Security & Compliance
PII exposure · Encryption posture · RBAC · Audit logging · GDPR · SOC 2 · ISO 27001 · HIPAA
3 Critical Findings
Security Score
61
PII Columns
47
Unencrypted PII
18
Audit Logging
32%
RBAC Issues
6
Compliance Framework Scores
SOC 2 Type II
71% — Partial
Details3 open issues: Audit logging gaps · RBAC misconfig · Encryption at rest
ISO 27001
Not targeted
Enable ISO 27001 in scan configuration to assess
HIPAA
Not targeted
Enable HIPAA in scan configuration to assess
Risk Heat Map — PII × Security Control
Tables (rows) × Security controls (cols) · Click cell for details
Encryption
Audit Log
RBAC
Masking
PW Hash
Backup
Pass
Partial
Fail
N/A
PII Column Exposure
18 unencrypted
| Table | Column | PII Type | Encrypted at Rest | Masked | Compliance Risk | Action |
|---|---|---|---|---|---|---|
| customers | Contact | No | No | GDPR Art.25 | Remediate | |
| customers | phone | Contact | No | No | GDPR Art.25 | Remediate |
| users | password_hash | Credential | Yes | Yes | Compliant | — |
| payments | card_last4 | Financial | Yes | Partial | PCI-DSS | Review |
| employees | ssn | Identity | No | No | Critical | Remediate |
Security Posture Radar
RBAC & Access Control Issues
Over-privileged role: analytics_user
Critical
Role has SELECT on PII tables (customers, employees) without row-level security or masking.
Missing audit trail on payments
High
payments table has no INSERT/UPDATE triggers configured for compliance audit.
Public schema accessible by app role
High
app_user role has unrestricted SELECT on all tables in public schema via default privileges.
No row-level security on employees
Medium
HR data visible to all internal roles. RLS policy recommended to restrict by department.