ComplyIQ Compliance Dashboard · Demo
Full plan · Live dashboard · Secure link by email
Overall score
Maturity
Developing · Level 2 of 5
Critical gaps
4
Gaps by priority
| Metric | Your org | Industry avg. |
|---|---|---|
| Overall compliance score | 38/100 | 67/100 (SaaS B2B EU) |
| Mean time to patch critical CVEs | 18 days | 7 days |
| Vendor risk assessments completed | 62% | 89% |
| DSAR response within SLA | 78% | 94% |
| Security training completion | 54% | 91% |
| Open critical gaps | 25 | 8 (median) |
Total exposure
up to €47.2M + certification & contract risk
Gaps identified
25
Regulations
9
NexusFlow operates a B2B SaaS platform processing EU customer PII, payment metadata, and audit logs across AWS (eu-west-1) with subcontractors in the US (SCCs in place but not fully documented). Our assessment covers nine frameworks selected for FinTech-adjacent SaaS: material gaps exist in incident readiness (NIS2), financial operational resilience (DORA), and core GDPR accountability. Overall compliance maturity is Developing (score 38/100) with CRITICAL concentration in cybersecurity governance and third-party oversight. Estimated aggregate regulatory exposure exceeds €47M when combining GDPR administrative fines, NIS2 penalties, and contractual/certification risks (ISO 27001, SOC 2 Type II renewal in Q3). Leadership should treat the next 90 days as a stabilization program: appoint accountable owners per domain, close Art. 30 and DPIA backlog, complete ICT third-party mapping, and run a board-level tabletop before SOC 2 observation window. This dashboard prioritizes gaps by financial exposure and implementation effort so legal, security, and product can execute in parallel.
41
/100
26
/100
33
/100
44
/100
52
/100
31
/100
22
/100
29
/100
48
/100