{"id":"assess-hris-2025q2","systemId":"sys-hris-001","sspId":"ssp-hris-001","title":"E-HRIS FY2025 Q2 Security Assessment","assessor":"Deloitte Cyber Risk Services","assessmentType":"comprehensive","status":"completed","totalFindings":3,"satisfiedControls":1,"otherThanSatisfied":3,"controlFindings":[{"controlId":"AC-4","determination":"other_than_satisfied","assessmentMethod":"examine","evidence":"DLP gaps on cloud file sharing.","weaknessDescription":"Information flow enforcement does not extend to cloud collaboration platforms.","riskLevel":"moderate"},{"controlId":"IR-4","determination":"other_than_satisfied","assessmentMethod":"interview","evidence":"IR tabletop exercises overdue.","weaknessDescription":"Incident response procedures not regularly tested.","riskLevel":"moderate"},{"controlId":"SI-2","determination":"other_than_satisfied","assessmentMethod":"test","evidence":"23 critical CVEs beyond SLA.","weaknessDescription":"Flaw remediation SLA not met.","riskLevel":"high"}],"completedAt":"2025-06-01T00:00:00Z","createdAt":"2025-04-01T08:00:00Z","updatedAt":"2025-06-01T16:00:00Z"}