Mastering Audit Success: Crafting Ironclad Compliance Procedures for Flawless Audits in 2026

In the intricate landscape of 2026, regulatory compliance isn't merely a box to tick; it's the bedrock of organizational integrity, financial stability, and sustained reputation. From stringent data privacy laws like GDPR and CCPA to industry-specific mandates such as HIPAA, SOX, PCI DSS, and various GxP guidelines, the regulatory environment is more complex and dynamic than ever before. Companies face immense pressure to not only adhere to these rules but to demonstrably prove that adherence through robust, auditable documentation.

An external audit can feel like an interrogation, a high-stakes examination where the burden of proof rests squarely on your organization. The difference between a smooth audit, resulting in a clean bill of health, and a tumultuous one, plagued by findings and potential penalties, often boils down to the quality of your compliance procedures and their accompanying documentation. Vague, outdated, or inaccessible procedures are an auditor's red flag, signaling potential control weaknesses and operational risks.

This article, tailored for compliance officers, operations managers, quality assurance leads, and anyone tasked with navigating the audit gauntlet, will provide a comprehensive, actionable guide to documenting compliance procedures that consistently pass audits. We’ll explore the auditor's perspective, detail critical documentation principles, and walk through a step-by-step process for creating ironclad Standard Operating Procedures (SOPs). Crucially, we’ll highlight how modern AI tools like ProcessReel are transforming this often-daunting task, making audit readiness not just achievable, but efficient.

The Imperative of Meticulous Compliance Documentation

The stakes for compliance have never been higher. Regulatory bodies are increasingly aggressive, imposing substantial fines for non-compliance. Beyond financial penalties, regulatory breaches can lead to severe reputational damage, loss of customer trust, and even operational shutdowns. Consider a healthcare provider facing a HIPAA violation due to inadequately documented data handling procedures, or a financial institution hit with a multi-million dollar fine for SOX non-compliance stemming from poor financial control documentation. These aren't theoretical scenarios; they are daily realities for businesses worldwide.

The challenge is amplified by several factors:

• Rapid Regulatory Evolution: Laws and standards change frequently, requiring continuous updates to internal processes and documentation.
• Distributed Teams and Remote Work: With a significant portion of the global workforce operating remotely, ensuring consistent process execution and documentation across disparate locations demands robust digital solutions. For insights into managing this, see our article on Navigating the Remote Work Landscape: Essential Process Documentation for Distributed Teams in 2026.
• Complex Operational Silos: In larger organizations, processes often span multiple departments, each with its own way of operating, leading to inconsistent or fragmented documentation.

Failing to properly document these critical processes creates what we refer to as an "invisible drain." This drain manifests as wasted time, increased error rates, and significant financial exposure. A recent study by a GRC (Governance, Risk, and Compliance) consulting firm revealed that organizations with poorly documented compliance procedures spend an average of 40% more time on audit preparation and remediation compared to those with mature documentation practices. The quantifiable impact of this "invisible drain" can be staggering, as explored in detail in our related articles: The Invisible Drain: Quantifying the Staggering Costs of Undocumented Processes in 2026 and The Silent Drain: Unmasking the Hidden Costs of Undocumented Processes in 2026.

Meticulous documentation isn't just about avoiding penalties; it's about operational excellence. Clear SOPs foster consistency, reduce training time for new hires, minimize errors, and build a culture of accountability. When audits come, they serve as a validation of these internal strengths, rather than a harrowing inquisition.

Understanding the Auditor's Mindset: What They Look For

To create documentation that passes an audit, it's essential to think like an auditor. Auditors aren't just looking for a binder full of papers; they're looking for concrete evidence that your organization identifies, understands, and effectively manages its compliance risks. Their objective is to assess the design effectiveness and operational effectiveness of your internal controls.

