Zum Inhalt springen

Monthly Report

Compliance Report — Juni 2026

Generated 03.07.2026 07:59

Executive Summary

51%

Overall Compliance

12

Critical/High Risks

3

Vendors Needing Attention

3

Active Alerts

Compliance Scores by Framework

51%

Overall

45%

DORA

30%

MaRisk

65%

ISO 27001

40%

NIS2

Risk Register Summary

2

Critical

10

High

1

Overdue

1

Completed

Risk Level Owner Status
Cloud Provider Outage — Critical Services high CTO / Cloud Architecture in_progress
Unauthorized Data Modification in Core Banking high CISO / Security Operations open
Third-Party Data Leakage via API high API Security Team open
Critical ICT Service Provider Concentration high Third-Party Risk Management in_progress
TLPT Non-Compliance (Overdue) critical CISO / Procurement overdue
Legacy System Single Point of Failure medium Infrastructure Team in_progress
Ransomware Attack on Critical Systems high Security Operations in_progress
Sub-Contractor Non-Compliance Cascade medium Vendor Management open

Vendor Scorecard Overview

12

Total Vendors

3

Needs Attention

83%

Average Score

Vendor Category Score Status
CloudServe GmbH Cloud Infrastructure
83%
active
DataSafe AG Data Center / Colocation
89%
active
FinTech Connect B.V. Payment Processing
79%
attention
SecureNet Solutions Network Security
91%
active
SaaSify Inc. SaaS / CRM
82%
attention
LogiTrans GmbH Logistics / Asset Tracking
82%
active
TelekomSec GmbH Telecommunications
86%
active
HRCloud SaaS GmbH HR / Payroll SaaS
74%
attention

Active Alerts (9)

3 High 4 Medium 2 Low

Vendor findings: FinTech Connect B.V.

3 open finding(s) — overall score: 79%

Owner: Vendor Management

Vendor findings: SaaSify Inc.

2 open finding(s) — overall score: 82%

Owner: Vendor Management

Vendor findings: HRCloud SaaS GmbH

3 open finding(s) — overall score: 74%

Owner: Vendor Management

Upcoming deadline: TLPT Non-Compliance (Overdue)

26.667329594815 days remaining until 2026-07-30

Owner: CISO / Procurement

Upcoming deadline: Ransomware Attack on Critical Systems

28.667329594815 days remaining until 2026-08-01

Owner: Security Operations

Upcoming deadline: DDoS Attack on Customer-Facing Platforms

11.667329594815 days remaining until 2026-07-15

Owner: Network Security

Evidence Gap Analysis

8

Gaps (No Coverage)

12

Covered Controls

60%

Coverage Rate

Compliance Recommendations

critical

Overdue risk treatment: TLPT Non-Compliance (Overdue)

Immediate treatment required. Escalate to CISO and schedule remediation.

Area: Risk Management · Effort: High

high

Low vendor score: HRCloud SaaS GmbH

Initiate performance improvement plan or consider alternative provider.

Area: Third-Party Risk · Effort: Medium

medium

TLPT schedule review

Verify that Threat-Led Penetration Testing is scheduled within the 3-year DORA cycle.

Area: Compliance · Effort: Low

low

Update evidence catalog

Review and update evidence items to ensure all controls have current evidence artifacts.

Area: Documentation · Effort: Medium

Resilience Platform — Monthly Compliance Report Juni 2026

Generated 03.07.2026 07:59 · Confidential