{ "schema_version": "1", "assessor_export_profile": "ctm-assessor-intake-v1", "framework_code": "CTM", "framework_edition": "Cyber Trust mark self-assessment checklist v202504 · CSA-CTM-self-assessment-v202504", "crosswalk_version": "ctm-ss712-2025-placeholder.v1", "tenant_id": "tnt_demo", "tenant_name": "Meridian Pay (synthetic demo)", "generated_at": "2026-06-04T00:00:00Z", "target_tier": "promoter", "source_workbook": { "filename": "cyber-trust-self-assessment-v202504.xlsx", "sha256": "d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c" }, "certification_body_intake_assumptions": [ "CyberG7 provides a pre-audit readiness pack. Certification and pass/fail decisions remain with the appointed certification body or assessor.", "Evidence freshness, parser confidence, and review decisions are evaluated at export time and must be rechecked if the assessment window changes.", "Workbook provenance points back to the pinned CSA Cyber Trust mark self-assessment checklist catalog used to create the evidence task.", "Parser output is deterministic evidence triage metadata. It does not replace assessor sampling, interviews, or professional judgment.", "Controls marked partial or missing should not be represented as certification-ready until fresh evidence is accepted by a human reviewer." ], "scoring_model": "weighted_v1_met_1_partial_0_5_missing_0", "readiness_percent": 8, "controls_ready": 5, "controls_partial": 2, "controls_missing": 68, "controls_total": 75, "controls": [ { "code": "B.1.3", "domain": "B.1 Governance", "title": "Understanding the importance of cybersecurity", "state": "ready", "is_ready": true, "score_status": "met", "score_weight": 1, "owner": "sara.koh@meridianpay.example", "due_at": null, "blockers": [], "evidence": [ { "source": "manual", "source_ref": "manual://csa/governance-communication-pack-2026", "collected_at": "2026-05-20T00:00:00Z", "expires_at": "2027-05-20T00:00:00Z", "fresh": true, "signature_ref": null, "artifacts": [], "reviews": [], "freshness": { "status": "fresh", "evaluated_at": "2026-06-04T00:00:00Z", "age_days": 15, "days_until_expiry": 350, "note": "Fresh at export time; expires in 350 day(s)." }, "parser_summary": { "artifact_count": 0, "parsed_count": 0, "highest_confidence": null, "parser_hints": [], "has_extracted_fields": false }, "review_summary": { "review_count": 0, "accepted_count": 0, "needs_rework_count": 0, "latest_decision": null, "latest_quality": null, "requires_human_review": true } } ], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 7, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "manual_task", "collection_mode": "manual_upload", "parser_hint": "policy_or_governance_document", "automation_hint": "manual_upload:policy_or_governance_document", "connector_candidates": [ "evidence_os" ] }, "evidence_summary": { "evidence_count": 1, "fresh_count": 1, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "Fresh evidence exists at export time." }, "assessor_notes": [ "Pre-audit ready: control has fresh evidence and has been marked ready.", "Workbook trace: CS Preparedness Questionnaire row 7 (v202504).", "Evidence is collected but still needs an accepted human review decision." ] }, { "code": "B.10.1", "domain": "B.10 Backups", "title": "Cybersecurity measures in Cyber Essentials", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 102, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "soc_evidence", "collection_mode": "soc_pack", "parser_hint": "backup_restore_report", "automation_hint": "soc_pack:backup_restore_report", "connector_candidates": [ "vulnerability_scanner", "soc", "backup_platform" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 102 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.10.2", "domain": "B.10 Backups", "title": "Cybersecurity measures in Cyber Essentials", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 103, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "soc_evidence", "collection_mode": "soc_pack", "parser_hint": "backup_restore_report", "automation_hint": "soc_pack:backup_restore_report", "connector_candidates": [ "vulnerability_scanner", "soc", "backup_platform" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 103 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.10.3", "domain": "B.10 Backups", "title": "Using automated backup", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 104, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "soc_evidence", "collection_mode": "soc_pack", "parser_hint": "backup_restore_report", "automation_hint": "soc_pack:backup_restore_report", "connector_candidates": [ "vulnerability_scanner", "soc", "backup_platform" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 104 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.10.4", "domain": "B.10 Backups", "title": "Establishing backup plans", "state": "ready", "is_ready": true, "score_status": "met", "score_weight": 1, "owner": "mei.lim@meridianpay.example", "due_at": null, "blockers": [], "evidence": [ { "source": "soc", "source_ref": "soc://backup-platform/plan-and-retention-2026-q2", "collected_at": "2026-05-28T00:00:00Z", "expires_at": "2026-08-28T00:00:00Z", "fresh": true, "signature_ref": null, "artifacts": [], "reviews": [], "freshness": { "status": "fresh", "evaluated_at": "2026-06-04T00:00:00Z", "age_days": 7, "days_until_expiry": 85, "note": "Fresh at export time; expires in 85 day(s)." }, "parser_summary": { "artifact_count": 0, "parsed_count": 0, "highest_confidence": null, "parser_hints": [], "has_extracted_fields": false }, "review_summary": { "review_count": 0, "accepted_count": 0, "needs_rework_count": 0, "latest_decision": null, "latest_quality": null, "requires_human_review": true } } ], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 105, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "soc_evidence", "collection_mode": "soc_pack", "parser_hint": "backup_restore_report", "automation_hint": "soc_pack:backup_restore_report", "connector_candidates": [ "vulnerability_scanner", "soc", "backup_platform" ] }, "evidence_summary": { "evidence_count": 1, "fresh_count": 1, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "Fresh evidence exists at export time." }, "assessor_notes": [ "Pre-audit ready: