Compliance Snapshot

Active Security Monitoring

Independent automated audit of every CSC client website.

COMPLIANT
ISO 27001:2022 · SOC 2 Trust Service Criteria · Cyber Essentials
Audit period2026-04-11 2026-04-18
Scan ID2026-04-11T21:18:09+1000
Sites monitored
5
client domains
Controls evaluated
65
4 categories × 13 controls
Critical findings
0
all clear
Last audit
2 min ago
45 passed · 0 warnings
Compliance Controls

Every control, every site

Network Security

Controls that protect data in transit and shield the site's edge from hostile traffic.

HTTPS enforced (TLS 1.2+)
All visitor traffic is forced onto encrypted HTTPS and the TLS certificate is valid and renewing.
ISO 27001 A.8.24SOC 2 CC6.7CE Secure Configuration
Callum Smith ConsultingFlin's Pressure WashingBlonde by JasAudent MusicYvonne Porta Art
Strict-Transport-Security header active
Browsers are instructed to only ever connect to the site over HTTPS, blocking downgrade attacks.
ISO 27001 A.8.23SOC 2 CC6.6CE Secure Configuration
Callum Smith ConsultingFlin's Pressure WashingBlonde by JasAudent MusicYvonne Porta Art
Bot and DDoS protection at the edge
Cloudflare Bot Fight Mode filters automated threats before they reach the origin.
ISO 27001 A.8.20SOC 2 CC6.6CE Firewalls
Callum Smith ConsultingFlin's Pressure WashingBlonde by JasAudent MusicYvonne Porta Art

Application Security

Controls that harden the web application itself against common web exploits and abuse.

Clickjacking protection (X-Frame-Options)
The site cannot be embedded in a hostile iframe to trick users into unintended clicks.
ISO 27001 A.8.26SOC 2 CC6.6CE Secure Configuration
Callum Smith ConsultingFlin's Pressure WashingBlonde by JasAudent MusicYvonne Porta Art
Form CAPTCHA / bot verification
Contact and lead forms are protected by Cloudflare Turnstile to block spam and credential-stuffing bots (verified manually).
ISO 27001 A.8.26SOC 2 CC6.1CE User Access Control
Callum Smith ConsultingFlin's Pressure WashingBlonde by JasAudent MusicYvonne Porta Art
Dependency vulnerabilities patched
No known high or critical CVEs in third-party packages used to build the site.
ISO 27001 A.8.8SOC 2 CC7.1CE Security Update Management
Callum Smith ConsultingFlin's Pressure WashingBlonde by JasAudent MusicYvonne Porta Art

Data Protection & Secrets

Controls that prevent leakage of credentials, customer data, and ownership of the domain itself.

No exposed credentials in source code
Automated secret scanning confirms no API keys, tokens, or passwords are committed to any repository.
ISO 27001 A.8.24SOC 2 CC6.1CE User Access Control
Callum Smith ConsultingFlin's Pressure WashingBlonde by JasAudent MusicYvonne Porta Art
Environment isolation (.env not committed)
Environment variable files containing secrets are excluded from version control via .gitignore.
ISO 27001 A.8.9SOC 2 CC6.1CE Secure Configuration
Callum Smith ConsultingFlin's Pressure WashingBlonde by JasAudent MusicYvonne Porta Art
Domain registration valid
Domain ownership is current with comfortable runway before expiry, preventing hijack or downtime.
ISO 27001 A.5.9SOC 2 A1.2
Callum Smith ConsultingFlin's Pressure WashingBlonde by JasAudent MusicYvonne Porta Art

Operational Security

Controls that keep the site reachable, observable, and continuously monitored for regressions.

Uptime monitoring
The site responds with HTTP 200 to automated liveness probes.
ISO 27001 A.8.16SOC 2 A1.2
Callum Smith ConsultingFlin's Pressure WashingBlonde by JasAudent MusicYvonne Porta Art
Search engine indexability controlled
robots.txt and sitemap.xml are present and correctly configured so search engines index the right pages.
ISO 27001 A.5.34SOC 2 CC6.1CE Secure Configuration
Callum Smith ConsultingFlin's Pressure WashingBlonde by JasAudent MusicYvonne Porta Art
Analytics beacon healthy
Cloudflare Web Analytics beacon is firing so traffic and performance can be monitored.
ISO 27001 A.8.15SOC 2 CC7.2
Callum Smith ConsultingFlin's Pressure WashingBlonde by JasAudent MusicYvonne Porta Art
Weekly automated audit pipeline
This compliance report is regenerated automatically every week by a scheduled security audit runner.
ISO 27001 A.5.36SOC 2 CC4.1
Callum Smith ConsultingFlin's Pressure WashingBlonde by JasAudent MusicYvonne Porta Art
Per-Client Summary

Every client, at a glance

Callum Smith Consulting
callumsmithconsulting.com.au
Healthy
Uptime
200 OK
SSL
80d
Beacon
Live
View timeline
Flin's Pressure Washing
flinspressurewashing.com
Healthy
Uptime
200 OK
SSL
77d
Beacon
Live
View timeline
Blonde by Jas
blondebyjas.com
Healthy
Uptime
200 OK
SSL
87d
Beacon
Live
View timeline
Audent Music
audentmusic.com
Healthy
Uptime
200 OK
SSL
87d
Beacon
Live
View timeline
Yvonne Porta Art
vonportaart.com.au
Healthy
Uptime
200 OK
SSL
80d
Beacon
Live
View timeline
Audit Archive

Every scan, permanently archived

2026-04-11
Attention
33/50 passed
2026-04-11
Compliant
45/50 passed
2026-04-11
Attention
33/50 passed
View full audit history
How this audit works

Automated. Repeatable. Archived forever.

Every Saturday at 9:07 AEST, an automated pipeline scans every CSC client site against 13 compliance controls mapped to ISO 27001, SOC 2, and Cyber Essentials. Each scan is archived permanently and published to this dashboard, so every historical audit remains verifiable.

Audit framework references: ISO 27001:2022 · SOC 2 Trust Service Criteria · NCSC Cyber Essentials
Framework references (ISO 27001:2022, SOC 2 Trust Service Criteria, NCSC Cyber Essentials) are used for control mapping only. Callum Smith Consulting is not certified by ISO, AICPA, or NCSC. We follow these frameworks as best-practice baselines.
Last scan: 2026-04-11T11:19:54Z · Next scan: Saturday 18 Apr, 9:07 am
Generated by CSC Security Pipeline v1.0