QorTrace
LIVE · GENERATED FROM SOURCETRUST CENTER · UPDATED CONTINUOUSLY SERVICE STATUS →

QorTrace maps every operational and platform control we run against SOC 2 Type II, ISO/IEC 27001:2022, NIST CSF 2.0, the EU's DORA, and the FFIEC IT-Examination handbook. The numbers below come straight from our internal GRC console — no marketing layer in the middle.

0%OVERALL MET
·
104CONTROLS MAPPED
·
0POLICIES PUBLISHED
·
8FRAMEWORKS
Download readiness summary (PDF) Request SOC 2 Type II report Talk to Sales

Live, not aspirational

Every percentage on this page is generated from our internal GRC console. We don't "prepare" the numbers for visitors — what you see is what we see.

Versioned policies

Every published policy carries an immutable version number. Diff any two versions to see exactly what changed since the last attestation.

Major frameworks mapped

Controls are mapped to SOC 2, ISO/IEC 27001:2022, NIST CSF 2.0, NIST SP 800-53 Rev. 5, NIST SP 800-171 Rev. 3, EU DORA, and FFIEC — the authorities institutional and federal procurement actually ask for.

Evidence on request

Auditor-grade evidence (SOC 2 Type II reports, ISO certificates, signed attestations) is available under NDA. Email trust@qortrace.com to request the bundle.

POSTURE BY FRAMEWORK

Live control posture

AICPA
SOC 2 Type I
0%
met
MET
0
PARTIAL
0
GAP
12
12 in-scope · 0 N/A
AICPA
SOC 2 Type II
0%
met
MET
0
PARTIAL
0
GAP
12
12 in-scope · 0 N/A
ISO
ISO/IEC 27001:2022
0%
met
MET
0
PARTIAL
0
GAP
10
10 in-scope · 0 N/A
NIST
NIST CSF 2.0
0%
met
MET
0
PARTIAL
0
GAP
22
22 in-scope · 0 N/A
NIST
NIST SP 800-53 Rev. 5
0%
met
MET
0
PARTIAL
0
GAP
17
17 in-scope · 0 N/A
NIST
NIST SP 800-171 Rev. 3
0%
met
MET
0
PARTIAL
0
GAP
14
14 in-scope · 0 N/A
EU 2022/2554
DORA
0%
met
MET
0
PARTIAL
0
GAP
8
8 in-scope · 0 N/A
FFIEC
FFIEC IT-Exam
0%
met
MET
0
PARTIAL
0
GAP
9
9 in-scope · 0 N/A
Live security posture·trust-posture-v1
Action req.Last refreshed just now
  • Audit chain integrity
    10 entries · checked 10
    green
  • Audit cold archive (R2)
    4d since · 1 rows
    red
  • Backup-restore drill
    drill cron registered, first run pending
    yellow
  • Subdomain takeover sweep
    sweep cron registered, first run pending
    yellow
  • Email posture (SPF/DKIM/DMARC)
    yellow
  • Supply chain audit
    first scan pending — CI workflow active
    yellow
  • Edge defence posture
    Calm
    green
  • WAF rules synced
    no sync yet — push from CISO Lair to seed
    yellow
  • Stripe live mode
    sk_test_* detected — switch to sk_live_* before launch
    red
Auto-refreshes every 60 seconds. Refresh interval matches the server-side cache so we never hammer Mongo.
Posture history·posture-history-v1
0%all-green uptime over the last 30 days · 0d green · 2d yellow · 5d red · 23d unknown
Overall
0%
    Audit chain
    23%
    Cold archive
    13%
    Backup drill
    0%
    Subdomain sweep
    0%
    Email auth
    0%
    Supply chain
    0%
    Edge defence
    23%
    WAF sync
    0%
    Stripe live
    0%
greenyellowredunknown7 snapshots · window 30d
EMAIL AUTHENTICATION

Email auth posture

OK
QORTRACE.COMOK
Clean — SPF · DKIM · DMARC verified.1h ago
QORBOM.COMOK
Clean — SPF · DKIM · DMARC verified.1h ago

We monitor our own SPF, DKIM, and DMARC daily so any DNS drift is caught within 24 hours. Why this matters →

DAILY SELF-AUDIT

Freshness self-audit

OK
SUBDOMAIN TAKEOVER SWEEPOK
0 CNAMEs audited · 0 dangling1h ago
ZONES: qortrace.com · qorbom.com
SELF-HEALING WATCHDOGSUNKNOWN
1 watchdog · 0 repairs in last 30d
QORBOM APEX SPF

Two safety nets run every morning: a sweep across every CNAME in our Cloudflare zones (looking for classic subdomain-takeover signatures) and an auto-repair watchdog that re-merges critical DNS records if a third party overwrites them. Findings, if any, are surfaced here within 24 hours. How we do this →

MONTHLY AUDIT DIGEST

Get the monthly compliance posture digest

One email per month. Surfaces every drift in our SPF/DKIM/DMARC posture, every subdomain takeover sweep, and every self-healing repair fired in the last 30 days. Nothing else. Built for audit teams that need a paper trail.

Unsubscribe in one click from any email.
PUBLISHED POLICIES

0 policies attested

Policy library is being prepared. Check back soon.
METHODOLOGY

Each framework's met % is the share of in-scope controls (excluding N/A) marked met by our security team. Controls in the partial state have a remediation owner and a targetSOC 2 follows the AICPA Trust Service Criteria, ISO/IEC 27001 the 2022 Annex A taxonomy, NIST CSF 2.0 the 2024 Cybersecurity Framework (Govern · Identify · Protect · Detect · Respond · Recover), NIST SP 800-53 Rev. 5 the federal control catalog (17 families: AC, AT, AU, CA, CM, CP, IA, IR, MA, MP, PE, PL, PS, RA, SA, SC, SI), NIST SP 800-171 Rev. 3 the CUI protection baseline, DORA the EU 2022/2554 chapter structure, and FFIEC the IT-Examination handbook booklets. QorTrace's cryptographic engines themselves align with NIST PQC: FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA). For a SOC 2 Type II report or a signed compliance receipt, contact trust@qortrace.com.