.
SOC 2 Type I attestation is in progress (targeted Q4 2026) — we don't claim certifications we don't yet hold. Custom DPAs and EU data residency are available on request.
Yes. At any time — during your active subscription or your 14-day cancellation window — you can export a full archive of every reporting cycle, every disclosure, every data point, every evidence file, and the complete activity log. CSV, JSON, and PDF formats are all supported.
Vendor lock-in is incompatible with audit-grade software. Your data is yours.
That's typical. The diagnostic is designed for the actual person doing the work — Group Reporting Manager, Sustainability Manager, or ESG Lead. If you're a CFO or Audit Committee Chair evaluating tools, the diagnostic gives you a 12-page report you can hand to your team.
Forward it. We see this every week.
We're early — at the design-partner stage, working directly with first-cycle reporters and their advisors to harden the product against real assurance reviews. We won't pretend otherwise with fake logos or invented "trusted by" numbers.
If you'd rather wait for a longer track record, that's fair. If you'd rather help shape an audit-trail-first tool — and get founder-level attention while you do — this is the moment to start. Run the free diagnostic first; it costs you nothing.
Customer data is isolated per tenant with row-level security in Postgres, served over HTTPS on Cloudflare. Evidence files are SHA-256 hashed on upload and re-verified on export, and the activity log is append-only — it cannot be edited or deleted, even with our own service credentials.
SOC 2 Type I is in progress (targeted Q4 2026). We state security posture plainly and never claim a certification we don't hold.
Your cycle is preserved — locked, with its full audit trail intact — and the data stays yours. Pro accounts can roll forward into the next reporting year and run year-over-year comparisons. Everything you exported (disclosures, evidence, logs) remains reproducible.
You're never locked in: a full archive export is one click away at any time.
Yes. Invite your assurance provider as a free read-only auditor seat — they can drill into any disclosure, inspect the data points and evidence, and read the complete activity log, without being able to change anything. Or hand them the one-click auditor pack. Most teams do both.
Six minutes. Twenty-five questions. A personalised 12-page gap report sent to your inbox. No credit card. No sales call.