Policy rules, violations & audit tracking
| ID | Rule | Framework | Category | Severity | Pass Rate | Status | Last Checked | |
|---|---|---|---|---|---|---|---|---|
| CR-001 | Data Encryption at Rest | ISO 27001 | Security | critical | 98% | active | 2026-04-11 09:00 | |
| CR-002 | Access Log Retention | SOC 2 | Audit | high | 100% | active | 2026-04-11 09:00 | |
| CR-003 | PII Masking in Non-Prod | GDPR | Privacy | critical | 87% | active | 2026-04-10 18:00 | |
| CR-004 | MFA for Admin Access | ISO 27001 | Access | high | 100% | active | 2026-04-11 09:00 | |
| CR-005 | API Rate Limit Enforcement | SOC 2 | Availability | medium | 95% | active | 2026-04-11 08:00 | |
| CR-006 | Data Residency — India | DPDP Act | Privacy | critical | 100% | active | 2026-04-11 09:00 | |
| CR-007 | Vulnerability Scan Monthly | ISO 27001 | Security | high | 100% | active | 2026-04-01 12:00 | |
| CR-008 | Backup Verification Weekly | SOC 2 | Availability | medium | 100% | active | 2026-04-07 06:00 | |
| CR-009 | Third-Party Vendor Assessment | ISO 27001 | Risk | high | 0% | draft | — | |
| CR-010 | Incident Response SLA | SOC 2 | Incident | high | 92% | active | 2026-04-11 09:00 |