Control Testing
Continuously prove your controls actually work across SOC 2, ISO 27001 & DPDP — automated checks, attack simulations, and auditor-ready evidence.
16
Total Tests
0 currently running
11
Passing
Controls validated
3
Failing
Need remediation
50%
Automated Coverage
Of all tests
1
Scheduled This Week
2 not yet run
Result Distribution
Pass Rate by Framework
MFA enforced for all admin consoles
CC6.1
No object storage buckets are publicly readable
CC6.6
Terminated users deprovisioned within 24h
AC-2
Quarterly database restore drill succeeds
A.12.3
CloudTrail logs retained 365 days
CC7.2
BAS: simulated credential stuffing is blocked
T1078· MITRE T1078
BAS: brute-force against bastion is detected
T1110· MITRE T1110
Erasure requests fulfilled within 30 days
DPDP-7
Consent records exist for all data collection forms
DPDP-4
All PAN columns are encrypted (AES-256)
8.2.1
Security log review evidence captured daily
10.6
Production changes require 2 approvers
CC8.1
Privileged access recertified each quarter
A.9.2
BAS: ransomware canary triggers EDR response
T1486· MITRE T1486
No IAM policy grants Action "*" on Resource "*"
CC6.3
Breach notification runbook is current
DPDP-9