Here’s a breakdown of what auditors prioritize:

1. Evidence of Controls: Do your procedures clearly articulate where and how specific compliance controls are implemented? For example, if PCI DSS requires quarterly vulnerability scans, do your procedures detail who performs the scan, when it's done, which tools are used, and how the results are documented and addressed?
2. Consistency and Adherence: Auditors want to see that procedures are not just written down but are actually followed consistently across the organization. This means verifying that personnel execute tasks as described in the SOPs, and that there are mechanisms to detect and correct deviations. They will often conduct interviews, observe processes, and sample transactions to confirm adherence.
3. Completeness and Accuracy: Is the documentation comprehensive, covering all aspects of the compliance requirement? Is it accurate, reflecting the current state of operations? Outdated or incomplete documentation immediately raises red flags, suggesting a lack of control or due diligence.
4. Accessibility and Version Control: Auditors need to confirm that relevant employees can easily access the most current versions of procedures. They'll ask about your document management system, how updates are managed, and how old versions are archived. They need to see a clear audit trail of changes, approvals, and publication dates.
5. Training Records and Attestations: It's not enough to have procedures; employees must be trained on them. Auditors will request proof of training completion, comprehension assessments, and attestations where employees formally acknowledge their understanding and commitment to follow specific compliance procedures.

Real-world Example: Consider a mid-sized financial services firm undergoing a Sarbanes-Oxley (SOX) audit. The external auditors are examining the process for revenue recognition. They don't just ask for the "Revenue Recognition Policy." Instead, they request:

• The detailed SOP for processing sales orders, invoicing, and recording revenue.
• Evidence of review and approval steps at key stages (e.g., approval limits for discounts, sign-off on unusual transactions).
• Screenshots from the ERP system demonstrating segregation of duties (e.g., the person creating the invoice cannot also approve the payment).
• Records of monthly reconciliations performed by a different individual than the one who recorded the transactions.
• Training logs showing that all accounting and sales personnel have completed mandatory SOX compliance training within the last 12 months.
• A change log for the revenue recognition SOP itself, proving it was last reviewed and approved by the Controller and Internal Audit within the current fiscal year.

Without this granular, verifiable documentation, the firm risks audit findings that could lead to significant internal control deficiencies and, potentially, costly remediation efforts and reputational damage.

Key Principles for Documenting Audit-Ready Compliance Procedures

Effective compliance documentation isn't about volume; it's about precision, clarity, and strategic organization. Adhering to these fundamental principles will significantly strengthen your position during an audit.

1. Clarity and Specificity are Paramount

Ambiguity is the enemy of compliance. Every procedure must be written in clear, concise language that leaves no room for misinterpretation.

• Avoid jargon: While industry terms are sometimes necessary, explain them or provide a glossary.
• Use active voice: Clearly define who is responsible for what action. Instead of "Data should be encrypted," write "The System Administrator encrypts all sensitive customer data at rest and in transit using AES-256 encryption."
• Specify conditions and triggers: When does a procedure start? What conditions must be met? For example, "Upon receiving a new customer data consent form (Form CX-001) via the customer portal, the Data Privacy Officer initiates the data intake review process."
• Quantify where possible: Instead of "promptly," specify "within 24 business hours." Instead of "regularly," specify "monthly" or "quarterly."

2. Traceability and Audit Trails

Every compliance procedure should be explicitly linked to the regulation or standard it addresses. This "traceability matrix" is incredibly useful for auditors.

• Regulatory mapping: Create a spreadsheet or use a GRC platform that maps each regulatory requirement to specific internal controls and SOPs.
• Action logging: Ensure that actions taken according to a compliance procedure are logged and verifiable. This forms your audit trail. For instance, a log of security patch installations, including dates, personnel, and verification steps, is crucial for ISO 27001 compliance.
• Change management: Any changes to compliance-critical systems or processes must be documented, approved, and linked to updated procedures.

3. Accessibility and Centralization

Auditors will not tolerate searching through disparate files, network drives, or outdated binders. All compliance documentation must be easily accessible from a single, centralized, and controlled repository.

• Single source of truth: Implement a document management system (DMS) or intranet portal where all current SOPs reside. This prevents employees from using outdated versions.
• Role-based access: Ensure that only authorized personnel can view, edit, or approve specific documents.
• Searchability: Documents should be easily discoverable through keywords, categories, and tags.
• Global access for distributed teams: In an era of remote and hybrid workforces, this becomes even more critical. Documentation must be accessible from anywhere, securely. For deeper strategies on this, revisit our insights on Navigating the Remote Work Landscape: Essential Process Documentation for Distributed Teams in 2026.

4. Regular Review and Updates

Compliance is not a static state. Regulations change, technology evolves, and internal processes are refined. Your documentation must keep pace.

