DEMO
You are viewing a demo with synthetic data.to connect your own infrastructure.
09

COMPLIANCE

94/ 100

SOC 2 Type II

57 passing4 failing
61 controls
91/ 100

ISO 27001

85 passing8 failing
93 controls
88/ 100

PCI-DSS v4.0

11 passing1 failing
12 controls
85/ 100

HIPAA

38 passing7 failing
45 controls
92/ 100

GDPR

33 passing3 failing
36 controls

SOC 2 Type II

94%
57/61 controls passing94%
Failing Controls
CC6.1 - Logical Access Security: MFA not enforced on 2 service accounts
CC7.2 - System Monitoring: Log retention below 90-day requirement for staging
CC8.1 - Change Management: 3 production changes without approval workflow
CC6.3 - Role-Based Access: Over-privileged IAM roles detected (dev-deploy)

ISO 27001

91%
85/93 controls passing91%
Failing Controls
A.8.1 - Asset Management: 5 untagged cloud resources discovered
A.9.4 - System Access Control: Password policy non-compliant (3 accounts)
A.12.4 - Logging and Monitoring: CloudTrail gaps in staging account
A.13.1 - Network Security: VPC peering without encryption in transit
A.14.2 - Development Security: 2 dependencies with known CVEs in production
A.18.1 - Compliance: GDPR data processing agreement missing for 1 vendor
A.10.1 - Cryptographic Controls: TLS 1.0 still enabled on legacy endpoint
A.12.6 - Technical Vulnerability Management: Patch SLA exceeded (3 instances)

PCI-DSS v4.0

88%
11/12 controls passing88%
Failing Controls
Req 6.2 - Secure Development: Input validation gaps in payment API

HIPAA

85%
38/45 controls passing85%
Failing Controls
Access Control - 164.312(a): PHI access without audit trail (2 instances)
Audit Controls - 164.312(b): Incomplete audit log for PHI database access
Integrity Controls - 164.312(c): Checksums not validated on PHI transfers
Transmission Security - 164.312(e): Unencrypted PHI in internal message queue
Risk Analysis - 164.308(a)(1): Annual risk assessment 30 days overdue
Workforce Security - 164.308(a)(3): 4 terminated users with active credentials
Contingency Plan - 164.308(a)(7): DR test not completed this quarter

GDPR

92%
33/36 controls passing92%
Failing Controls
Art 30 - Records of Processing: 1 processing activity not documented
Art 32 - Security of Processing: Encryption at rest missing on staging DB
Art 35 - DPIA: Impact assessment not completed for new ML feature