24 Controls — SOC2 + HIPAA
Access Control
PASS
Encryption at Rest
PASS
TLS in Transit
PASS
Audit Logging
PASS
Vuln Scanning
PASS
Change Mgmt
PASS
MFA Enforced
PASS
Backup Policy
PASS
Risk Assessment
PASS
Security Training
PASS
Incident Response
PASS
BAA Agreements
PASS
Pen Testing
PASS
Data Retention
PASS
Data Residency
PASS
Config Baseline
PASS
Asset Inventory
PASS
Data Disposal
PASS
Session Timeout
WARN
Cert Renewal
WARN
Mobile MDM
WARN
Vendor Reviews
WARN
PHI Access Log
FAIL
Password Policy
FAIL
Audit Log — Recent Events
| Timestamp | Event | User / System | Control | Result |
|---|---|---|---|---|
| 2026-04-16 14:47 | PHI record accessed outside business hours | dr.smith@axiom.io | PHI Access Log | FAIL |
| 2026-04-16 13:30 | TLS cert expiry check passed | system/scanner | TLS in Transit | PASS |
| 2026-04-16 12:15 | User password does not meet complexity req | j.patel@axiom.io | Password Policy | FAIL |
| 2026-04-16 11:02 | Session timeout policy updated (8h → 4h) | admin | Session Timeout | WARN |
| 2026-04-16 10:44 | Backup integrity check completed | system/backup | Backup Policy | PASS |
| 2026-04-16 09:18 | Vendor contract review — 3 overdue | compliance-bot | Vendor Reviews | WARN |
| 2026-04-15 17:55 | MFA enrollment completed for new hire batch | it-ops | MFA Enforced | PASS |
| 2026-04-15 16:30 | Vulnerability scan — 0 critical, 2 medium | system/scanner | Vuln Scanning | INFO |