• Scheduled reviews: Assign owners to each SOP and schedule mandatory annual or bi-annual reviews. For highly dynamic areas (e.g., data privacy), quarterly reviews might be necessary.
• Version control: Every document must have a clear version number, publication date, and details of what changes were made from the previous version. This allows auditors to confirm that the most current and approved procedures are in use.
• Approval workflows: Implement a formal, multi-level approval process for any changes to compliance documents, involving legal, compliance, and operational stakeholders.

5. Training and Attestation

Having perfect procedures is pointless if your employees don't know they exist or how to follow them.

• Mandatory training: Develop and deliver comprehensive training programs on all compliance-critical SOPs.
• Knowledge checks: Incorporate quizzes or practical demonstrations to confirm employee understanding.
• Attestation: Require employees to formally attest (e.g., via digital signature) that they have read, understood, and agree to adhere to specific compliance procedures. This provides a clear audit trail of accountability.
• Refresher training: Implement a schedule for periodic refresher training, especially for high-risk procedures or following significant regulatory changes.

A Step-by-Step Guide to Documenting Compliance Procedures That Pass Audits

Building an audit-proof documentation framework requires a structured approach. This detailed guide will walk you through the process, emphasizing practical execution and the role of modern tools.

Step 1: Identify All Applicable Regulations and Standards

Before you can document compliance, you must know what you're complying with.

• Conduct a regulatory assessment: Catalog all laws, regulations, industry standards, and internal policies relevant to your organization. This might include HIPAA, GDPR, CCPA, SOX, PCI DSS, ISO 27001, GxP, SEC rules, environmental regulations, etc.
• Create a compliance matrix: For each regulation, identify specific requirements and map them to the business units, systems, and processes they affect. This matrix serves as your foundational compliance roadmap.
• Consult legal and compliance experts: Engage your legal counsel, internal compliance officers, or external consultants to ensure a comprehensive and accurate understanding of your compliance obligations.
• Stay informed: Subscribe to regulatory updates, industry news, and legal advisories to anticipate upcoming changes.

Step 2: Map Out Existing Processes (or Define New Ones)

Understanding how work is actually done is crucial. Don't document what you think happens; document reality.

• Process discovery workshops: Gather subject matter experts (SMEs) from each relevant department to map out current workflows. Use tools like whiteboards, sticky notes, or digital flowcharting software.
• Observe and record: For digital workflows, observing an employee perform the task is invaluable. This is where ProcessReel shines. Instead of taking manual notes and screenshots, simply record the screen as an employee performs a compliance-critical task, narrating their actions and decisions. ProcessReel converts this screen recording directly into a detailed, step-by-step SOP draft, capturing every click, input, and visual cue. This ensures maximum accuracy and minimizes the omission of critical steps.
• Identify gaps and inefficiencies: During mapping, you’ll naturally uncover areas where processes are inconsistent, inefficient, or where compliance controls are missing or weak. Document these for remediation.

Step 3: Integrate Compliance Requirements into Each Process Step

Compliance isn't an add-on; it must be embedded directly into your operational DNA.

• Control points: For each process step, identify where a compliance control is necessary. For example, in a customer onboarding process, a step might be "Verify customer identity against government-issued ID (KYC requirement)."
• Risk mitigation: Think about potential compliance risks at each step and design specific actions to mitigate them. For example, if handling Personally Identifiable Information (PII), a step might be "Encrypt data field upon entry into CRM."
• Define roles and responsibilities: Clearly state who is responsible for executing each compliance-related action. This prevents confusion and assigns accountability.

Step 4: Draft Your Standard Operating Procedures (SOPs)

This is the core of your compliance documentation. SOPs must be clear, detailed, and actionable.

• Standardized format: Use a consistent template for all SOPs. A typical structure includes:
  • Purpose: Why does this procedure exist? (e.g., "To ensure compliance with GDPR Article 17, the 'Right to Erasure.'")
  • Scope: What does this procedure cover? What doesn't it cover?
  • Responsibilities: Who performs which steps? Who approves?
  • Procedure Steps: The heart of the document – detailed, numbered steps.
  • Definitions: Clarify any technical terms or acronyms.
  • Related Documents: Link to policies, forms, or other relevant SOPs.
• Leverage ProcessReel for efficiency: After recording your process in Step 2, ProcessReel automatically generates a detailed SOP. It breaks down the recording into individual steps, capturing screenshots, generating descriptive text for each action, and even transcribing the narration. This capability can reduce the time required to draft a complex compliance SOP by as much as 80%. Instead of spending 15-20 hours manually documenting a multi-system workflow, a Compliance Analyst might spend 3-4 hours refining ProcessReel's output, ensuring all compliance nuances are covered.
• Focus on the "how": Each step should describe how to perform an action, not just that it should be done. For example, "Click 'File' > 'Save As...' and select the 'Encrypted Documents' network share."

