Demo ModeSample Data Only

This is a Demo Compliance Environment

No real customer data is stored here. All organizations, evidence, assessments, and control updates are seeded sample/demo data for product demonstrations.

Active demo organization: King's Healthcare, Inc. (Demo Organization)

Demo Organization Switcher

Vendor self-assessment workspace

King's FinTech, Inc. (Demo Organization)

King's FinTech, Inc. Assurance Readiness Sprint

Status: COMPLETECustomer: King's Compliance Advisory (Demo)Engagement: King's FinTech Trust & Security ProgramDue: Feb 20, 20262 frameworks

Control Library Evidence Center Open Audit Review

Assigned Assessments

Switch between vendor audits and framework-specific questionnaires.

test NIST80053 Audit 2026-02-25 King's FinTech, Inc. Assurance Readiness Sprint King's FinTech, Inc. Control Validation Review King's FinTech, Inc. Annual Security Compliance Audit 2026

Total Controls

2 framework scope

Applied Controls

8 fully implemented

Tasks (Open)

1 overdue POA&M items

Evidence Linked

0 awaiting customer review

High-Risk Gaps

0 needs info/rejected

Control Completion

Answered controls vs total in scope

12 / 12

100% complete

Submission Readiness

Combines completion, evidence, and open high-risk gaps

83%

83% complete

Risk Assessment Score

Higher is better (lower open-risk exposure)

90% complete

Control Status Breakdown

Implementation state distribution across this audit scope.

Controls

Implemented

57%

Partial

14%

Open

14%

Not Applicable

14%

Request Queue Breakdown

What is blocking submission or requires follow-up.

Domain Completion

Answered controls by domain (top incomplete domains surface first).

Framework Scope

Frameworks currently included in this vendor assessment.

SOC 2

SOC2 · Trust Services Criteria

6 controls

100%

ISO/IEC 27001

ISO27001 · 2022

6 controls

100%

Domain Progress

Accordion view for control domains, completion, evidence, and top gaps.

Availability

1 / 1 controls answered

100%

0 implemented0 open

Implementation Coverage

Includes fully implemented controls only

Evidence Coverage

100%

Controls with at least one linked evidence item

High Risk Gaps

Open controls marked High/Critical

Top Gaps

A1.2 Availability Commitments

PARTIALLY IMPLEMENTEDHigh

Change Management

1 / 1 controls answered

100%

1 implemented0 open

Implementation Coverage

100%

Includes fully implemented controls only

Evidence Coverage

100%

Controls with at least one linked evidence item

High Risk Gaps

Open controls marked High/Critical

Top Gaps

No open gaps in this domain.

Communication & Information

1 / 1 controls answered

100%

0 implemented0 open

Implementation Coverage

Includes fully implemented controls only

Evidence Coverage

Controls with at least one linked evidence item

High Risk Gaps

Open controls marked High/Critical

Top Gaps

No open gaps in this domain.

Control Environment

1 / 1 controls answered

100%

1 implemented0 open

Implementation Coverage

100%

Includes fully implemented controls only

Evidence Coverage

100%

Controls with at least one linked evidence item

High Risk Gaps

Open controls marked High/Critical

Top Gaps

No open gaps in this domain.

Logical and Physical Access Controls

1 / 1 controls answered

100%

1 implemented0 open

Implementation Coverage

100%

Includes fully implemented controls only

Evidence Coverage

100%

Controls with at least one linked evidence item

High Risk Gaps

Open controls marked High/Critical

Top Gaps

No open gaps in this domain.

Organizational Controls

3 / 3 controls answered

100%

1 implemented0 open

Implementation Coverage

33%

Includes fully implemented controls only

Evidence Coverage

67%

Controls with at least one linked evidence item

High Risk Gaps

Open controls marked High/Critical

Top Gaps

A.5.1 Policies for Information Security

PARTIALLY IMPLEMENTEDMedium

System Operations

1 / 1 controls answered

100%

1 implemented0 open

Implementation Coverage

100%

Includes fully implemented controls only

Evidence Coverage

100%

Controls with at least one linked evidence item

High Risk Gaps

Open controls marked High/Critical

Top Gaps

No open gaps in this domain.

