Audit exportReport incident
DEMO
You’re viewing AuditPilot with seeded data for Cedar Creek Family Medicine. Add Clerk + Neon environment variables to enable real multi-tenant data.

Fix queue

Your next moves, ranked.

The shortest path from where you are today to audit-ready. We re-rank automatically every time something changes.

Browse all controls Audit-ready export
Compliance score
78%

18passing

2failing

27controls in scope

Queue summary

Open items

9

Snoozed

0

Est. total effort

2h 29m

Everything open

Showing 9 items, ranked by impact on your audit.

Hide snoozed
CriticalFailingAP-AC-001hipaasoc2hitrust

Multi-factor authentication enforced for all users

Enable Conditional Access in Microsoft Entra to require MFA for all users. AuditPilot can pre-fill the policy template — your IT admin just needs to approve it.

Quick fix
~13 min
Auto-detected · Microsoft 365 · 53m ago
View control
CriticalFailingAP-VM-001hipaasoc2hitrust

BAA on file for every vendor handling PHI

Use the AuditPilot BAA tracker. Upload signed agreements, track expiration, and request renewals automatically.

Upload evidence
~30 min
View control Upload evidence
HighNeeds reviewAP-AC-002hipaasoc2hitrust

Unique user accounts (no shared logins) — needs your review

Audit your Microsoft 365 user list. Convert any shared inbox or device login into a delegated mailbox or per-user account.

Guided
~18 min
Auto-detected · Microsoft 365 · 53m ago
View control
HighNeeds reviewAP-DP-002hipaasoc2hitrust

Quarterly backup restore test documented — needs your review

Run a restore test on a representative file set every quarter. AuditPilot generates the test record automatically.

Guided
~18 min
Auto-detected · RMM (Datto / NinjaOne / Atera) · 53m ago
View control
HighIn progressAP-DV-003hipaasoc2hitrust

Operating system and security patches applied within 30 days — keep going

Configure Windows Update for Business or your RMM patching policy. AuditPilot tracks patch lag per device.

Guided
~18 min
View control
MediumNeeds reviewAP-TR-002soc2hitrust

Quarterly phishing simulation — needs your review

Run a quarterly campaign through KnowBe4, Hoxhunt, or Microsoft Attack Simulator.

Upload evidence
~14 min
View control Upload evidence
MediumIn progressAP-AC-003hipaasoc2hitrust

Access reviewed quarterly — keep going

Use AuditPilot's quarterly access review template. Export the list, walk through it with the office manager, and check off who still needs access.

Guided
~12 min
View control
MediumIn progressAP-NS-002hipaasoc2hitrust

Guest Wi-Fi isolated from clinical network — keep going

Configure a separate VLAN on the firewall with internet-only access. Test from a guest device.

Guided
~12 min
View control
MediumIn progressAP-IR-002hipaasoc2hitrust

Annual incident response tabletop exercise — keep going

Run a 60-minute tabletop using AuditPilot's scenario library. Document attendees and lessons learned.

Upload evidence
~14 min
View control Upload evidence

Every fix here ticks your audit timeline closer.

Resolving an item updates all mapped frameworks at once. No duplicate work — that’s the whole point.

Generate audit package