Monthly Report
Compliance Report — Juni 2026
Generated 03.07.2026 07:59
Executive Summary
51%
Overall Compliance
12
Critical/High Risks
3
Vendors Needing Attention
3
Active Alerts
Compliance Scores by Framework
51%
Overall
45%
DORA
30%
MaRisk
65%
ISO 27001
40%
NIS2
Risk Register Summary
2
Critical
10
High
1
Overdue
1
Completed
| Risk | Level | Owner | Status |
|---|---|---|---|
| Cloud Provider Outage — Critical Services | high | CTO / Cloud Architecture | in_progress |
| Unauthorized Data Modification in Core Banking | high | CISO / Security Operations | open |
| Third-Party Data Leakage via API | high | API Security Team | open |
| Critical ICT Service Provider Concentration | high | Third-Party Risk Management | in_progress |
| TLPT Non-Compliance (Overdue) | critical | CISO / Procurement | overdue |
| Legacy System Single Point of Failure | medium | Infrastructure Team | in_progress |
| Ransomware Attack on Critical Systems | high | Security Operations | in_progress |
| Sub-Contractor Non-Compliance Cascade | medium | Vendor Management | open |
Vendor Scorecard Overview
12
Total Vendors
3
Needs Attention
83%
Average Score
| Vendor | Category | Score | Status |
|---|---|---|---|
| CloudServe GmbH | Cloud Infrastructure |
|
active |
| DataSafe AG | Data Center / Colocation |
|
active |
| FinTech Connect B.V. | Payment Processing |
|
attention |
| SecureNet Solutions | Network Security |
|
active |
| SaaSify Inc. | SaaS / CRM |
|
attention |
| LogiTrans GmbH | Logistics / Asset Tracking |
|
active |
| TelekomSec GmbH | Telecommunications |
|
active |
| HRCloud SaaS GmbH | HR / Payroll SaaS |
|
attention |
Active Alerts (9)
Vendor findings: FinTech Connect B.V.
3 open finding(s) — overall score: 79%
Owner: Vendor Management
Vendor findings: SaaSify Inc.
2 open finding(s) — overall score: 82%
Owner: Vendor Management
Vendor findings: HRCloud SaaS GmbH
3 open finding(s) — overall score: 74%
Owner: Vendor Management
Upcoming deadline: TLPT Non-Compliance (Overdue)
26.667329594815 days remaining until 2026-07-30
Owner: CISO / Procurement
Upcoming deadline: Ransomware Attack on Critical Systems
28.667329594815 days remaining until 2026-08-01
Owner: Security Operations
Upcoming deadline: DDoS Attack on Customer-Facing Platforms
11.667329594815 days remaining until 2026-07-15
Owner: Network Security
Evidence Gap Analysis
8
Gaps (No Coverage)
12
Covered Controls
60%
Coverage Rate
Compliance Recommendations
Overdue risk treatment: TLPT Non-Compliance (Overdue)
Immediate treatment required. Escalate to CISO and schedule remediation.
Area: Risk Management · Effort: High
Low vendor score: HRCloud SaaS GmbH
Initiate performance improvement plan or consider alternative provider.
Area: Third-Party Risk · Effort: Medium
TLPT schedule review
Verify that Threat-Led Penetration Testing is scheduled within the 3-year DORA cycle.
Area: Compliance · Effort: Low
Update evidence catalog
Review and update evidence items to ensure all controls have current evidence artifacts.
Area: Documentation · Effort: Medium
Resilience Platform — Monthly Compliance Report Juni 2026
Generated 03.07.2026 07:59 · Confidential