Security Objectives – Salvinta GRC Demo

All data is fictional

Information Security Objectives

ISO 27001:2022 Clause 6.2 — Current annual cycle: 2026

10

Total Objectives

3

Completed

5

On Track

2

At Risk

All Security Objectives

Objective	Category	Owner	Priority	Target Date	Progress	Status
Achieve ISO 27001:2022 Certification Successful Stage 1 & 2 audit with CB	Compliance	CISO	Critical	30 Jun 2026	88%	On Track
Reduce Critical Risk Count to Zero All critical risks brought below score 15	Risk	Mike Patel	Critical	31 Dec 2026	40%	At Risk
100% MFA Enrolment Across All Staff FIDO2/Authenticator app on all accounts	Access Control	Thomas Richards	High	28 Feb 2026	96%	On Track
Complete Annual Security Awareness Training 95% completion rate by Q1 2026	People	HR Director	High	31 Mar 2026	100%	Completed
Implement SIEM & 24/7 Alerting Datadog SIEM with on-call integration	Technology	CTO	High	30 Apr 2026	65%	On Track
Vendor Risk Assessments for Top 20 Suppliers Annual questionnaire for critical vendors	Third Party	Procurement	Medium	31 May 2026	75%	On Track
NIS 2 Incident Reporting Process in Place Documented procedure + authority contacts	Compliance	CISO	Critical	28 Feb 2026	50%	At Risk
Patch Critical CVEs within 72 Hours Formalised patching SLA in change process	Technology	Thomas Richards	High	31 Mar 2026	100%	Completed
BCP / DR Tabletop Exercise Annual simulated incident exercise	Resilience	COO	Medium	30 Sep 2026	10%	Not Started
Achieve SOC 2 Type II Report 12-month observation period, clean opinion	Compliance	Mike Patel	High	30 Sep 2026	100%	Completed