Demo ModeSample Data Only

This is a Demo Compliance Environment

No real customer data is stored here. All organizations, evidence, assessments, and control updates are seeded sample/demo data for product demonstrations.

Active demo organization: King's Healthcare, Inc. (Demo Organization)

Demo Organization Switcher

Vendor self-assessment workspace

King's FinTech, Inc. (Demo Organization)

King's FinTech, Inc. Control Validation Review

Status: IN PROGRESSCustomer: King's Compliance Advisory (Demo)Engagement: King's FinTech Trust & Security ProgramDue: Apr 11, 20262 frameworks

Control Library Evidence Center Open Audit Review

Assigned Assessments

Switch between vendor audits and framework-specific questionnaires.

test NIST80053 Audit 2026-02-25 King's FinTech, Inc. Assurance Readiness Sprint King's FinTech, Inc. Control Validation Review King's FinTech, Inc. Annual Security Compliance Audit 2026

Total Controls

2 framework scope

Applied Controls

5 fully implemented

Tasks (Open)

3 overdue POA&M items

Evidence Linked

5 awaiting customer review

High-Risk Gaps

1 needs info/rejected

Control Completion

Answered controls vs total in scope

9 / 12

75% complete

Submission Readiness

Combines completion, evidence, and open high-risk gaps

36%

36% complete

Risk Assessment Score

Higher is better (lower open-risk exposure)

69% complete

Control Status Breakdown

Implementation state distribution across this audit scope.

Controls

Implemented

33%

Partial

20%

Open

40%

Not Applicable

Request Queue Breakdown

What is blocking submission or requires follow-up.

Domain Completion

Answered controls by domain (top incomplete domains surface first).

Framework Scope

Frameworks currently included in this vendor assessment.

SOC 2

SOC2 · Trust Services Criteria

6 controls

67%

ISO/IEC 27001

ISO27001 · 2022

6 controls

83%

Domain Progress

Accordion view for control domains, completion, evidence, and top gaps.

Change Management

0 / 1 controls answered

0 implemented1 open

Implementation Coverage

Includes fully implemented controls only

Evidence Coverage

Controls with at least one linked evidence item

High Risk Gaps

Open controls marked High/Critical

Top Gaps

CC8.1 Change Management

NOT IMPLEMENTEDHigh

Communication & Information

0 / 1 controls answered

0 implemented1 open

Implementation Coverage

Includes fully implemented controls only

Evidence Coverage

Controls with at least one linked evidence item

High Risk Gaps

Open controls marked High/Critical

Top Gaps

CC2.1 Board Oversight

NOT IMPLEMENTEDHigh

Technological Controls

2 / 3 controls answered

67%

2 implemented1 open

Implementation Coverage

67%

Includes fully implemented controls only

Evidence Coverage

67%

Controls with at least one linked evidence item

High Risk Gaps

Open controls marked High/Critical

Top Gaps

A.8.16 Monitoring Activities

NOT IMPLEMENTEDHigh

Availability

1 / 1 controls answered

100%

0 implemented0 open

Implementation Coverage

Includes fully implemented controls only

Evidence Coverage

100%

Controls with at least one linked evidence item

High Risk Gaps

Open controls marked High/Critical

Top Gaps

A1.2 Availability Commitments

PARTIALLY IMPLEMENTEDHigh

Control Environment

1 / 1 controls answered

100%

1 implemented0 open

Implementation Coverage

100%

Includes fully implemented controls only

Evidence Coverage

100%

Controls with at least one linked evidence item

High Risk Gaps

Open controls marked High/Critical

Top Gaps

No open gaps in this domain.

Logical and Physical Access Controls

1 / 1 controls answered

100%

1 implemented0 open

Implementation Coverage

100%

Includes fully implemented controls only

Evidence Coverage

100%

Controls with at least one linked evidence item

High Risk Gaps

Open controls marked High/Critical

Top Gaps

No open gaps in this domain.

Organizational Controls

3 / 3 controls answered

100%

1 implemented0 open

Implementation Coverage

33%

Includes fully implemented controls only

Evidence Coverage

67%

Controls with at least one linked evidence item

High Risk Gaps

Open controls marked High/Critical

Top Gaps

A.5.23 Information Security for Cloud Services

PARTIALLY IMPLEMENTEDMedium

System Operations

1 / 1 controls answered

100%

0 implemented0 open

Implementation Coverage

Includes fully implemented controls only

Evidence Coverage

100%

Controls with at least one linked evidence item

High Risk Gaps

Open controls marked High/Critical

Top Gaps

CC7.2 System Monitoring

PARTIALLY IMPLEMENTEDLow

Customer Requests / POA&M

Controls needing remediation action, evidence, or reviewer follow-up.

