displayName
Security Audit
description
Annual comprehensive review of the organisation's security posture, policies, controls,
and compliance against applicable frameworks (e.g. SOC 2, ISO 27001, NIST CSF). An
internal or external audit team assesses controls across identity management, network
security, data protection, incident response, and physical security. Gaps are documented
in an audit report with risk ratings and recommended remediations. Engineering and
security teams develop a remediation roadmap prioritised by risk. Progress is tracked
quarterly, and evidence of completed remediations is collected for the next audit cycle.
The workflow provides leadership and customers with assurance of security maturity.
workflowKind
security
triggerType
scheduled
typicalCadence
annual
complexity
complex