control has fresh evidence and has been marked ready.", "Workbook trace: CS Preparedness Questionnaire row 105 (v202504).", "Evidence is collected but still needs an accepted human review decision." ] }, { "code": "B.10.5", "domain": "B.10 Backups", "title": "Use of technologh solutions for data backup and recovery", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 106, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "soc_evidence", "collection_mode": "soc_pack", "parser_hint": "backup_restore_report", "automation_hint": "soc_pack:backup_restore_report", "connector_candidates": [ "vulnerability_scanner", "soc", "backup_platform" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 106 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.11.3", "domain": "B.11 Bring Your Own Device (BYOD)", "title": "Policies and procedures on BYOD", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 115, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "manual_task", "collection_mode": "manual_upload", "parser_hint": "policy_or_governance_document", "automation_hint": "manual_upload:policy_or_governance_document", "connector_candidates": [ "evidence_os" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 115 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.12.1", "domain": "B.12 System security", "title": "Cybersecurity measures in Cyber Essentials", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 120, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "connector_check", "collection_mode": "connector", "parser_hint": "scanner_report", "automation_hint": "connector:scanner_report", "connector_candidates": [ "asset_inventory", "vulnerability_scanner" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 120 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.12.2", "domain": "B.12 System security", "title": "Cybersecurity measures in Cyber Essentials", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 121, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "connector_check", "collection_mode": "connector", "parser_hint": "scanner_report", "automation_hint": "connector:scanner_report", "connector_candidates": [ "asset_inventory", "vulnerability_scanner" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 121 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.12.3", "domain": "B.12 System security", "title": "Performing monitoring on updates and patches", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 122, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "soc_evidence", "collection_mode": "soc_pack", "parser_hint": "soc_case_or_alert", "automation_hint": "soc_pack:soc_case_or_alert", "connector_candidates": [ "asset_inventory", "vulnerability_scanner", "soc" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 122 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.12.4", "domain": "B.12 System security", "title": "Implementing process for the application of secure configuration", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 123, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "connector_check", "collection_mode": "connector", "parser_hint": "configuration_export", "automation_hint": "connector:configuration_export", "connector_candidates": [ "vulnerability_scanner", "network_or_cloud" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 123 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.12.5", "domain": "B.12 System security", "title": "Implementing log management process", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 124, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "soc_evidence", "collection_mode": "soc_pack", "parser_hint": "soc_case_or_alert", "automation_hint": "soc_pack:soc_case_or_alert", "connector_candidates": [ "vulnerability_scanner", "soc" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 124 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.12.6", "domain": "B.12 System security", "title": "Implementing patch management process", "state": "ready", "is_ready": true, "score_status": "met", "score_weight": 1, "owner": "arjun.rao@meridianpay.example", "due_at": null, "blockers": [], "evidence": [ { "source": "connector", "source_ref": "connector://vulnerability-scanner/patch-sla-2026-q2", "collected_at": "2026-05-27T00:00:00Z", "expires_at": "2026-08-27T00:00:00Z", "fresh": true, "signature_ref": null, "artifacts": [], "reviews": [], "freshness": { "status": "fresh", "evaluated_at": "2026-06-04T00:00:00Z", "age_days": 8, "days_until_expiry": 84, "note": "Fresh at export time; expires in 84 day(s)." }, "parser_summary": { "artifact_count": 0, "parsed_count": 0, "highest_confidence": null, "parser_hints": [], "has_extracted_fields": false }, "review_summary": { "review_count": 0, "accepted_count": 0, "needs_rework_count": 0, "latest_decision": null, "latest_quality": null, "requires_human_review": true } } ], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 125, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "connector_check", "collection_mode": "connector", "parser_hint": "scanner_report", "automation_hint": "connector:scanner_report", "connector_candidates": [ "asset_inventory", "vulnerability_scanner" ] }, "evidence_summary": { "evidence_count": 1, "fresh_count": 1, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "Fresh evidence exists at export time." }, "assessor_notes": [ "Pre-audit ready: control has fresh evidence and has been marked ready.", "Workbook trace: CS Preparedness Questionnaire row 125 (v202504).", "Evidence is collected but still needs an accepted human review decision." ] }, { "code": "B.13.1", "domain": "B.13 Anti-virus/Anti-malware", "title": "Cybersecurity measures in Cyber Essentials", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 134, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "soc_evidence", "collection_mode": "soc_pack", "parser_hint": "soc_case_or_alert", "automation_hint": "soc_pack:soc_case_or_alert", "connector_candidates": [ "asset_inventory", "vulnerability_scanner", "endpoint_security", "soc" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 134 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.13.2", "domain": "B.13 Anti-virus/Anti-malware", "title": "Cybersecurity measures in Cyber