Compliance OS

Vendor Workspace

Demo ModeSample Data Only

This is a Demo Compliance Environment

No real customer data is stored here. All organizations, evidence, assessments, and control updates are seeded sample/demo data for product demonstrations.

Active demo organization: King's Healthcare, Inc. (Demo Organization)

Vendor self-assessment workspace

King's FinTech, Inc. (Demo Organization)

King's FinTech, Inc. Annual Security Compliance Audit 2026

Status: IN PROGRESSCustomer: King's Compliance Advisory (Demo)Engagement: King's FinTech Trust & Security ProgramDue: May 26, 20264 frameworks
Control LibraryEvidence CenterOpen Audit Review
Assigned Assessments
Switch between vendor audits and framework-specific questionnaires.
test NIST80053 Audit 2026-02-25King's FinTech, Inc. Assurance Readiness SprintKing's FinTech, Inc. Control Validation ReviewKing's FinTech, Inc. Annual Security Compliance Audit 2026
Total Controls
24

4 framework scope

Applied Controls
18

9 fully implemented

Tasks (Open)
12

5 overdue POA&M items

Evidence Linked
16

13 awaiting customer review

High-Risk Gaps
6

2 needs info/rejected

Control Completion
Answered controls vs total in scope
18 / 24
75% complete
Submission Readiness
Combines completion, evidence, and open high-risk gaps
41%
41% complete
Risk Assessment Score
Higher is better (lower open-risk exposure)
70
70% complete
Control Status Breakdown
Implementation state distribution across this audit scope.
Controls
30
Implemented
9
30%
Partial
6
20%
Open
12
40%
Not Applicable
3
10%
Request Queue Breakdown
What is blocking submission or requires follow-up.
Domain Completion
Answered controls by domain (top incomplete domains surface first).
Framework Scope
Frameworks currently included in this vendor assessment.

SOC 2

SOC2 · Trust Services Criteria

6 controls
67%

ISO/IEC 27001

ISO27001 · 2022

6 controls
83%

NIST Cybersecurity Framework

NIST · 2.0

6 controls
83%

CIS Controls

CIS · v8

6 controls
67%
Domain Progress
Accordion view for control domains, completion, evidence, and top gaps.

