ComplyIQ Dashboard conformità · Demo

NexusFlow SAS · B2B SaaS · FinTech · 142 FTE · Paris / EU

Piano completo · Dashboard live · Link sicuro via email

Home
Demo·Demo interattiva con dati di esempio (NexusFlow SAS). Il piano a pagamento usa i vostri dati di onboarding.

Punteggio complessivo

38/100

Maturità

Developing · Level 2 of 5

Lacune critiche

4

Lacune per priorità

30 giorni8
60 giorni10
90 giorni7

Rilievi chiave

  • No maintained Record of Processing Activities (RoPA) — GDPR Art. 30 breach risk across 14 processing purposes
  • Incident response plan untested; mean time to contain unknown — NIS2 Art. 23 gap
  • ICT third-party register covers only 62% of critical vendors — DORA & NIS2 supply-chain risk
  • SOC 2 Type II: 11 control exceptions open; customer audit requests at risk
  • Cookie/consent stack not aligned with ePrivacy — marketing tags fire before consent
  • PCI scope creep: staging environment processes live PAN in logs (critical)
  • CSRD double materiality assessment not started — EU customer ESG due diligence blocked
  • HIPAA BAA missing for US telehealth pilot sub-processor

Benchmark di settore

MetricLa vostra org.Media settore
Overall compliance score38/10067/100 (SaaS B2B EU)
Mean time to patch critical CVEs18 days7 days
Vendor risk assessments completed62%89%
DSAR response within SLA78%94%
Security training completion54%91%
Open critical gaps258 (median)

Esposizione totale

up to €47.2M + certification & contract risk

Lacune identificate

25

Normative

9

Sintesi esecutiva

NexusFlow operates a B2B SaaS platform processing EU customer PII, payment metadata, and audit logs across AWS (eu-west-1) with subcontractors in the US (SCCs in place but not fully documented). Our assessment covers nine frameworks selected for FinTech-adjacent SaaS: material gaps exist in incident readiness (NIS2), financial operational resilience (DORA), and core GDPR accountability. Overall compliance maturity is Developing (score 38/100) with CRITICAL concentration in cybersecurity governance and third-party oversight. Estimated aggregate regulatory exposure exceeds €47M when combining GDPR administrative fines, NIS2 penalties, and contractual/certification risks (ISO 27001, SOC 2 Type II renewal in Q3). Leadership should treat the next 90 days as a stabilization program: appoint accountable owners per domain, close Art. 30 and DPIA backlog, complete ICT third-party mapping, and run a board-level tabletop before SOC 2 observation window. This dashboard prioritizes gaps by financial exposure and implementation effort so legal, security, and product can execute in parallel.

Punteggi di conformità

GDPRHIGH

41

/100

NIS2CRITICAL

26

/100

DORAHIGH

33

/100

ISO 27001HIGH

44

/100

SOC 2MEDIUM

52

/100

PCI-DSSCRITICAL

31

/100

CSRDHIGH

22

/100

HIPAAHIGH

29

/100

PSD2MEDIUM

48

/100