Essentials", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 135, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "soc_evidence", "collection_mode": "soc_pack", "parser_hint": "soc_case_or_alert", "automation_hint": "soc_pack:soc_case_or_alert", "connector_candidates": [ "asset_inventory", "vulnerability_scanner", "endpoint_security", "soc" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 135 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.13.3", "domain": "B.13 Anti-virus/Anti-malware", "title": "Selection of anti-virus and/or anti-malware solution", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 136, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "soc_evidence", "collection_mode": "soc_pack", "parser_hint": "soc_case_or_alert", "automation_hint": "soc_pack:soc_case_or_alert", "connector_candidates": [ "vulnerability_scanner", "endpoint_security", "soc" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 136 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.13.4", "domain": "B.13 Anti-virus/Anti-malware", "title": "Implementing web filtering", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 137, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "soc_evidence", "collection_mode": "soc_pack", "parser_hint": "soc_case_or_alert", "automation_hint": "soc_pack:soc_case_or_alert", "connector_candidates": [ "vulnerability_scanner", "endpoint_security", "soc" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 137 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.13.5", "domain": "B.13 Anti-virus/Anti-malware", "title": "Virus and/or malware isolation", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 138, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "soc_evidence", "collection_mode": "soc_pack", "parser_hint": "soc_case_or_alert", "automation_hint": "soc_pack:soc_case_or_alert", "connector_candidates": [ "vulnerability_scanner", "endpoint_security", "soc" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 138 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.13.6", "domain": "B.13 Anti-virus/Anti-malware", "title": "Isolation of codes or applications", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 139, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "soc_evidence", "collection_mode": "soc_pack", "parser_hint": "soc_case_or_alert", "automation_hint": "soc_pack:soc_case_or_alert", "connector_candidates": [ "vulnerability_scanner", "endpoint_security", "soc" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 139 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.14.3", "domain": "B.14 Secure Software Development Life Cycle (SDLC)", "title": "Establishing secure SDLC guidelines and requirements", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 147, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "connector_check", "collection_mode": "connector", "parser_hint": "scanner_report", "automation_hint": "connector:scanner_report", "connector_candidates": [ "asset_inventory", "vulnerability_scanner", "source_code" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 147 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.15.1", "domain": "B.15 Access control", "title": "Cybersecurity measures in Cyber Essentials", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 152, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "connector_check", "collection_mode": "connector", "parser_hint": "asset_inventory_export", "automation_hint": "connector:asset_inventory_export", "connector_candidates": [ "identity", "asset_inventory" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 152 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.15.2", "domain": "B.15 Access control", "title": "Cybersecurity measures in Cyber Essentials", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 153, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "connector_check", "collection_mode": "connector", "parser_hint": "asset_inventory_export", "automation_hint": "connector:asset_inventory_export", "connector_candidates": [ "identity", "asset_inventory" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 153 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.15.3", "domain": "B.15 Access control", "title": "Role matrix review", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 154, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "connector_check", "collection_mode": "connector", "parser_hint": "iam_policy_export", "automation_hint": "connector:iam_policy_export", "connector_candidates": [ "identity" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 154 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.15.4", "domain": "B.15 Access control", "title": "Account access and role matrix review follow-up process", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 155, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "connector_check", "collection_mode": "connector", "parser_hint": "iam_policy_export", "automation_hint": "connector:iam_policy_export", "connector_candidates": [ "identity" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 155 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.15.5", "domain": "B.15 Access control", "title": "Principles of least privilege and segregation of duties", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 156, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "connector_check", "collection_mode": "connector", "parser_hint": "iam_policy_export", "automation_hint": "connector:iam_policy_export", "connector_candidates": [ "identity" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 156 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.15.6", "domain": "B.15 Access control", "title": "Secure logon policy and procedure", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 157, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "connector_check", "collection_mode": "connector", "parser_hint": "iam_policy_export", "automation_hint": "connector:iam_policy_export", "connector_candidates": [ "identity" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 157 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.17.3", "domain": "B.17 Third-party risk and oversight", "title": "Service level