Generated 14 Feb 2026 — AcmeCorp ISMS
X axis = Likelihood (1–5), Y axis = Impact (1–5)
| Control | Title | Framework | Gap Type | Priority | Assigned To | Target Date |
|---|---|---|---|---|---|---|
| A.7.4 | Physical security monitoring | ISO 27001 | Not Implemented | Critical | Facilities | 30 Mar 2026 |
| CC6.7 | Encrypted data in transit for B2B | SOC 2 | Partial | High | CTO | 15 Apr 2026 |
| C5-OPS-08 | Capacity management process | BSI C5 | Not Implemented | High | IT Ops | 20 Apr 2026 |
| NIS2 Art.21 | Incident reporting to authority | NIS 2 | Not Started | Critical | CISO | 01 Mar 2026 |
| A.8.16 | Monitoring and anomaly detection | ISO 27001 | Partial | High | IT Ops | 30 Apr 2026 |
| Domain | Controls | Avg Effectiveness | Trend | Status |
|---|---|---|---|---|
| A.5 Organisational | 37 | 92% | +3% | Excellent |
| A.6 People | 8 | 84% | +5% | Good |
| A.7 Physical | 14 | 71% | 0% | Moderate |
| A.8 Technological | 34 | 89% | +2% | Good |