Step 5: Incorporate Visuals and Examples

Humans are visual learners. Screenshots, diagrams, and flowcharts significantly enhance comprehension and reduce errors.

• Screenshots: For software-based procedures, include screenshots of each interface, highlighting where to click, type, or navigate. ProcessReel automatically captures relevant screenshots for every step directly from your screen recording, eliminating manual screen capture and annotation.
• Flowcharts: Use flowcharts to illustrate decision points and process flows, especially for complex procedures with multiple branches.
• Examples: Provide clear, de-identified examples of inputs, outputs, or completed forms. For instance, a HIPAA compliance SOP might include a redacted example of a correctly completed patient consent form.

Step 6: Establish Robust Review and Approval Workflows

Compliance documentation requires rigorous vetting.

• Multi-level review: Involve subject matter experts (SMEs), department heads, compliance officers, legal counsel, and internal audit in the review process. Each layer provides a different perspective and ensures accuracy and adherence to policy.
• Formal approval: Require documented approval (e.g., digital signatures) from all designated approvers before an SOP is published. This creates an auditable record of accountability.
• Pilot testing: Before broad rollout, pilot test the new procedures with a small group of users to identify any practical issues or ambiguities.

Step 7: Implement a Controlled Document Management System

A robust DMS is non-negotiable for audit readiness.

• Centralized repository: All approved SOPs, policies, and related compliance documents must reside in a single, secure, and easily accessible system.
• Version control: The system must automatically manage document versions, allowing users to always access the latest approved version and preventing the use of outdated procedures. It should also maintain an archive of previous versions for historical reference.
• Access controls: Implement granular, role-based access permissions to ensure that only authorized personnel can view, edit, or approve specific documents.
• Audit trails: The DMS should track all document activity, including creation, edits, approvals, and viewing, providing a complete audit trail for compliance officers and external auditors.
• Automated notifications: Configure the system to automatically notify relevant stakeholders when documents are updated, reviewed, or due for review.

Step 8: Develop a Comprehensive Training Program

The best procedures are useless if employees aren't aware of them or don't know how to follow them.

• Mandatory training sessions: Conduct initial training for all personnel on new or updated compliance procedures. Use a variety of formats (in-person, e-learning, interactive workshops).
• Refresher training: Establish a recurring training schedule, especially for high-risk procedures or following significant regulatory changes.
• Knowledge assessments: Incorporate quizzes, scenarios, or practical exercises to verify employee comprehension.
• Training records: Maintain meticulous records of who was trained, when, on what material, and their assessment results. This is a critical piece of evidence for auditors.
• Attestation: Implement a formal attestation process where employees digitally sign off, confirming they have read, understood, and agree to adhere to key compliance SOPs.

Step 9: Conduct Internal Audits and Mock Drills

Don't wait for external auditors to find your weaknesses. Proactively identify and fix them.

• Regular internal audits: Schedule periodic internal audits of compliance procedures, using the same rigor and methodology as an external audit. This helps identify gaps, non-conformities, and areas for improvement.
• Mock audit drills: Conduct "mock audits" where a simulated audit team (internal or external consultants) tests your documentation, processes, and employee readiness. This allows your team to practice responding to auditor requests and interviews under pressure.
• Corrective and Preventive Actions (CAPA): For any findings from internal audits or mock drills, implement a robust CAPA process to address the root cause and prevent recurrence. Document these actions thoroughly, as auditors will often review your CAPA logs.
• Real-world Example: A manufacturing plant preparing for an ISO 9001 audit used ProcessReel to document its quality control procedures. Through internal mock audits, they identified several discrepancies between documented procedures and actual practices in their raw material inspection process. By quickly updating the ProcessReel-generated SOPs and conducting targeted retraining, they reduced potential audit non-conformities by 60%, significantly de-risking their certification.

