FACTS
3 of 24 NIS2 domains have controls without linked evidence: Supply Chain Security (2 controls), Incident Handling (1), Business Continuity (1). 12 evidence items are expired and 21 are missing entirely.
INFERENCE
Supply Chain Security has the lowest readiness (52%) and the most unlinked controls, so it is the largest driver of your current gap and the highest audit exposure.
RECOMMENDATION
1. Upload the DR test report to close Business Continuity (BC-03).
2. Attach the latest vendor security review for the top-2 critical suppliers.
3. Renew 12 expired evidence items flagged in Evidence Vault.
MISSING DATA
No incident-handling playbook is linked. AURA cannot assess Incident Handling completeness until IR-02 evidence is provided.
Sources:
Control Matrix · 24 domains
Evidence Vault · 225 items
Risk Ledger
Confidence: High
Create remediation tasks
Draft board summary
Export as PDF
AURA supports governance decisions using your evidence and does not provide legal advice, regulatory certification or a guarantee of compliance. Verify critical conclusions with a qualified professional.