← Get Audit Ready
<aside>
🧭
Choose a work stream to start. Each stream has a clear owner and a short list of evidence tasks.
</aside>
<aside>
👥
People & HR
Focus: HR, employees
- Who should do this: Founders or HR/Ops leads
- Key tasks: Employee descriptions, employee verification
Open People & HR
</aside>
<aside>
🏢
Physical Security
Focus: On-site safety and environmental controls
- Who should do this: Office Manager or Operations Lead
- Key tasks: Office access and door monitoring, building and workplace rules, secure storage, visitor control
Open Physical Security
</aside>
<aside>
🔐
Access Control (IAM)
Focus: Identity and access management
- Who should do this: IT Manager or Security Lead
- Key tasks: 2FA, access review log, employee access
Open Access Control (IAM)
</aside>
<aside>
☁️
Cloud Infrastructure & Operations
Focus: Systems reliability, data integrity, and network defence
- Who should do this: CTO or Lead Engineer
- Key tasks: Monitoring and alerting, production firewall and no-public-access controls, planning, backup restoration test, app availability, encryption at rest
Open Cloud Infrastructure & Operations
</aside>
<aside>
🛡️
Engineering & App Security
Focus: Secure development lifecycle and application-layer defence
- Who should do this: Development Lead
- Key tasks: Sanitized inputs, secure code, secure secrets, TLS and HTTPS
Open Engineering & App Security
</aside>
<aside>
💻
Device Management
Focus: Endpoint security and hardware tracking
- Who should do this: IT Administrator
- Key tasks: Secure devices, device list
Open Device Management
</aside>