Change Management

0 / 1 controls answered

0%
0 implemented1 open

Implementation Coverage

0%

Includes fully implemented controls only

Evidence Coverage

0%

Controls with at least one linked evidence item

High Risk Gaps

1

Open controls marked High/Critical

Top Gaps

CC8.1 Change Management

NOT IMPLEMENTEDHigh

Communication & Information

0 / 1 controls answered

0%
0 implemented1 open

Implementation Coverage

0%

Includes fully implemented controls only

Evidence Coverage

0%

Controls with at least one linked evidence item

High Risk Gaps

1

Open controls marked High/Critical

Top Gaps

CC2.1 Board Oversight

NOT IMPLEMENTEDHigh

Govern

0 / 1 controls answered

0%
0 implemented1 open

Implementation Coverage

0%

Includes fully implemented controls only

Evidence Coverage

0%

Controls with at least one linked evidence item

High Risk Gaps

0

Open controls marked High/Critical

Top Gaps

GV.RM-01 Risk Management Strategy

NOT IMPLEMENTEDMedium

Inventory and Control of Enterprise Assets

0 / 1 controls answered

0%
0 implemented1 open

Implementation Coverage

0%

Includes fully implemented controls only

Evidence Coverage

0%

Controls with at least one linked evidence item

High Risk Gaps

0

Open controls marked High/Critical

Top Gaps

1.1 Establish and Maintain Detailed Enterprise Asset Inventory

NOT IMPLEMENTEDMedium

Secure Configuration of Enterprise Assets and Software

0 / 1 controls answered

0%
0 implemented1 open

Implementation Coverage

0%

Includes fully implemented controls only

Evidence Coverage

0%

Controls with at least one linked evidence item

High Risk Gaps

0

Open controls marked High/Critical

Top Gaps

4.1 Establish and Maintain a Secure Configuration Process

NOT IMPLEMENTEDMedium

Technological Controls

2 / 3 controls answered

67%
2 implemented1 open

Implementation Coverage

67%

Includes fully implemented controls only

Evidence Coverage

67%

Controls with at least one linked evidence item

High Risk Gaps

1

Open controls marked High/Critical

Top Gaps

A.8.16 Monitoring Activities

NOT IMPLEMENTEDHigh

Account Management

1 / 1 controls answered

100%
1 implemented0 open

Implementation Coverage

100%

Includes fully implemented controls only

Evidence Coverage

100%

Controls with at least one linked evidence item

High Risk Gaps

0

Open controls marked High/Critical

Top Gaps

No open gaps in this domain.

Audit Log Management

1 / 1 controls answered

100%
0 implemented0 open

Implementation Coverage

0%

Includes fully implemented controls only

Evidence Coverage

0%

Controls with at least one linked evidence item

High Risk Gaps

0

Open controls marked High/Critical

Top Gaps

No open gaps in this domain.

Availability

1 / 1 controls answered

100%
0 implemented0 open

Implementation Coverage

0%

Includes fully implemented controls only

Evidence Coverage

100%

Controls with at least one linked evidence item

High Risk Gaps

1

Open controls marked High/Critical

Top Gaps

A1.2 Availability Commitments

PARTIALLY IMPLEMENTEDHigh

Control Environment

1 / 1 controls answered

100%
1 implemented0 open

Implementation Coverage

100%

Includes fully implemented controls only

Evidence Coverage

100%

Controls with at least one linked evidence item

High Risk Gaps

0

Open controls marked High/Critical

Top Gaps

No open gaps in this domain.

Detect

1 / 1 controls answered

100%
0 implemented0 open

Implementation Coverage

0%

Includes fully implemented controls only

Evidence Coverage

100%

Controls with at least one linked evidence item

High Risk Gaps

1

Open controls marked High/Critical

Top Gaps

DE.CM-01 Continuous Monitoring

PARTIALLY IMPLEMENTEDHigh

Identify

1 / 1 controls answered

100%
1 implemented0 open

Implementation Coverage

100%

Includes fully implemented controls only

Evidence Coverage

100%

Controls with at least one linked evidence item

High Risk Gaps

0

Open controls marked High/Critical

Top Gaps

No open gaps in this domain.

Incident Response Management

1 / 1 controls answered

100%
0 implemented0 open

Implementation Coverage

0%

Includes fully implemented controls only

Evidence Coverage

100%

Controls with at least one linked evidence item

High Risk Gaps

1

Open controls marked High/Critical

Top Gaps

17.3 Test and Update Incident Response Process

PARTIALLY IMPLEMENTEDHigh

Logical and Physical Access Controls

1 / 1 controls answered

100%
1 implemented0 open

Implementation Coverage

100%

Includes fully implemented controls only

Evidence Coverage

100%

Controls with at least one linked evidence item

High Risk Gaps

0

Open controls marked High/Critical

Top Gaps

No open gaps in this domain.

Network Monitoring and Defense

1 / 1 controls answered

100%
1 implemented0 open

Implementation Coverage

100%

Includes fully implemented controls only

Evidence Coverage

100%

Controls with at least one linked evidence item

High Risk Gaps

0

Open controls marked High/Critical

Top Gaps

No open gaps in this domain.

Organizational Controls

3 / 3 controls answered

100%
1 implemented0 open

Implementation Coverage

33%

Includes fully implemented controls only

Evidence Coverage

67%

Controls with at least one linked evidence item

High Risk Gaps

0

Open controls marked High/Critical

Top Gaps

A.5.23 Information Security for Cloud Services

PARTIALLY IMPLEMENTEDMedium

Protect

1 / 1 controls answered

100%
0 implemented0 open

Implementation Coverage

0%

Includes fully implemented controls only

Evidence Coverage

100%

Controls with at least one linked evidence item

High Risk Gaps

0

Open controls marked High/Critical

Top Gaps

No open gaps in this domain.