A1.2 Availability Commitments

High

PARTIALLY IMPLEMENTEDUNDER REVIEWUNDER REVIEWIN PROGRESS1 evidence1 pending review1 POA&M openSecurity4d overdue

A.8.16 Monitoring Activities

High

NOT IMPLEMENTEDDRAFTBLOCKEDevidence needed1 POA&M openEngineeringDue today

CC2.1 Board Oversight

High

NOT IMPLEMENTEDDRAFTOPENevidence needed1 POA&M openITDue in 4d

CC8.1 Change Management

High

NOT IMPLEMENTEDSUBMITTEDOPENevidence needed1 POA&M openGRCDue in 16d

A.5.23 Information Security for Cloud Services

Medium

PARTIALLY IMPLEMENTEDSUBMITTEDSUBMITTEDOPEN1 evidence1 pending review1 POA&M openIT8d overdue

CC7.2 System Monitoring

Low

PARTIALLY IMPLEMENTEDNEEDS INFONEEDS INFOOPEN1 evidence1 pending review1 POA&M openEngineeringDue in 12d

A.5.15 Access Control

—

NOT APPLICABLEAPPROVEDevidence neededComplianceNo due date

Control Workbench

Vendor-ready questionnaire table for implementation status, risk, owners, and evidence.

Control	Domain	Framework	Status	Customer Review	Evidence Review	Risk	Evidence	POA&M	Owner	Due
A1.2 Availability Commitments	Availability	SOC2	PARTIALLY IMPLEMENTED	UNDER REVIEW	UNDER REVIEW	High	1 linked 1 pending	IN_PROGRESS 1 open · 1 overdue	Security	Feb 21, 2026 4d overdue
CC8.1 Change Management	Change Management	SOC2	NOT IMPLEMENTED	SUBMITTED	—	High	Missing	OPEN 1 open	GRC	Mar 13, 2026 Due in 16d
CC2.1 Board Oversight	Communication & Information	SOC2	NOT IMPLEMENTED	DRAFT	—	High	Missing	OPEN 1 open	IT	Mar 1, 2026 Due in 4d
CC1.1 Integrity and Ethical Values	Control Environment	SOC2	IMPLEMENTED	SUBMITTED	APPROVED	—	1 linked	—	Compliance	— No due date
CC6.1 Logical Access Controls	Logical and Physical Access Controls	SOC2	IMPLEMENTED	APPROVED	APPROVED	—	1 linked	—	Platform	— No due date
A.5.1 Policies for Information Security	Organizational Controls	ISO27001	IMPLEMENTED	APPROVED	APPROVED	—	1 linked	—	Security	— No due date
A.5.15 Access Control	Organizational Controls	ISO27001	NOT APPLICABLE	APPROVED	—	—	Missing	—	Compliance	— No due date
A.5.23 Information Security for Cloud Services	Organizational Controls	ISO27001	PARTIALLY IMPLEMENTED	SUBMITTED	SUBMITTED	Medium	1 linked 1 pending	OPEN 1 open · 1 overdue	IT	Feb 17, 2026 8d overdue
CC7.2 System Monitoring	System Operations	SOC2	PARTIALLY IMPLEMENTED	NEEDS INFO	NEEDS INFO	Low	1 linked 1 pending	OPEN 1 open	Engineering	Mar 9, 2026 Due in 12d
A.8.15 Logging	Technological Controls	ISO27001	IMPLEMENTED	APPROVED	APPROVED	—	1 linked	—	Platform	— No due date
A.8.16 Monitoring Activities	Technological Controls	ISO27001	NOT IMPLEMENTED	DRAFT	—	High	Missing	BLOCKED 1 open · 1 overdue	Engineering	Feb 25, 2026 Due today
A.8.28 Secure Coding	Technological Controls	ISO27001	IMPLEMENTED	UNDER REVIEW	UNDER REVIEW	—	1 linked 1 pending	—	GRC	— No due date

This vendor workspace is designed for customer-facing audits and self-assessments. It supports framework-scoped progress tracking, evidence collection, and POA&M-style remediation queues for HIPAA, NIST CSF, SOC 2, ISO 27001, CIS Controls, and the added NIST 800-171 / 800-172 / 800-53 frameworks.