Security Compliance Command
Client Environment Audits · ISO/IEC 27001:2022 Aligned
Field-verification checklists for client environment hardening. Each checklist tracks completion live, records notes/evidence per control, and prints to a clean client-facing PDF report or certificate.
Anti-spam, anti-phishing, anti-spoofing, SPF/DKIM/DMARC, Safe Links & Safe Attachments, connection filtering, and mail flow hardening.
Identity · Entra IDIdentity and access hardening for the M365 tenant itself — Conditional Access, privileged roles, guest access, and app governance.
Identity · Data · Google2-Step Verification, Drive sharing exposure, Gmail authentication, OAuth app governance, Gemini/AI data boundaries, and monitoring.
Endpoint · Windows 11OS lifecycle, Defender, least privilege, BitLocker, USB control, patching, firewall, authentication, application control, logging.
Infrastructure · ApplicationsNetwork perimeter, vulnerability management, active monitoring, data masking/leakage, privileged access, and custom application/SDLC security.
Backup · ContinuityBackup coverage, immutability & ransomware resilience, encryption, restore testing, RTO/RPO documentation, and business continuity.
EU Financial Sector · Reg. 2022/2554ICT third-party register & exit strategy, resilience testing programme, threat-led penetration testing (TLPT), and incident reporting readiness.
US Framework · CSF 2.0Executive-level cross-walk across Govern, Identify, Protect, Detect, Respond, and Recover — all 22 categories, cross-referenced to the technical checklists in this portal.
職業安定法 · 労働者派遣法 · 番号法 · JapanEmployment Security Act, Worker Dispatch Act, and My Number Act obligations for recruiters — collection restrictions, 職業紹介責任者 & 派遣元責任者 roles, and third-party provision rules, fully bilingual with statutory articles.
個人情報保護法 · General Purpose · JapanGeneral-purpose Act on Protection of Personal Information checklist for any Japan-based organization — purpose notification, breach reporting, third-party/cross-border transfer, and data subject rights.
Security Culture · NIST CSF PR.ATAuthorization prerequisites, infrastructure isolation, campaign design, training follow-through, and non-retaliation culture for a simulated phishing program.