Recover

1 / 1 controls answered

100%
0 implemented0 open

Implementation Coverage

0%

Includes fully implemented controls only

Evidence Coverage

100%

Controls with at least one linked evidence item

High Risk Gaps

0

Open controls marked High/Critical

Top Gaps

RC.CO-01 Recovery Communications

PARTIALLY IMPLEMENTEDMedium

Respond

1 / 1 controls answered

100%
1 implemented0 open

Implementation Coverage

100%

Includes fully implemented controls only

Evidence Coverage

100%

Controls with at least one linked evidence item

High Risk Gaps

0

Open controls marked High/Critical

Top Gaps

No open gaps in this domain.

System Operations

1 / 1 controls answered

100%
0 implemented0 open

Implementation Coverage

0%

Includes fully implemented controls only

Evidence Coverage

100%

Controls with at least one linked evidence item

High Risk Gaps

0

Open controls marked High/Critical

Top Gaps

CC7.2 System Monitoring

PARTIALLY IMPLEMENTEDLow
Customer Requests / POA&M
Controls needing remediation action, evidence, or reviewer follow-up.

A1.2 Availability Commitments

High
PARTIALLY IMPLEMENTEDSUBMITTEDSUBMITTEDOPEN1 evidence1 pending review1 POA&M openIT8d overdue

A.8.16 Monitoring Activities

High
NOT IMPLEMENTEDDRAFTIN PROGRESSevidence needed1 POA&M openSecurity4d overdue

CC2.1 Board Oversight

High
NOT IMPLEMENTEDDRAFTBLOCKEDevidence needed1 POA&M openEngineeringDue today

17.3 Test and Update Incident Response Process

High
PARTIALLY IMPLEMENTEDNEEDS INFONEEDS INFOOPEN1 evidence1 pending review1 POA&M openEngineeringDue today

DE.CM-01 Continuous Monitoring

High
PARTIALLY IMPLEMENTEDSUBMITTEDSUBMITTEDOPEN1 evidence1 pending review1 POA&M openITDue in 4d

CC8.1 Change Management

High
NOT IMPLEMENTEDSUBMITTEDBLOCKEDevidence needed1 POA&M openComplianceDue in 12d

1.1 Establish and Maintain Detailed Enterprise Asset Inventory

Medium
NOT IMPLEMENTEDDRAFTOPENevidence needed1 POA&M openIT8d overdue

4.1 Establish and Maintain a Secure Configuration Process

Medium
NOT IMPLEMENTEDSUBMITTEDOPENevidence needed1 POA&M openGRCDue in 4d
Control Workbench
Vendor-ready questionnaire table for implementation status, risk, owners, and evidence.
ControlDomainFrameworkStatusCustomer ReviewEvidence ReviewRiskEvidencePOA&MOwnerDue

5.1 Establish and Maintain an Inventory of Accounts

Account ManagementCISIMPLEMENTEDAPPROVEDAPPROVED
1 linked
Security
No due date

8.2 Collect Audit Logs

Audit Log ManagementCISNOT APPLICABLEAPPROVED
Missing
Compliance
No due date

A1.2 Availability Commitments

AvailabilitySOC2PARTIALLY IMPLEMENTEDSUBMITTEDSUBMITTEDHigh
1 linked
1 pending
OPEN
1 open · 1 overdue
IT
Feb 17, 2026
8d overdue

CC8.1 Change Management

Change ManagementSOC2NOT IMPLEMENTEDSUBMITTEDHigh
Missing
BLOCKED
1 open
Compliance
Mar 9, 2026
Due in 12d

CC2.1 Board Oversight

Communication & InformationSOC2NOT IMPLEMENTEDDRAFTHigh
Missing
BLOCKED
1 open · 1 overdue
Engineering
Feb 25, 2026
Due today

CC1.1 Integrity and Ethical Values

Control EnvironmentSOC2IMPLEMENTEDAPPROVEDAPPROVED
1 linked
Platform
No due date

DE.CM-01 Continuous Monitoring

DetectNISTPARTIALLY IMPLEMENTEDSUBMITTEDSUBMITTEDHigh
1 linked
1 pending
OPEN
1 open
IT
Mar 1, 2026
Due in 4d

