⚠️ JavaScript Required

Hey, you NEED JavaScript for this application to work properly.

RiskTape is a modern web application that requires JavaScript to deliver secure, real-time compliance management features. Please enable JavaScript in your browser settings and reload the page.

‹ Back to Diagnose

Compliance / detail

ACME Corp

SOC 2 Type II

No report, no enterprise deal.

Maturity score

77 B

Controls implemented

52/ 64

Open gaps

4

Last assessed

3 days ago

Trust criteria

4

Security (CC) CC1–CC9

84

38/45

On track

Availability A1

88

6/7

On track

Confidentiality C1

80

4/5

On track

Processing integrity PI1

62

4/7

At risk

Control status

64controls

Implemented 52

In progress 8

Not started 4

Recent activity

CC6.2

Quarterly access reviews

Overdue — finding f-access

1d

CC7.2

Continuous monitoring in place

Implemented

9d

Open gaps affecting this framework

Quarterly access reviews are 9 months overdue

Stale access is the finding that fails a SOC 2 audit and undermines every other attestation you sign.

Open →critical

Public S3 bucket exposes PII

A billing export bucket is world-readable and holds customer PII — a GDPR-reportable exposure.

EDR missing on 12 endpoints

Twelve unmanaged endpoints with no detection coverage — blind spots for detect + monitoring.

Dormant privileged account active

A privileged service account idle 207 days still holds directory rights — a lateral-movement path.