Step 10: Continuously Monitor and Adapt

Compliance is an ongoing journey, not a destination.

• Regulatory watch: Designate a team or individual to monitor changes in relevant regulations and standards.
• Feedback loops: Encourage employees to provide feedback on SOPs. Are they practical? Are they clear? Their insights are invaluable for continuous improvement.
• Performance metrics: Track key performance indicators (KPIs) related to compliance, such as error rates, incident reports, training completion rates, and audit findings.
• Technology adoption: Continuously evaluate new tools and technologies that can enhance your compliance posture and documentation efficiency.

Real-World Impact: The Tangible Benefits of ProcessReel for Compliance Documentation

The traditional approach to compliance documentation—manual observation, note-taking, screenshot capturing, and arduous writing—is slow, error-prone, and unsustainable in today's dynamic regulatory environment. ProcessReel directly addresses these challenges, delivering tangible benefits that translate into audit success and operational efficiency.

• Reduced Documentation Time and Cost: Imagine a mid-sized fintech company responsible for documenting dozens of new financial control procedures annually to meet evolving SEC and FinCEN regulations. Before ProcessReel, a compliance analyst might spend 20 hours drafting a single detailed SOP, including interviews, manual screen captures, and meticulous writing. With ProcessReel, the process owner simply records their screen while performing the task, narrating as they go. ProcessReel then generates a comprehensive draft in minutes. The analyst's role shifts from drafting to reviewing and refining, cutting documentation time by 75-80%. For 50 SOPs, this represents a saving of 800 hours annually, freeing compliance teams for higher-value activities like risk analysis and strategic oversight.

• Improved Accuracy and Consistency: Human transcription is inherently fallible. Critical steps, specific clicks, or subtle decision points can be missed or misinterpreted. ProcessReel captures the exact sequence of actions directly from the screen, generating precise, visual, step-by-step instructions. This eliminates the risk of human error in transcribing procedures, ensuring that the documented process perfectly reflects the actual execution. For a pharmaceutical company adhering to GxP guidelines, where even minor deviations can lead to product recalls or regulatory sanctions, this level of accuracy is invaluable, potentially reducing compliance missteps by 15-20% and safeguarding product quality.

• Enhanced Audit Readiness: Auditors appreciate clarity, consistency, and easy access to documentation. ProcessReel's outputs are inherently visual, structured, and consistent in format, making them highly digestible for auditors. When an auditor requests proof of a specific control, the team can quickly present a ProcessReel-generated SOP with integrated screenshots and clear steps. This level of preparedness instills confidence in auditors, leading to smoother, faster audit cycles. Clients using ProcessReel have reported a 30% reduction in the average time external auditors spend validating documentation, directly cutting audit fees and internal resource drain.

• Better Employee Adherence and Reduced Training Time: Clearer, more visual SOPs mean employees understand their tasks better and are more likely to follow them correctly. New hires can onboard faster, quickly grasping complex compliance workflows by watching the recorded demonstrations and following the auto-generated steps. This reduces the learning curve, minimizes the risk of errors, and strengthens the overall compliance posture of the organization. A regional bank reported that new teller training time for critical fraud prevention procedures was reduced by two full days after implementing ProcessReel-generated SOPs, leading to faster productivity and fewer initial errors.

ProcessReel is more than just a documentation tool; it's a strategic asset for organizations committed to robust compliance and audit success. By transforming the burdensome task of SOP creation into a swift, accurate, and automated process, it allows compliance professionals to focus on strategy and risk mitigation, rather than manual transcription.

Frequently Asked Questions (FAQ)

1. How often should compliance procedures be updated?

The frequency of updates depends on several factors:

• Regulatory Changes: Immediately upon the effective date of any new or revised regulation impacting a procedure.
• Internal Process Changes: Whenever a process is modified, new technology is introduced, or an existing system is upgraded.
• Audit Findings: Any findings from internal or external audits that indicate a deficiency in a procedure require immediate review and update.
• Scheduled Reviews: Even without triggers, a mandatory annual review for all compliance-critical procedures is best practice. High-risk or rapidly evolving areas (e.g., data privacy, cybersecurity) may warrant quarterly or bi-annual reviews.
• Performance Data: If incident reports, error rates, or employee feedback suggest a procedure is unclear or ineffective, it should be reviewed.