Agreement", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 178, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "manual_task", "collection_mode": "manual_upload", "parser_hint": "risk_or_third_party_register", "automation_hint": "manual_upload:risk_or_third_party_register", "connector_candidates": [ "evidence_os", "vendor_risk" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 178 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.18.3", "domain": "B.18 Vulnerability assessment", "title": "Establishing vulnerability assessment plan", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 186, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "connector_check", "collection_mode": "connector", "parser_hint": "scanner_report", "automation_hint": "connector:scanner_report", "connector_candidates": [ "asset_inventory", "vulnerability_scanner" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 186 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.18.4", "domain": "B.18 Vulnerability assessment", "title": "Implementing regular vulnerability assessment", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 187, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "connector_check", "collection_mode": "connector", "parser_hint": "scanner_report", "automation_hint": "connector:scanner_report", "connector_candidates": [ "asset_inventory", "vulnerability_scanner" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 187 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.19.2", "domain": "B.19 Physical/environmental security", "title": "Establishing detective control", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 197, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "manual_task", "collection_mode": "manual_upload", "parser_hint": "audit_or_compliance_record", "automation_hint": "manual_upload:audit_or_compliance_record", "connector_candidates": [ "evidence_os" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 197 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.19.3", "domain": "B.19 Physical/environmental security", "title": "Protection against internal and external threats", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 198, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "manual_task", "collection_mode": "manual_upload", "parser_hint": "audit_or_compliance_record", "automation_hint": "manual_upload:audit_or_compliance_record", "connector_candidates": [ "evidence_os" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 198 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.19.4", "domain": "B.19 Physical/environmental security", "title": "Implementing perimeter security", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 199, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "manual_task", "collection_mode": "manual_upload", "parser_hint": "audit_or_compliance_record", "automation_hint": "manual_upload:audit_or_compliance_record", "connector_candidates": [ "evidence_os" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 199 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.19.5", "domain": "B.19 Physical/environmental security", "title": "Implementing visitor authorisation", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 200, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "manual_task", "collection_mode": "manual_upload", "parser_hint": "audit_or_compliance_record", "automation_hint": "manual_upload:audit_or_compliance_record", "connector_candidates": [ "evidence_os" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 200 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.19.6", "domain": "B.19 Physical/environmental security", "title": "Monitoring physical premise", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 201, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "manual_task", "collection_mode": "manual_upload", "parser_hint": "audit_or_compliance_record", "automation_hint": "manual_upload:audit_or_compliance_record", "connector_candidates": [ "evidence_os" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 201 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.19.7", "domain": "B.19 Physical/environmental security", "title": "Establishing physical media handling process", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 202, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "manual_task", "collection_mode": "manual_upload", "parser_hint": "audit_or_compliance_record", "automation_hint": "manual_upload:audit_or_compliance_record", "connector_candidates": [ "evidence_os" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 202 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.2.3", "domain": "B.2 Policies and procedures", "title": "Communicating cybersecurity guidance and/or requirements to employees regularly", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 16, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "manual_task", "collection_mode": "manual_upload", "parser_hint": "policy_or_governance_document", "automation_hint": "manual_upload:policy_or_governance_document", "connector_candidates": [ "evidence_os" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 16 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.20.2", "domain": "B.20 Network security", "title": "Implementing access control", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 210, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "connector_check", "collection_mode": "connector", "parser_hint": "configuration_export", "automation_hint": "connector:configuration_export", "connector_candidates": [ "identity", "network_or_cloud" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 210 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.20.3", "domain": "B.20 Network security", "title": "Implementing stateful firewall", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 211, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "connector_check", "collection_mode": "connector", "parser_hint": "configuration_export", "automation_hint": "connector:configuration_export", "connector_candidates": [ "network_or_cloud" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 211 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.20.4", "domain": "B.20 Network security", "title": "Network