GV.RM-01 Risk Management Strategy

GovernNISTNOT IMPLEMENTEDSUBMITTEDMedium
Missing
IN_PROGRESS
1 open
Platform
Mar 5, 2026
Due in 8d

ID.AM-01 Asset Inventory

IdentifyNISTIMPLEMENTEDSUBMITTEDAPPROVED
1 linked
Engineering
No due date

17.3 Test and Update Incident Response Process

Incident Response ManagementCISPARTIALLY IMPLEMENTEDNEEDS INFONEEDS INFOHigh
1 linked
1 pending
OPEN
1 open · 1 overdue
Engineering
Feb 25, 2026
Due today

1.1 Establish and Maintain Detailed Enterprise Asset Inventory

Inventory and Control of Enterprise AssetsCISNOT IMPLEMENTEDDRAFTMedium
Missing
OPEN
1 open · 1 overdue
IT
Feb 17, 2026
8d overdue

CC6.1 Logical Access Controls

Logical and Physical Access ControlsSOC2IMPLEMENTEDUNDER REVIEWUNDER REVIEW
1 linked
1 pending
GRC
No due date

13.1 Centralize Security Event Alerting

Network Monitoring and DefenseCISIMPLEMENTEDAPPROVEDAPPROVED
1 linked
Platform
No due date

A.5.1 Policies for Information Security

Organizational ControlsISO27001IMPLEMENTEDUNDER REVIEWUNDER REVIEW
1 linked
1 pending
IT
No due date

A.5.15 Access Control

Organizational ControlsISO27001NOT APPLICABLEAPPROVED
Missing
Platform
No due date

A.5.23 Information Security for Cloud Services

Organizational ControlsISO27001PARTIALLY IMPLEMENTEDNEEDS INFONEEDS INFOMedium
1 linked
1 pending
OPEN
1 open
Engineering
Mar 21, 2026
Due in 24d

PR.AA-01 Identity and Access Management

ProtectNISTNOT APPLICABLEAPPROVEDAPPROVED
1 linked
GRC
No due date

RC.CO-01 Recovery Communications

RecoverNISTPARTIALLY IMPLEMENTEDUNDER REVIEWUNDER REVIEWMedium
1 linked
1 pending
IN_PROGRESS
1 open
Security
Mar 17, 2026
Due in 20d

RS.RP-01 Response Plan Execution

RespondNISTIMPLEMENTEDSUBMITTEDAPPROVED
1 linked
Compliance
No due date

4.1 Establish and Maintain a Secure Configuration Process

Secure Configuration of Enterprise Assets and SoftwareCISNOT IMPLEMENTEDSUBMITTEDMedium
Missing
OPEN
1 open
GRC
Mar 1, 2026
Due in 4d

CC7.2 System Monitoring

System OperationsSOC2PARTIALLY IMPLEMENTEDUNDER REVIEWUNDER REVIEWLow
1 linked
1 pending
IN_PROGRESS
1 open
Security
Mar 5, 2026
Due in 8d

A.8.15 Logging

Technological ControlsISO27001IMPLEMENTEDUNDER REVIEWUNDER REVIEW
1 linked
1 pending
GRC
No due date

A.8.16 Monitoring Activities

Technological ControlsISO27001NOT IMPLEMENTEDDRAFTHigh
Missing
IN_PROGRESS
1 open · 1 overdue
Security
Feb 21, 2026
4d overdue

A.8.28 Secure Coding

Technological ControlsISO27001IMPLEMENTEDSUBMITTEDAPPROVED
1 linked
Compliance
No due date
This vendor workspace is designed for customer-facing audits and self-assessments. It supports framework-scoped progress tracking, evidence collection, and POA&M-style remediation queues for HIPAA, NIST CSF, SOC 2, ISO 27001, CIS Controls, and the added NIST 800-171 / 800-172 / 800-53 frameworks.