| Field | Detail |
|---|---|
| Client | LiStDan Finance |
| Assessment Type | GRC Risk Assessment |
| Assessment Period | 18 April 2026 – 18 May 2026 |
| Frameworks Assessed | ISO 27001:2022, NIST CSF v1.1, GDPR |
| Methodology | SHIELD Framework |
| Total Findings | 36 |
| Non-Compliant Controls | 16 |
| Partially Compliant Controls | 20 |
| Critical/High Priority Findings | 22 |
| Deliverables Produced | 12 |
| Engagement Status | Closed — all deliverables delivered 18 May 2026 |
The assessment established that LiStDan Finance carries a LOW overall compliance posture across all three frameworks at the time of assessment, with zero controls fully compliant. The most critical finding domains were GDPR data protection obligations, incident response posture, and access control — all of which represent active exposure, not just future risk.
Despite the compliance gaps, LiStDan Finance had meaningful foundational work in place: a structured risk register, a comprehensive asset inventory, detailed data flow mapping, and vendor risk evaluations across all eight third-party relationships. The assessment produced a phased remediation roadmap that sequences 36 findings across three priority tiers, with clear ownership, timelines, and implementation guidance. All Phase 1 findings are remediable within 30 days with internal resources.