security review", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 212, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "connector_check", "collection_mode": "connector", "parser_hint": "configuration_export", "automation_hint": "connector:configuration_export", "connector_candidates": [ "network_or_cloud" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 212 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.20.5", "domain": "B.20 Network security", "title": "Implementing network security", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 213, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "connector_check", "collection_mode": "connector", "parser_hint": "configuration_export", "automation_hint": "connector:configuration_export", "connector_candidates": [ "network_or_cloud" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 213 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.20.6", "domain": "B.20 Network security", "title": "Implementing network segmentation", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 214, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "soc_evidence", "collection_mode": "soc_pack", "parser_hint": "soc_case_or_alert", "automation_hint": "soc_pack:soc_case_or_alert", "connector_candidates": [ "vulnerability_scanner", "network_or_cloud", "soc" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 214 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.21.1", "domain": "B.21 Incident response", "title": "Cybersecurity measures in Cyber Essentials", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 221, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "soc_evidence", "collection_mode": "soc_pack", "parser_hint": "soc_case_or_alert", "automation_hint": "soc_pack:soc_case_or_alert", "connector_candidates": [ "soc" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 221 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.21.2", "domain": "B.21 Incident response", "title": "Cybersecurity measures in Cyber Essentials", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 222, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "soc_evidence", "collection_mode": "soc_pack", "parser_hint": "soc_case_or_alert", "automation_hint": "soc_pack:soc_case_or_alert", "connector_candidates": [ "soc" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 222 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.21.3", "domain": "B.21 Incident response", "title": "Verifying contactability of personnel involved in incident response", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 223, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "soc_evidence", "collection_mode": "soc_pack", "parser_hint": "soc_case_or_alert", "automation_hint": "soc_pack:soc_case_or_alert", "connector_candidates": [ "soc" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 223 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.21.4", "domain": "B.21 Incident response", "title": "Performing cyber exercises", "state": "manual_pending", "is_ready": false, "score_status": "partial", "score_weight": 0.5, "owner": "wei.tan@meridianpay.example", "due_at": "2026-07-12T09:00:00+00:00", "blockers": [ "Manual task pending (due 2026-07-12)" ], "evidence": [ { "source": "soc", "source_ref": "soc://incident-response/tabletop-exercise-2026", "collected_at": "2026-05-25T00:00:00Z", "expires_at": "2026-08-25T00:00:00Z", "fresh": true, "signature_ref": null, "artifacts": [], "reviews": [], "freshness": { "status": "fresh", "evaluated_at": "2026-06-04T00:00:00Z", "age_days": 10, "days_until_expiry": 82, "note": "Fresh at export time; expires in 82 day(s)." }, "parser_summary": { "artifact_count": 0, "parsed_count": 0, "highest_confidence": null, "parser_hints": [], "has_extracted_fields": false }, "review_summary": { "review_count": 0, "accepted_count": 0, "needs_rework_count": 0, "latest_decision": null, "latest_quality": null, "requires_human_review": true } } ], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 224, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "soc_evidence", "collection_mode": "soc_pack", "parser_hint": "soc_case_or_alert", "automation_hint": "soc_pack:soc_case_or_alert", "connector_candidates": [ "soc" ] }, "evidence_summary": { "evidence_count": 1, "fresh_count": 1, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "Fresh evidence exists at export time." }, "assessor_notes": [ "Partial: evidence exists, but closure still needs accepted review, refresh, or remaining control work.", "Workbook trace: CS Preparedness Questionnaire row 224 (v202504).", "Evidence is collected but still needs an accepted human review decision.", "Open blocker(s): Manual task pending (due 2026-07-12)" ] }, { "code": "B.22.2", "domain": "B.22 Business continuity/Disaster recovery", "title": "Identifying critical assets requiring high availability", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 231, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "soc_evidence", "collection_mode": "soc_pack", "parser_hint": "backup_restore_report", "automation_hint": "soc_pack:backup_restore_report", "connector_candidates": [ "asset_inventory", "backup_platform" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 231 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.22.3", "domain": "B.22 Business continuity/Disaster recovery", "title": "Performing business impact analysis", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 232, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "soc_evidence", "collection_mode": "soc_pack", "parser_hint": "backup_restore_report", "automation_hint": "soc_pack:backup_restore_report", "connector_candidates": [ "vulnerability_scanner", "soc", "backup_platform" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 232 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.22.4", "domain": "B.22 Business continuity/Disaster recovery", "title": "Implemenring process for redundancy", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 233, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "soc_evidence", "collection_mode": "soc_pack", "parser_hint": "backup_restore_report", "automation_hint": "soc_pack:backup_restore_report", "connector_candidates": [ "backup_platform" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 233 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.3.1", "domain": "B.3 Risk management", "title": "Risk identification and remediation", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 24, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "manual_task", "collection_mode": "manual_upload", "parser_hint": "risk_or_third_party_register", "automation_hint": "manual_upload:risk_or_third_party_register", "connector_candidates": [ "evidence_os", "vendor_risk" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 24 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.3.2", "domain": "B.3 Risk management", "title": "Risk analysis", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 25, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "manual_task", "collection_mode": "manual_upload", "parser_hint": "risk_or_third_party_register", "automation_hint": "manual_upload:risk_or_third_party_register", "connector_candidates": [ "evidence_os", "vendor_risk" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 25 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.3.3", "domain": "B.3 Risk management", "title": "Risk response", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 26, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "manual_task", "collection_mode": "manual_upload", "parser_hint": "risk_or_third_party_register", "automation_hint": "manual_upload:risk_or_third_party_register", "connector_candidates": [ "evidence_os", "vendor_risk" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 26 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.3.4", "domain": "B.3 Risk management", "title": "Regular risk identification and tracking", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 27, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "manual_task", "collection_mode": "manual_upload", "parser_hint": "risk_or_third_party_register", "automation_hint": "manual_upload:risk_or_third_party_register", "connector_candidates": [ "evidence_os", "vendor_risk" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 27 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.3.5", "domain": "B.3 Risk management", "title": "Defining risk assessment process", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 28, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "manual_task", "collection_mode": "manual_upload", "parser_hint": "risk_or_third_party_register", "automation_hint": "manual_upload:risk_or_third_party_register", "connector_candidates": [ "evidence_os", "vendor_risk" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 28 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.3.6", "domain": "B.3 Risk management", "title": "Establishing cybersecurity risk register", "state": "in_progress", "is_ready": false, "score_status": "partial", "score_weight": 0.5, "owner": "sara.koh@meridianpay.example", "due_at": "2026-06-28T09:00:00+00:00", "blockers": [ "Control in progress" ], "evidence": [ { "source": "manual", "source_ref": "manual://csa/risk-register-draft-2026", "collected_at": "2026-05-18T00:00:00Z", "expires_at": "2027-05-18T00:00:00Z", "fresh": true, "signature_ref": null, "artifacts": [], "reviews": [], "freshness": { "status": "fresh", "evaluated_at": "2026-06-04T00:00:00Z", "age_days": 17, "days_until_expiry": 348, "note": "Fresh at export time; expires in 348 day(s)." }, "parser_summary": { "artifact_count": 0, "parsed_count": 0, "highest_confidence": null, "parser_hints": [], "has_extracted_fields": false }, "review_summary": { "review_count": 0, "accepted_count": 0, "needs_rework_count": 0, "latest_decision": null, "latest_quality": null, "requires_human_review": true } } ], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 29, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "manual_task", "collection_mode": "manual_upload", "parser_hint": "risk_or_third_party_register", "automation_hint": "manual_upload:risk_or_third_party_register", "connector_candidates": [ "evidence_os", "vendor_risk" ] }, "evidence_summary": { "evidence_count": 1, "fresh_count": 1, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "Fresh evidence exists at export time." }, "assessor_notes": [ "Partial: evidence exists, but closure still needs accepted review, refresh, or remaining control work.", "Workbook trace: CS Preparedness Questionnaire row 29 (v202504).", "Evidence is collected but still needs an accepted human review decision.", "Open blocker(s): Control in progress" ] }, { "code": "B.5.1", "domain": "B.5 Compliance", "title": "Identifying areas of cybersecurity-related law and regulation", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 47, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "manual_task", "collection_mode": "manual_upload", "parser_hint": "audit_or_compliance_record", "automation_hint": "manual_upload:audit_or_compliance_record", "connector_candidates": [ "evidence_os" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 47 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.5.2", "domain": "B.5 Compliance", "title": "Establishing measures to ensure compliance", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 48, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "manual_task", "collection_mode": "manual_upload", "parser_hint": "audit_or_compliance_record", "automation_hint": "manual_upload:audit_or_compliance_record", "connector_candidates": [ "evidence_os" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 48 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.5.3", "domain": "B.5 Compliance", "title": "Communicating cybersecurity laws, regulations and guidelines to employees for compliance", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 49, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "manual_task", "collection_mode": "manual_upload", "parser_hint": "audit_or_compliance_record", "automation_hint": "manual_upload:audit_or_compliance_record", "connector_candidates": [ "evidence_os" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 49 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.5.4", "domain": "B.5 Compliance", "title": "Defining process for compliance", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 50, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "manual_task", "collection_mode": "manual_upload", "parser_hint": "audit_or_compliance_record", "automation_hint": "manual_upload:audit_or_compliance_record", "connector_candidates": [ "evidence_os" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 50 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.7.1", "domain": "B.7 Training and awareness", "title": "Cybersecurity measures in Cyber Essentials", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 66, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "soc_evidence", "collection_mode": "soc_pack", "parser_hint": "training_attendance_export", "automation_hint": "soc_pack:training_attendance_export", "connector_candidates": [ "asset_inventory", "soc", "hr_lms" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 66 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.7.2", "domain": "B.7 Training and awareness", "title": "Cybersecurity measures in Cyber Essentials", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 67, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "soc_evidence", "collection_mode": "soc_pack", "parser_hint": "training_attendance_export", "automation_hint": "soc_pack:training_attendance_export", "connector_candidates": [ "asset_inventory", "soc", "hr_lms" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 67 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.7.3", "domain": "B.7 Training and awareness", "title": "Tracking metrics of employee cybersecurity awareness", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 68, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "connector_check", "collection_mode": "connector", "parser_hint": "training_attendance_export", "automation_hint": "connector:training_attendance_export", "connector_candidates": [ "hr_lms" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 68 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.7.4", "domain": "B.7 Training and awareness", "title": "Performing cybersecurity awareness assessments", "state": "ready", "is_ready": true, "score_status": "met", "score_weight": 1, "owner": "wei.tan@meridianpay.example", "due_at": null, "blockers": [], "evidence": [ { "source": "connector", "source_ref": "connector://hr-lms/cyber-awareness-assessment-2026-q2", "collected_at": "2026-05-30T00:00:00Z", "expires_at": "2026-08-30T00:00:00Z", "fresh": true, "signature_ref": null, "artifacts": [], "reviews": [], "freshness": { "status": "fresh", "evaluated_at": "2026-06-04T00:00:00Z", "age_days": 5, "days_until_expiry": 87, "note": "Fresh at export time; expires in 87 day(s)." }, "parser_summary": { "artifact_count": 0, "parsed_count": 0, "highest_confidence": null, "parser_hints": [], "has_extracted_fields": false }, "review_summary": { "review_count": 0, "accepted_count": 0, "needs_rework_count": 0, "latest_decision": null, "latest_quality": null, "requires_human_review": true } } ], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 69, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "connector_check", "collection_mode": "connector", "parser_hint": "training_attendance_export", "automation_hint": "connector:training_attendance_export", "connector_candidates": [ "hr_lms" ] }, "evidence_summary": { "evidence_count": 1, "fresh_count": 1, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "Fresh evidence exists at export time." }, "assessor_notes": [ "Pre-audit ready: control has fresh evidence and has been marked ready.", "Workbook trace: CS Preparedness Questionnaire row 69 (v202504).", "Evidence is collected but still needs an accepted human review decision." ] }, { "code": "B.7.5", "domain": "B.7 Training and awareness", "title": "Appointing cybersecurity champion", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 70, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "connector_check", "collection_mode": "connector", "parser_hint": "training_attendance_export", "automation_hint": "connector:training_attendance_export", "connector_candidates": [ "hr_lms" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 70 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.8.1", "domain": "B.8 Asset management", "title": "Cybersecurity measures in Cyber Essentials", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 78, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "soc_evidence", "collection_mode": "soc_pack", "parser_hint": "soc_case_or_alert", "automation_hint": "soc_pack:soc_case_or_alert", "connector_candidates": [ "asset_inventory", "soc" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 78 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.8.2", "domain": "B.8 Asset management", "title": "Cybersecurity measures in Cyber Essentials", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 79, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "soc_evidence", "collection_mode": "soc_pack", "parser_hint": "soc_case_or_alert", "automation_hint": "soc_pack:soc_case_or_alert", "connector_candidates": [ "asset_inventory", "soc" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 79 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.8.3", "domain": "B.8 Asset management", "title": "Assets handling policy and procedure", "state": "ready", "is_ready": true, "score_status": "met", "score_weight": 1, "owner": "arjun.rao@meridianpay.example", "due_at": null, "blockers": [], "evidence": [ { "source": "connector", "source_ref": "connector://asset-inventory/classified-assets-2026-q2", "collected_at": "2026-05-29T00:00:00Z", "expires_at": "2026-08-29T00:00:00Z", "fresh": true, "signature_ref": null, "artifacts": [], "reviews": [], "freshness": { "status": "fresh", "evaluated_at": "2026-06-04T00:00:00Z", "age_days": 6, "days_until_expiry": 86, "note": "Fresh at export time; expires in 86 day(s)." }, "parser_summary": { "artifact_count": 0, "parsed_count": 0, "highest_confidence": null, "parser_hints": [], "has_extracted_fields": false }, "review_summary": { "review_count": 0, "accepted_count": 0, "needs_rework_count": 0, "latest_decision": null, "latest_quality": null, "requires_human_review": true } } ], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 80, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "connector_check", "collection_mode": "connector", "parser_hint": "asset_inventory_export", "automation_hint": "connector:asset_inventory_export", "connector_candidates": [ "asset_inventory" ] }, "evidence_summary": { "evidence_count": 1, "fresh_count": 1, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "Fresh evidence exists at export time." }, "assessor_notes": [ "Pre-audit ready: control has fresh evidence and has been marked ready.", "Workbook trace: CS Preparedness Questionnaire row 80 (v202504).", "Evidence is collected but still needs an accepted human review decision." ] }, { "code": "B.8.4", "domain": "B.8 Asset management", "title": "Measures handling highly classified assets", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 81, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "connector_check", "collection_mode": "connector", "parser_hint": "asset_inventory_export", "automation_hint": "connector:asset_inventory_export", "connector_candidates": [ "asset_inventory" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 81 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.8.5", "domain": "B.8 Asset management", "title": "Defining roles and responsibilities for managing assets in inventory", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 82, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "connector_check", "collection_mode": "connector", "parser_hint": "asset_inventory_export", "automation_hint": "connector:asset_inventory_export", "connector_candidates": [ "asset_inventory" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 82 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.9.1", "domain": "B.9 Data protection and privacy", "title": "Cybersecurity measures in Cyber Essentials", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 89, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "connector_check", "collection_mode": "connector", "parser_hint": "asset_inventory_export", "automation_hint": "connector:asset_inventory_export", "connector_candidates": [ "asset_inventory" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 89 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.9.2", "domain": "B.9 Data protection and privacy", "title": "Reporting of data breach", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 90, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "manual_task", "collection_mode": "manual_upload", "parser_hint": "document_evidence", "automation_hint": "manual_upload:document_evidence", "connector_candidates": [ "evidence_os" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 90 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.9.3", "domain": "B.9 Data protection and privacy", "title": "Aligning encryption algorithm and key length to industry best practices", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 91, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "manual_task", "collection_mode": "manual_upload", "parser_hint": "document_evidence", "automation_hint": "manual_upload:document_evidence", "connector_candidates": [ "evidence_os" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 91 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.9.4", "domain": "B.9 Data protection and privacy", "title": "Cybersecurity measures in Cyber Essentials", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 92, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "connector_check", "collection_mode": "connector", "parser_hint": "asset_inventory_export", "automation_hint": "connector:asset_inventory_export", "connector_candidates": [ "asset_inventory" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 92 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.9.5", "domain": "B.9 Data protection and privacy", "title": "Measures for handling highly classified assets", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 93, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "connector_check", "collection_mode": "connector", "parser_hint": "asset_inventory_export", "automation_hint": "connector:asset_inventory_export", "connector_candidates": [ "asset_inventory" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 93 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.9.6", "domain": "B.9 Data protection and privacy", "title": "Establishing data flow diagram", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 94, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "manual_task", "collection_mode": "manual_upload", "parser_hint": "policy_or_governance_document", "automation_hint": "manual_upload:policy_or_governance_document", "connector_candidates": [ "evidence_os" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 94 (v202504).", "Open blocker(s): No evidence collected; Not started" ] }, { "code": "B.9.7", "domain": "B.9 Data protection and privacy", "title": "Secure data handling policy and procedure", "state": "not_started", "is_ready": false, "score_status": "missing", "score_weight": 0, "owner": "", "due_at": null, "blockers": [ "No evidence collected", "Not started" ], "evidence": [], "crosswalk": [], "workbook_provenance": { "source_sheet": "CS Preparedness Questionnaire", "source_row": 95, "workbook_version": "v202504", "source_pin": "cyber-trust-self-assessment-v202504.xlsx#sha256=d57a7774a0c4a41219ef835ca0301eab77c446784e9e98cd847f17975bc5456c", "test_method_type": "manual_task", "collection_mode": "manual_upload", "parser_hint": "policy_or_governance_document", "automation_hint": "manual_upload:policy_or_governance_document", "connector_candidates": [ "evidence_os" ] }, "evidence_summary": { "evidence_count": 0, "fresh_count": 0, "stale_count": 0, "accepted_review_count": 0, "needs_rework_review_count": 0, "parsed_artifact_count": 0, "highest_parser_confidence": null, "freshness_note": "No evidence collected for this control." }, "assessor_notes": [ "Not ready: collect or refresh evidence before presenting this control.", "Workbook trace: CS Preparedness Questionnaire row 95 (v202504).", "Open blocker(s): No evidence collected; Not started" ] } ], "fusion": [], "disclaimer": "Readiness snapshot prepared for accredited-assessor review — not a certification. The Cyber Trust mark is issued by an accredited assessor. Synthetic demo data only." }