# EquanimGRC Auditor Independence Policy **Effective:** April 14, 2026 **Owner:** Atomlab LLC, operator of EquanimGRC **Canonical URL:** https://equanimgrc.com/trust/independence Compliance only works if the person assessing you is independent of the vendor that helped you prepare. This is our written policy on auditor relationships. --- ## 01 — No referral fees. EquanimGRC does not accept payment, rev-share, commission, or in-kind consideration from audit firms for introducing customers. We will not begin accepting any such arrangement without announcing it publicly first. ## 02 — No captive audit-firm pool. We do not run an auditor marketplace. We do not maintain a preferred list of firms that we steer customers toward. Customers choose their assessor themselves — from the firm they already work with, a firm they find independently, or one recommended by a peer. ## 03 — Auditor access is customer-controlled. When an auditor needs access to your EquanimGRC workspace, you grant it. You decide the scope. You revoke it when the engagement ends. EquanimGRC does not open a back channel to your auditor or share your data without an explicit grant from you. ## 04 — No ghost-written conclusions. EquanimGRC does not produce draft audit opinions, attestation letters, or assessor conclusions. Our platform helps you assemble the evidence; the independent audit firm forms its own opinion based on its own testing. We do not put words in the auditor's mouth. ## 05 — If any of this changes, we announce it. This policy is dated. If we ever change any of the commitments on this page, we will announce the change on the canonical URL above with the old policy preserved alongside, and notify active customers directly. We will not quietly edit our ethics. --- ## Verification This document is published with a detached PGP signature. To verify: ``` curl -sL https://equanimgrc.com/pgp-key.asc | gpg --import curl -sO https://equanimgrc.com/policies/auditor-independence.md curl -sO https://equanimgrc.com/policies/auditor-independence.md.asc gpg --verify auditor-independence.md.asc auditor-independence.md ``` PGP key fingerprint: `5B61 9918 0EC8 D3E8 C6FA CBDE CB80 F375 407E 3B26`