Inside QuickInfra's Compliance Dashboard: How to Read, Act On, and Export Your Security Score

The Compliance Dashboard is one of the most-used sections of the QuickInfra console for teams pursuing security certifications or managing continuous compliance. Here's a detailed walkthrough of how to use it effectively.

The Overview Score

The dashboard opens with six framework score cards: CIS AWS Foundations, SOC 2, HIPAA, PCI-DSS, GDPR, and ISO 27001. Each shows a percentage score — the proportion of applicable controls that currently pass. Green is 85%+, amber is 60-85%, red is below 60%.

Don't treat the score as a final exam result. Treat it as a work queue prioritiser. A SOC 2 score of 72% means 28% of SOC 2-relevant controls have findings that need resolution.

Drilling Into Findings

Click any framework card to see the full list of controls for that framework, each with pass/fail status. Failed controls expand to show:

• The specific check that failed (e.g., "S3 bucket does not have server-side encryption enabled")
• The resource that failed (the specific bucket name, instance ID, or security group)
• The severity (CRITICAL, HIGH, MEDIUM, LOW)
• The remediation path (direct action button or link to the relevant Infrastructure Project)

Prioritisation

QuickInfra's default sort puts CRITICAL findings at the top. Work through CRITICALs first — these are the findings that represent the most immediate security risk or the controls auditors will focus on first. Common CRITICALs include: public S3 buckets, security groups with unrestricted inbound access, root account API usage, and CloudTrail disabled.

Accepting Risk

Not every finding needs to be remediated — some represent accepted business risk with compensating controls. QuickInfra allows you to mark specific findings as "accepted risk" with a justification note, exempting them from the score calculation and producing an accepted risk register for auditors.

Generating Audit Reports

For SOC 2 type II or ISO 27001 audits, go to Compliance → Export Report. Select the framework, the date range (for type II evidence, you typically need a 6-12 month period), and the report format. QuickInfra generates a PDF with compliance scores, individual control results, pass/fail history, and accepted risk entries.

Continuous vs Point-in-Time

Compliance scores update continuously as your infrastructure changes. A resource provisioned at 10am that fails a compliance check will appear in the dashboard by 10:05am. This continuous view is what enables compliance as a daily operational practice rather than a pre-audit scramble.