GRC Pilot | Albyanat Technology

Audit Configuration

Evidence Upload

.csv.txt .md.log .json.xlsx .pdf

Sample Evidence Formats

IAM Export (CSV)

username,mfa_enabled,status
admin,no,ACTIVE
alice,yes,ACTIVE
svc-api,no,ACTIVE

Firewall Policy (TXT)

permit ip any any log
deny  tcp 0.0.0.0/0 eq 22
permit tcp 10.0.0.0/8 eq 443

Policy Document (MD)

# Backup Policy
- Daily backups encrypted AES-256
- Offsite replication: enabled
- RTO: 4h, RPO: 24h

Network Config (TXT)

interface GigabitEthernet0/1
 switchport mode access
 spanning-tree portfast

Cloud & Integration Connectors

Integration Setup

☁️

Oracle Cloud Infrastructure

Cloud Platform · IAM + Network

OCI_TENANCY_OCID — Tenancy OCID

OCI_REGION — e.g. me-jeddah-1

OCI_COMPARTMENT_OCID — optional

Collects

IAM users with MFA status

VCN security lists (ingress rules)

Open-to-internet access exposure

🪟

Microsoft 365 / Entra ID

Identity Platform · MFA + Policies

M365_TENANT_ID — Azure Tenant ID

M365_CLIENT_ID — App Registration ID

M365_CLIENT_SECRET — Client Secret

Collects

MFA registration per user

Conditional access policies

Privileged accounts without MFA

🔧

Atlassian Jira

Ticketing · Risk & Change Tracking

JIRA_URL — e.g. https://org.atlassian.net

JIRA_EMAIL — Service account email

JIRA_TOKEN — API token

Collects

Open security & risk tickets

Change management records

Vulnerability remediation status

0%

0