Viewing historical audit from 2026-04-11.
View latest Compliance Snapshot
Active Security Monitoring
Independent automated audit of every CSC client website.
!ATTENTION
ISO 27001:2022 · SOC 2 Trust Service Criteria · Cyber Essentials
Audit period2026-04-11 → 2026-04-18
Scan ID2026-04-11T21:04:37+1000
Sites monitored
5
client domains
Controls evaluated
65
4 categories × 13 controls
Critical findings
0
all clear
Last audit
15 min ago
33 passed · 12 warnings
Compliance Controls
Every control, every site
Network Security
Controls that protect data in transit and shield the site's edge from hostile traffic.
HTTPS enforced (TLS 1.2+)
All visitor traffic is forced onto encrypted HTTPS and the TLS certificate is valid and renewing.
ISO 27001 A.8.24SOC 2 CC6.7CE Secure Configuration
✓✓✓✓✓
Callum Smith ConsultingFlin's Pressure WashingBlonde by JasAudent MusicYvonne Porta Art
Strict-Transport-Security header active
Browsers are instructed to only ever connect to the site over HTTPS, blocking downgrade attacks.
ISO 27001 A.8.23SOC 2 CC6.6CE Secure Configuration
✗✗✗✗✗
Callum Smith ConsultingFlin's Pressure WashingBlonde by JasAudent MusicYvonne Porta Art
Bot and DDoS protection at the edge
Cloudflare Bot Fight Mode filters automated threats before they reach the origin.
ISO 27001 A.8.20SOC 2 CC6.6CE Firewalls
✓✓✓✓✓
Callum Smith ConsultingFlin's Pressure WashingBlonde by JasAudent MusicYvonne Porta Art
Application Security
Controls that harden the web application itself against common web exploits and abuse.
Clickjacking protection (X-Frame-Options)
The site cannot be embedded in a hostile iframe to trick users into unintended clicks.
ISO 27001 A.8.26SOC 2 CC6.6CE Secure Configuration
✗✗✗✗✗
Callum Smith ConsultingFlin's Pressure WashingBlonde by JasAudent MusicYvonne Porta Art
Form CAPTCHA / bot verification
Contact and lead forms are protected by Cloudflare Turnstile to block spam and credential-stuffing bots (verified manually).
ISO 27001 A.8.26SOC 2 CC6.1CE User Access Control
–––––
Callum Smith ConsultingFlin's Pressure WashingBlonde by JasAudent MusicYvonne Porta Art
Dependency vulnerabilities patched
No known high or critical CVEs in third-party packages used to build the site.
ISO 27001 A.8.8SOC 2 CC7.1CE Security Update Management
✓✓✓✓✓
Callum Smith ConsultingFlin's Pressure WashingBlonde by JasAudent MusicYvonne Porta Art
Data Protection & Secrets
Controls that prevent leakage of credentials, customer data, and ownership of the domain itself.
No exposed credentials in source code
Automated secret scanning confirms no API keys, tokens, or passwords are committed to any repository.
ISO 27001 A.8.24SOC 2 CC6.1CE User Access Control
✗✗✗✗✗
Callum Smith ConsultingFlin's Pressure WashingBlonde by JasAudent MusicYvonne Porta Art
Environment isolation (.env not committed)
Environment variable files containing secrets are excluded from version control via .gitignore.
ISO 27001 A.8.9SOC 2 CC6.1CE Secure Configuration
✓✓✓✓✓
Callum Smith ConsultingFlin's Pressure WashingBlonde by JasAudent MusicYvonne Porta Art
Domain registration valid
Domain ownership is current with comfortable runway before expiry, preventing hijack or downtime.
ISO 27001 A.5.9SOC 2 A1.2
✓✓✓✓✓
Callum Smith ConsultingFlin's Pressure WashingBlonde by JasAudent MusicYvonne Porta Art
Operational Security
Controls that keep the site reachable, observable, and continuously monitored for regressions.
Uptime monitoring
The site responds with HTTP 200 to automated liveness probes.
ISO 27001 A.8.16SOC 2 A1.2
✓✓✓✓✓
Callum Smith ConsultingFlin's Pressure WashingBlonde by JasAudent MusicYvonne Porta Art
Search engine indexability controlled
robots.txt and sitemap.xml are present and correctly configured so search engines index the right pages.
ISO 27001 A.5.34SOC 2 CC6.1CE Secure Configuration
✓✓✓✓✓
Callum Smith ConsultingFlin's Pressure WashingBlonde by JasAudent MusicYvonne Porta Art
Analytics beacon healthy
Cloudflare Web Analytics beacon is firing so traffic and performance can be monitored.
ISO 27001 A.8.15SOC 2 CC7.2
✗✓✓✓✗
Callum Smith ConsultingFlin's Pressure WashingBlonde by JasAudent MusicYvonne Porta Art
Weekly automated audit pipeline
This compliance report is regenerated automatically every week by a scheduled security audit runner.
ISO 27001 A.5.36SOC 2 CC4.1
✓✓✓✓✓
Callum Smith ConsultingFlin's Pressure WashingBlonde by JasAudent MusicYvonne Porta Art
Per-Client Summary
Every client, at a glance
Callum Smith Consulting
callumsmithconsulting.com.au
Uptime
200 OK
SSL
80d
Beacon
—
View timeline
Flin's Pressure Washing
flinspressurewashing.com
Uptime
200 OK
SSL
77d
Beacon
Live
View timeline
Blonde by Jas
blondebyjas.com
Uptime
200 OK
SSL
87d
Beacon
Live
View timeline
Audent Music
audentmusic.com
Uptime
200 OK
SSL
87d
Beacon
Live
View timeline
Yvonne Porta Art
vonportaart.com.au
Uptime
200 OK
SSL
80d
Beacon
—
View timeline
Audit Archive
Every scan, permanently archived
How this audit works
Automated. Repeatable. Archived forever.
Every Saturday at 9:07 AEST, an automated pipeline scans every CSC client site against 13 compliance controls mapped to ISO 27001, SOC 2, and Cyber Essentials. Each scan is archived permanently and published to this dashboard, so every historical audit remains verifiable.
Audit framework references: ISO 27001:2022 · SOC 2 Trust Service Criteria · NCSC Cyber Essentials
Framework references (ISO 27001:2022, SOC 2 Trust Service Criteria, NCSC Cyber Essentials) are used for control mapping only. Callum Smith Consulting is not certified by ISO, AICPA, or NCSC. We follow these frameworks as best-practice baselines.
Last scan: 2026-04-11T11:06:41Z · Next scan: Saturday 18 Apr, 9:07 am
Generated by CSC Security Pipeline v1.0