Nonconformities, audit findings, and observations
| ID | Title | Type | Severity | Source | Owner | Due | Status |
|---|---|---|---|---|---|---|---|
| ISS-018 | MFA not enforced on 3 admin accounts | Nonconformity | Major | Internal Audit | Mike Patel | 28 Feb 2026 | Open |
| ISS-017 | Remote working risk assessment overdue | Observation | Minor | Self Assessment | Jane Cooper | 15 Feb 2026 | In Progress |
| ISS-016 | Supplier security review 2024 not completed | Nonconformity | Major | External Audit | Rachel Wong | 10 Feb 2026 | Open |
| ISS-015 | Patch cadence SLA missed on 4 servers | Observation | Minor | Vulnerability Scan | Mike Patel | 20 Feb 2026 | In Progress |
| ISS-014 | DSAR response time exceeded (×2) | Nonconformity | Minor | DPO Review | Sarah Chen | 28 Feb 2026 | In Progress |
| ISS-013 | Stale accounts not terminated after 90 days | Nonconformity | Major | Internal Audit | IT Ops | — | Closed |
| ISS-012 | Encryption-at-rest not documented for S3 | Opportunity | Info | Architecture Review | Ana Ramirez | — | Closed |