Legal
Audit disclaimer
Last updated: July 15, 2026
Sills reports are evidence-based review aids. They are not certifications, guarantees, professional opinions, or proof that a product is secure, compliant, accessible, complete, defect-free, or production-ready.
Automated results are limited
Automated checks can identify evidence, failures, missing metadata, reachable states, and likely risks. Passing automated checks does not prove compliance, security, accessibility, quality, or absence of defects.
Tool failures, missing credentials, blocked routes, unavailable devices, incomplete test data, and uninspected workflows are limitations. They are not passing results.
Manual review remains required
Some questions require manual review, domain expertise, legal review, assistive technology testing, threat modeling, production observability, user research, or business judgement. A Sills report should label those requirements instead of pretending automation answered them.
Security and compliance
Sills security audits are passive reviews unless a specific workflow says otherwise. They are not penetration tests, vulnerability scans of every asset, legal compliance assessments, privacy impact assessments, SOC 2 audits, HIPAA reviews, PCI assessments, or regulatory certifications.
Accessibility findings may refer to WCAG or platform conventions, but Sills does not provide legal accessibility compliance advice.
Evidence and inference
Every finding should distinguish observed evidence, automated results, inference, and manual-review requirements. Treat recommendations as starting points for remediation, not as the only correct fix.
Release decisions
Sills can help identify release risks. Final release decisions remain with the people responsible for the product, its users, its legal obligations, and its operating environment.