3
Audit & Evidence Management
Total Audits
12
Current year
Planned
5
Next 90 days
In Progress
2
Active audits
Open Findings
18
4 since last month
| Audit Name | Type | Framework | Scope | Start Date | End Date | Status | Findings | Actions |
|---|---|---|---|---|---|---|---|---|
|
Q2 2025 Internal Security Audit
Comprehensive internal security audit covering all NIST CSF domains.
|
Internal | NIST CSF | All Departments | May 15, 2025 | Jun 15, 2025 | Planned | - | |
|
ISO 27001 Certification Pre-Assessment
Pre-assessment audit to evaluate readiness for ISO 27001 certification.
|
External | ISO 27001 | Information Security | Jun 10, 2025 | Jun 30, 2025 | Planned | - | |
|
Access Control Compliance Audit
Focused audit on access control policies and implementation.
|
Compliance | PR.AC A.5.15 | IT & HR Departments | Apr 05, 2025 | Apr 25, 2025 | In Progress | 4 | |
|
Cloud Security Assessment
Security assessment of cloud infrastructure and services.
|
Security | PR.DS A.8.9 | Cloud Infrastructure | Apr 10, 2025 | Apr 30, 2025 | In Progress | 6 | |
|
Q1 2025 Internal Security Audit
Quarterly internal security audit covering all NIST CSF domains.
|
Internal | NIST CSF | All Departments | Jan 15, 2025 | Feb 15, 2025 | Completed | 12 | |
|
Vendor Security Assessment
Security assessment of critical third-party vendors.
|
Security | ID.SC A.5.19 | Vendor Management | Feb 10, 2025 | Mar 10, 2025 | Completed | 8 |
Page 1 of 2
Sun
Mon
Tue
Wed
Thu
Fri
Sat
30
31
1
2
3
4
5
Access Control Compliance Audit
6
7
8
9
10
Cloud Security Assessment
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Access Control Audit Ends
26
27
28
29
30
Cloud Security Assessment Ends
1
2
3
Planned
In Progress
Completed
Audit Start
Audit End
Audit Findings & Remediation Actions
Total Findings:
32
Open:
18
In Progress:
8
Closed:
14
| ID | Finding | Audit | Framework Reference | Severity | Status | Due Date | Owner | Actions |
|---|---|---|---|---|---|---|---|---|
| F-2025-023 |
Insufficient access controls for privileged accounts
Privileged accounts lack multi-factor authentication and proper access review processes.
|
Access Control Compliance Audit | PR.AC-1 A.5.15 | Critical | Open | Apr 30, 2025 |
|
|
| F-2025-027 |
Unencrypted sensitive data in cloud storage
Customer data stored in cloud buckets without proper encryption at rest.
|
Cloud Security Assessment | PR.DS-1 A.8.11 | Critical | In Progress | May 05, 2025 |
|
|
| F-2025-024 |
Inadequate password policy enforcement
Password policy does not enforce complexity requirements and regular password changes.
|
Access Control Compliance Audit | PR.AC-1 A.5.17 | High | Open | May 10, 2025 |
|
|
| F-2025-028 |
Insufficient logging and monitoring
Cloud infrastructure lacks comprehensive logging and monitoring for security events.
|
Cloud Security Assessment | DE.CM-1 A.8.15 | High | Open | May 15, 2025 |
|
|
| F-2025-025 |
Incomplete user access reviews
User access reviews are not conducted regularly for all systems.
|
Access Control Compliance Audit | PR.AC-4 A.5.16 | Medium | In Progress | May 20, 2025 |
|
|
| F-2025-026 |
Outdated access control documentation
Access control policies and procedures have not been updated in the last 12 months.
|
Access Control Compliance Audit | PR.IP-1 A.5.2 | Low | Open | Jun 15, 2025 |
|
Page 1 of 4
Evidence Repository
Centralized repository for all compliance evidence and documentation.
Access Control Policy
PR.AC-1
A.5.15
User Access Review Results
PR.AC-4
A.5.16
Cloud Encryption Settings
PR.DS-1
A.8.11
Cloud Security Monitoring Logs
DE.CM-1
A.8.15
Security Awareness Training Materials
PR.AT-1
A.6.3
Training Attendance Records
PR.AT-1
A.6.3
Q1 2025 Internal Security Audit Report
Multiple
Multiple
Vendor Security Assessment Report
ID.SC
A.5.19
Page 1 of 6