Skip to main content
SecurAtlas’s Audit Command Center is a single-screen review tool designed for MSPs preparing for a client audit or stakeholder meeting. It aggregates a client’s most important risk signals — score, financial exposure, open findings, evidence gaps, framework readiness, and top-priority tasks — so you can assess their posture in one place rather than navigating across multiple pages. You reach the Audit Command Center by opening a client workspace and going to Access Reviews in the sidebar.

Widgets on the page

The Audit Command Center is composed of seven widgets, each surfacing a different dimension of the client’s security posture.

KPI strip

The KPI strip runs across the top of the page and shows four headline metrics:
  • Audit readiness — the percentage of the client’s controls that have at least one piece of evidence attached. Lower values mean more evidence gaps to resolve before an audit.
  • Open critical gaps — the number of controls that are missing evidence entirely. Each gap here is a potential audit finding.
  • Risk score — the client’s overall posture score from 0 to 100, color-coded by risk level (red for High/Critical, amber for Moderate/Medium, green for Low).
  • Annual exposure — the client’s expected annualized financial loss (ALE) in dollars, shown with a low–high confidence range.
Use the KPI strip for a 10-second health check before diving deeper.

Risk drivers

The Risk Drivers card shows the top threat categories contributing to the client’s residual risk, ranked by exposure score. Each row includes:
  • The risk category name (for example, Access Control, Data Protection, Endpoint Security).
  • An exposure level badge — Critical, High, Medium, or Low.
  • A bar chart showing the relative exposure score for that category.
Risk drivers come from the client’s connected integrations and control assessment data. Categories at the top of the list are where implementing controls will have the largest risk-reduction effect.

Audit blockers

The Audit Blockers card surfaces two types of blockers that would flag during an audit:
  • Priority tasks — controls that are not yet implemented and are ranked high-urgency. These are items the client needs to complete before they can claim a control is in place.
  • Open findings count — the total number of unresolved integration findings across the client’s connected tools (for example, open misconfigurations from a cloud security integration).
If either number is non-zero, the client has audit exposure that is visible to any auditor reviewing their workspace.

Exposure

The Exposure card shows the client’s full annualized financial exposure breakdown:
  • Expected ALE — the most likely annualized financial loss based on threat probability and impact.
  • Low–high range — the confidence interval around the expected figure.
  • Risk driver context — which risk categories are contributing most to the exposure figure.
  • Open tasks count — how many priority remediation tasks remain unaddressed.
Use the Exposure card when you need a dollar figure to communicate urgency to a client stakeholder or when preparing a risk report.

Framework snapshot

The Framework Snapshot card shows readiness percentages for each compliance framework the client has selected, sorted from lowest to highest readiness. For each framework you can see:
  • The framework name (ISO 27001, SOC 2, NIST CSF, HIPAA, PCI DSS, and others).
  • A readiness percentage based on implemented controls mapped to that framework.
  • Whether the framework is certifiable or regulatory.
Frameworks with low readiness scores are the ones most likely to produce gaps in an audit. You can click through to the full frameworks view from the Frameworks link in the page header.

Evidence attention

The Evidence Attention card flags evidence items that need action before an audit:
  • Stale evidence — evidence that has not been updated in a significant period and may no longer reflect current practice.
  • Expiring soon — evidence with an expiry date approaching within the next 30 days.
  • Expired — evidence that has already passed its expiry date and is no longer valid.
  • Unlinked evidence count — evidence items that have been uploaded but not attached to any control.
Each item in the list shows its title, freshness status, and days until or since expiry. Address expired and expiring items first — an auditor reviewing evidence will immediately flag anything out of date.

Fix This First

The Fix This First card ranks the client’s top five priority tasks by urgency and impact. Each task shows:
  • A numbered rank (1 = highest priority).
  • The task title and implementation notes summarizing what needs to be done.
  • An impact badge — High, Medium, or Low — based on the control’s severity score.
  • An effort badge — showing whether the task is low, medium, or high effort to complete.
Tasks are ordered by urgency tier first, then by severity, so the list always surfaces the highest-leverage actions. Click Open Task on any item to jump directly to that control in the client’s task view.

Typical pre-audit review workflow

1

Open the client workspace

From your partner portal Client Portfolio, click Open next to the client you are preparing to review. You land on the client’s dashboard.
2

Navigate to the Audit Command Center

Click Access Reviews in the client workspace sidebar. The Audit Command Center loads with all data aggregated for this client.
3

Check the KPI strip

Review the four headline metrics at the top of the page. Note the risk score, audit readiness percentage, open critical gaps, and annual exposure. These give you an immediate sense of where the client stands.
4

Review risk drivers and blockers

Look at the Risk Drivers card to understand which threat categories are most exposed, and at the Audit Blockers card to see how many priority tasks and open integration findings still need resolution.
5

Check framework readiness

In the Framework Snapshot, find the frameworks most relevant to the upcoming audit. If any are below 80% readiness, identify which controls are not implemented using the full frameworks view.
6

Resolve evidence issues

In the Evidence Attention card, address any expired or expiring evidence items before the audit date. Also check the unlinked evidence count — unlinked evidence cannot satisfy any control requirement.
7

Assign Fix This First tasks

Work through the Fix This First list with the client. These are the highest-impact tasks ranked by urgency. Completing even the top two or three items typically produces a measurable improvement in risk score and audit readiness.
If you need an external auditor to review the client’s workspace directly, you can grant them read-only access via Settings → Auditor Portal within the client workspace. Auditors see all the same data but cannot make any changes. See Auditor access.