Technological Controls

3 / 3 controls answered

100%

3 implemented0 open

Implementation Coverage

100%

Includes fully implemented controls only

Evidence Coverage

100%

Controls with at least one linked evidence item

High Risk Gaps

Open controls marked High/Critical

Top Gaps

No open gaps in this domain.

Customer Requests / POA&M

Controls needing remediation action, evidence, or reviewer follow-up.

A1.2 Availability Commitments

High

PARTIALLY IMPLEMENTEDAPPROVEDAPPROVEDBLOCKED1 evidence1 POA&M openEngineeringDue today

A.5.1 Policies for Information Security

Medium

PARTIALLY IMPLEMENTEDAPPROVEDAPPROVEDBLOCKED1 evidence1 POA&M openEngineeringDue in 24d

A.5.23 Information Security for Cloud Services

Low

NOT APPLICABLEAPPROVEDevidence neededSecurityNo due date

CC2.1 Board Oversight

—

NOT APPLICABLEAPPROVEDevidence neededSecurityNo due date

Control Workbench

Vendor-ready questionnaire table for implementation status, risk, owners, and evidence.

Control	Domain	Framework	Status	Customer Review	Evidence Review	Risk	Evidence	POA&M	Owner	Due
A1.2 Availability Commitments	Availability	SOC2	PARTIALLY IMPLEMENTED	APPROVED	APPROVED	High	1 linked	BLOCKED 1 open · 1 overdue	Engineering	Feb 25, 2026 Due today
CC8.1 Change Management	Change Management	SOC2	IMPLEMENTED	APPROVED	APPROVED	—	1 linked	—	Platform	— No due date
CC2.1 Board Oversight	Communication & Information	SOC2	NOT APPLICABLE	APPROVED	—	—	Missing	—	Security	— No due date
CC1.1 Integrity and Ethical Values	Control Environment	SOC2	IMPLEMENTED	APPROVED	APPROVED	—	1 linked	—	GRC	— No due date
CC6.1 Logical Access Controls	Logical and Physical Access Controls	SOC2	IMPLEMENTED	APPROVED	APPROVED	—	1 linked	—	Compliance	— No due date
A.5.1 Policies for Information Security	Organizational Controls	ISO27001	PARTIALLY IMPLEMENTED	APPROVED	APPROVED	Medium	1 linked	BLOCKED 1 open	Engineering	Mar 21, 2026 Due in 24d
A.5.15 Access Control	Organizational Controls	ISO27001	IMPLEMENTED	APPROVED	APPROVED	—	1 linked	—	GRC	— No due date
A.5.23 Information Security for Cloud Services	Organizational Controls	ISO27001	NOT APPLICABLE	APPROVED	—	Low	Missing	—	Security	— No due date
CC7.2 System Monitoring	System Operations	SOC2	IMPLEMENTED	APPROVED	APPROVED	Low	1 linked	—	IT	— No due date
A.8.15 Logging	Technological Controls	ISO27001	IMPLEMENTED	APPROVED	APPROVED	—	1 linked	—	Compliance	— No due date
A.8.16 Monitoring Activities	Technological Controls	ISO27001	IMPLEMENTED	APPROVED	APPROVED	—	1 linked	—	IT	— No due date
A.8.28 Secure Coding	Technological Controls	ISO27001	IMPLEMENTED	APPROVED	APPROVED	—	1 linked	—	Platform	— No due date

This vendor workspace is designed for customer-facing audits and self-assessments. It supports framework-scoped progress tracking, evidence collection, and POA&M-style remediation queues for HIPAA, NIST CSF, SOC 2, ISO 27001, CIS Controls, and the added NIST 800-171 / 800-172 / 800-53 frameworks.