2. Who is responsible for compliance documentation?

While specific roles vary by organization size and structure, responsibility is typically shared:

• Process Owners/Subject Matter Experts (SMEs): They are responsible for accurately documenting the procedures they perform or oversee. They are the initial creators and primary reviewers of their respective SOPs.
• Compliance Officer/Department: This team provides oversight, ensures all procedures align with regulatory requirements, develops templates, and manages the overall compliance documentation framework.
• Legal Counsel: Reviews procedures for legal soundness and advises on regulatory interpretations.
• Internal Audit: Assesses the effectiveness of documented controls and provides independent validation.
• Senior Management: Ultimately accountable for ensuring adequate resources and commitment to compliance documentation. Modern tools like ProcessReel empower process owners to quickly draft accurate SOPs, significantly easing the burden on compliance teams who then focus on review and governance.

3. Can AI tools like ProcessReel replace human compliance officers?

No, AI tools like ProcessReel are powerful enhancements, not replacements, for human compliance officers. ProcessReel automates the laborious, time-consuming task of drafting step-by-step procedures by converting screen recordings into detailed SOPs. This frees up compliance officers to focus on their core, strategic responsibilities, which AI cannot replicate:

• Regulatory Interpretation: Understanding nuanced legal language and applying it to unique business contexts.
• Risk Assessment: Identifying, analyzing, and prioritizing compliance risks.
• Strategic Planning: Developing and implementing comprehensive compliance programs.
• Ethical Judgment: Making decisions that require human ethics and discretion.
• Stakeholder Engagement: Building relationships, fostering a culture of compliance, and negotiating with regulators. ProcessReel makes the compliance officer's job more efficient and effective by providing accurate, up-to-date documentation rapidly, allowing them to concentrate on higher-value activities.

4. What are the biggest mistakes companies make when documenting compliance?

Common pitfalls include:

• Vagueness and Ambiguity: Using unclear language that leads to inconsistent execution.
• Outdated Information: Procedures that don't reflect current processes or regulations.
• Lack of Accessibility: Storing documentation in disparate locations, making it hard for employees or auditors to find.
• "Shelfware": Creating documentation that sits unused because employees aren't trained or don't understand it.
• Insufficient Detail: Skipping critical steps or decision points necessary for proper execution.
• Ignoring the "Why": Not explaining the purpose or regulatory context, which reduces employee buy-in.
• Manual and Inefficient Processes: Relying solely on manual documentation methods that are slow and prone to error, leading to a backlog of undocumented procedures.

5. How can I ensure my compliance procedures are understood by all employees?

Ensuring comprehension is critical for effective compliance:

• Clarity and Simplicity: Write in plain language, avoiding excessive jargon.
• Visual Aids: Incorporate screenshots (easily done with ProcessReel), flowcharts, and diagrams to illustrate steps.
• Interactive Training: Don't just lecture. Use hands-on exercises, quizzes, and real-world scenarios in training.
• Role-Based Training: Tailor training content to specific job roles, focusing only on the procedures relevant to their responsibilities.
• Regular Refreshers: Conduct periodic training refreshers, especially for high-risk procedures or following significant changes.
• Feedback Mechanisms: Create channels for employees to ask questions and provide feedback on procedure clarity.
• Accessibility: Ensure all procedures are easily accessible through a centralized, searchable platform.
• Leadership Endorsement: Visible support from leadership reinforces the importance of compliance and adherence to procedures.

Conclusion

Documenting compliance procedures that consistently pass audits is not an insurmountable challenge, but a strategic investment. It requires a commitment to clarity, precision, and continuous improvement. By understanding the auditor's perspective, adhering to key documentation principles, and following a structured step-by-step approach, organizations can transform audit preparation from a reactive scramble into a proactive demonstration of operational excellence.

In 2026, the complexity of the regulatory landscape demands modern solutions. Tools like ProcessReel are no longer a luxury but an essential component of an effective compliance program, drastically cutting the time and effort required to create accurate, audit-ready SOPs. By automating the capture and documentation of complex digital workflows, ProcessReel allows your team to focus on strategic compliance oversight and risk mitigation, ensuring your organization is not just compliant, but genuinely audit-proof.

Take control of your compliance documentation and prepare for your next audit with confidence.

Try ProcessReel free — 3 recordings/month, no credit card required.