How to build a SOC II Report Reviewer

This workflow is an end-to-end compliance automation agent that transforms a raw uploaded report into a fully reviewed, approved, and archived FFIEC-aligned risk assessment package.

It begins when a user submits one or more source documents through the Files input. Those documents are passed directly into the Risk Assessment with FFIEC Standards LLM node, which evaluates the report against FFIEC regulatory criteria and produces a structured risk analysis. The analysis is exposed through the Output node so it is immediately available to the caller and is simultaneously forwarded downstream for further processing.

Next, the Create Word Document node takes the risk assessment and generates a formal DOCX file in SharePoint, returning a shareable file URL. That URL, together with the original analysis, feeds into the Proposal LLM node, which drafts a proposal message referencing the newly created document.

The proposal is then delivered to stakeholders through the Send and Wait for Response Slack node, which posts an interactive message with approval buttons and pauses the workflow until a human responds. Once a response is received, the Upload File node uploads the associated file to SharePoint via its public URL, completing the archival step.

The result is a single automated pipeline: document in, FFIEC risk analysis out, Word proposal generated in SharePoint, Slack-based human approval, and final SharePoint archive. The analysis is also surfaced as a direct workflow output for downstream use, making it easy to integrate this agent into broader GRC and third-party risk management workflows.

Whether you're a compliance team evaluating SOC 2 reports against FFIEC examination standards, a vendor risk manager building audit-ready documentation, or an IT risk team automating URSIT-aligned assessments, this workflow eliminates manual handoffs and keeps your review process moving from intake to archival without switching tools.