The Audits page helps you prepare for and track NCA compliance audits. Whether it is an internal assessment or a formal NCA audit, this module keeps your preparation organised and your findings tracked.
Audit Types
| Type | Description |
|---|---|
| Self-Assessment | Internal review conducted by your cybersecurity team to evaluate ECC readiness |
| Internal Audit | Formal internal audit by your organisation's audit function or internal audit department |
| NCA Audit | Official audit conducted by or on behalf of the National Cybersecurity Authority |
| Third-Party Assessment | Assessment by an external cybersecurity consultancy |
Creating an Audit
Click "New Audit". Select the audit type, enter the audit date range, and assign a lead auditor.
Select which ECC domains are in scope for this audit. For a full NCA audit, all 5 domains should be selected. For targeted assessments, select only the relevant domains.
As the audit progresses, record findings using the "Add Finding" button. Each finding captures the control reference, severity (Critical, High, Medium, Low), description, and recommended corrective action.
For each finding, create a corrective action with an owner, target date, and description. The owner receives email notifications and the action appears on their personal dashboard.
Finding Severity Levels
| Severity | Definition | Expected Response |
|---|---|---|
| Critical | Control completely absent; immediate risk to operations | Remediate within 30 days |
| High | Control partially implemented with significant gaps | Remediate within 60 days |
| Medium | Control implemented but effectiveness not demonstrated | Remediate within 90 days |
| Low | Minor improvement opportunity; control is largely effective | Address in next review cycle |
Corrective Action Tracking
Open findings with corrective actions are tracked in a dedicated view. Filter by status (Open, In Progress, Closed), severity, owner, or due date. Overdue actions are highlighted in red on both the audit page and the responsible user's dashboard.