Audit exportReport incident
DEMO
You’re viewing AuditPilot with seeded data for Cedar Creek Family Medicine. Add Clerk + Neon environment variables to enable real multi-tenant data.

Compliance overview

Good morning, Maya. Here's where the clinic stands.

A live snapshot of every control, mapped to every framework you care about.

Open controlsAudit-ready export
Compliance score
+6% / 30d
72%

18passing

3failing

4in progress

2need review

Framework coverage
HIPAA
20 / 26 reqs77%
SOC 2
19 / 26 reqs73%
HITRUST
Beta
20 / 27 reqs74%
CMMC
Roadmap
0 / 0 reqs0%

Failing controls

3

Open incidents

1

BAA attention

1

Overdue training

2

Fix queue
9

Your highest-impact moves, ranked. Knock these out and your audit timeline shortens.

Open queue
CriticalFailingAP-AC-001hipaasoc2hitrust

Multi-factor authentication enforced for all users

Enable Conditional Access in Microsoft Entra to require MFA for all users. AuditPilot can pre-fill the policy template — your IT admin just needs to approve it.

Quick fix
~13 min
Auto-detected · Microsoft 365 · just now
View control
CriticalFailingAP-VM-001hipaasoc2hitrust

BAA on file for every vendor handling PHI

Use the AuditPilot BAA tracker. Upload signed agreements, track expiration, and request renewals automatically.

Upload evidence
~30 min
View control Upload evidence
HighNeeds reviewAP-AC-002hipaasoc2hitrust

Unique user accounts (no shared logins) — needs your review

Audit your Microsoft 365 user list. Convert any shared inbox or device login into a delegated mailbox or per-user account.

Guided
~18 min
Auto-detected · Microsoft 365 · just now
View control
HighNeeds reviewAP-DP-002hipaasoc2hitrust

Quarterly backup restore test documented — needs your review

Run a restore test on a representative file set every quarter. AuditPilot generates the test record automatically.

Guided
~18 min
Auto-detected · RMM (Datto / NinjaOne / Atera) · just now
View control
HighIn progressAP-DV-003hipaasoc2hitrust

Operating system and security patches applied within 30 days — keep going

Configure Windows Update for Business or your RMM patching policy. AuditPilot tracks patch lag per device.

Guided
~18 min
View control
See 4 more items in the queue
Vendor / BAA attention
Manage

TwilioSendGrid

Email

BAA missing/expired

Apr 8, 2026

Recent incidents
Open
INC-2026-014HighResolved

Front desk laptop reported stolen from unlocked vehicle

Discovered 9 days ago

INC-2026-015MediumClosed

Phishing email targeting accounts payable

Discovered 4 days ago

INC-2026-016MediumInvestigating

Unusual sign-in attempt from unfamiliar location

Discovered yesterday

You’re 72% of the way to audit-ready.

Resolve 3 failing controlsand you’ll be cleared for a SOC 2 Type I readiness review.

Generate audit package