PolicyDiff

PolicyDiff is a web app (with optional Slack/Teams integration) that turns compliance from “PDF theater” into a living change log. It ingests your security policies, standards, and procedures (SOC 2, ISO 27001, HIPAA, internal) and tracks every edit like Git: who changed what, why, when, and what evidence supports it. It generates auditor-ready “diff reports” showing policy evolution, mapped controls, and linked evidence (tickets, configs, screenshots, vendor attestations). It also runs lightweight drift checks: if a policy says “MFA required,” it prompts you to attach proof (IdP config export) and flags stale evidence. This is a combination traditional + AI app: AI helps summarize changes, suggest control mappings, and detect contradictions, but the core value is immutable versioning, approvals, and evidence linkage. It’s not a full GRC suite; it’s the missing layer between docs and proof.