Audit exportReport incident
DEMO
You’re viewing AuditPilot with seeded data for Cedar Creek Family Medicine. Add Clerk + Neon environment variables to enable real multi-tenant data.

Compliance engine

Controls

27 canonical controls mapped across 4 frameworks. Currently 72% compliant.

Status

Framework

Category

Access Control

1 of 4
FailingCriticalAP-AC-001

Multi-factor authentication enforced for all users

Every user with access to PHI or production systems must authenticate with a second factor (TOTP, push, or hardware token).

HIPAA §164.312(d)
SOC 2 CC6.1
HITRUST 01.q

Device & Endpoint Security

1 of 4
FailingCriticalAP-DV-001

Full-disk encryption on all workstations

Every laptop, desktop, and tablet that touches PHI has full-disk encryption (BitLocker on Windows, FileVault on macOS).

HIPAA §164.312(a)(2)(iv)
SOC 2 CC6.7
HITRUST 06.d

Vendor & Third-Party Management

1 of 2
FailingCriticalAP-VM-001

BAA on file for every vendor handling PHI

Every third-party that creates, receives, maintains, or transmits PHI on the clinic's behalf has a current, signed Business Associate Agreement.

HIPAA §164.308(b)(1)
SOC 2 CC9.2
HITRUST 05.k