Skip to main content
Panguard Report evaluates your security posture against three compliance frameworks. Each framework defines a set of controls that are assessed as Compliant, Partially Compliant, Non-Compliant, or Not Assessed.

ISO 27001

ISO/IEC 27001 is the international standard for Information Security Management Systems (ISMS). Panguard evaluates 30 controls across the Annex A control domains.

Control Domains

DomainControlsDescription
A.5Information Security PoliciesPolicy documentation and review
A.6Organization of Information SecurityInternal organization and mobile/remote work
A.7Human Resource SecurityPrior to, during, and termination of employment
A.8Asset ManagementInventory, classification, and media handling
A.9Access ControlBusiness requirements, user management, system access
A.10CryptographyEncryption policy and key management
A.11Physical SecuritySecure areas and equipment
A.12Operations SecurityProcedures, malware protection, backup, logging, patching
A.13Communications SecurityNetwork management and information transfer
A.14System DevelopmentSecurity in development and support processes
A.15Supplier RelationshipsInformation security in supplier agreements
A.16Incident ManagementEvent reporting, response, and lessons learned
A.17Business ContinuityContinuity planning and verification
A.18ComplianceLegal, contractual, and review requirements

How Panguard Maps Findings

Scan FindingISO 27001 Control
Weak password policyA.9.4 — System and application access control
Missing encryptionA.10.1 — Cryptographic controls
Unpatched CVEsA.12.6 — Technical vulnerability management
Open unnecessary portsA.13.1 — Network security management
No firewall enabledA.13.1 — Network security management
Excessive file permissionsA.9.1 — Business requirements of access control

SOC 2

SOC 2 (System and Organization Controls 2) evaluates organizations against 5 Trust Services Criteria. Panguard focuses on the Security criterion with extensions into Availability and Confidentiality.

Trust Services Criteria

CategoryCriteria IDDescription
SecurityCC1Control environment
CC2Communication and information
CC3Risk assessment
CC4Monitoring activities
CC5Control activities
CC6Logical and physical access controls
CC7System operations
CC8Change management
AvailabilityA1Availability commitments and system requirements
ConfidentialityC1Confidential information identification and protection

How Panguard Maps Findings

Scan FindingSOC 2 Criteria
No monitoring enabledCC4.1 — Ongoing monitoring
Weak access controlsCC6.1 — Logical access security
Missing patch managementCC7.1 — Infrastructure management
No incident responseCC7.3 — Incident response
Unencrypted dataC1.1 — Confidential information protection

Taiwan Cyber Security Act (TCSA)

The Taiwan Cyber Security Management Act (TCSA) is the primary cybersecurity regulation for organizations operating in Taiwan. Panguard evaluates 10 control areas.

Control Areas

ControlChinese NameDescription
Security PolicySecurity PolicyCybersecurity management policy documentation
Access ControlAccess ControlSystem access rights management
Encryption ManagementEncryption ManagementData encryption mechanisms
Physical SecurityPhysical SecurityPhysical environment protection
Operations SecurityOperations SecurityDay-to-day operational security management
Communications SecurityCommunications SecurityNetwork communication security
System DevelopmentSystem DevelopmentSecure development practices
Supplier ManagementSupplier ManagementSupply chain security management
Incident ManagementIncident ManagementCybersecurity incident handling procedures
Business ContinuityBusiness ContinuityBusiness continuity planning

Bilingual Report Support

TCSA reports are fully supported in Traditional Chinese: 
panguard report generate \
  --framework tw_cyber_security_act \
  --language zh-TW \
  --org "Your Company" \
  --output-dir ./reports

Control Assessment Statuses

Each control is evaluated and assigned one of four statuses:
StatusMeaningColor
CompliantControl requirements are fully metGreen
Partially CompliantSome requirements met, gaps remainYellow
Non-CompliantControl requirements are not metRed
Not AssessedInsufficient data to evaluateGray
Panguard Report automatically maps scan findings to framework controls. Running panguard scan before generating a report provides the most accurate compliance assessment.