REM-001highin progress
Due: 2026-06-30
Establish formal MFA enforcement for all admin accounts
Owner: EngineeringSource: self assessment (CTL-003)Opened: 2026-04-01
Supabase Auth MFA to be enabled for all admin users. Policy updated to require MFA.
REM-002mediumin progress
Due: 2026-07-31
Complete formal RTO/RPO target definition
Owner: Engineering LeadSource: policy review (POL-004)Opened: 2026-04-01
BC summary drafted. Need to define specific RTO and RPO targets and validate with Supabase backup SLAs.
REM-003mediumopen
Due: 2026-08-31
Conduct first formal tabletop incident response exercise
Owner: Engineering LeadSource: self assessment (CTL-007)Opened: 2026-04-01
IRP documented. Tabletop exercise to validate procedures with key stakeholders.
REM-004mediumopen
Due: 2026-09-30
Implement formal risk assessment methodology
Owner: Engineering LeadSource: self assessment (CTL-014)Opened: 2026-04-01
Initial risk inventory in progress. Need to select and document a formal risk methodology.
REM-005lowopen
Due: 2026-10-31
Evaluate and implement SAST tooling in CI/CD pipeline
Owner: EngineeringSource: self assessment (CTL-011)Opened: 2026-04-01
Evaluate options: GitHub CodeQL, Semgrep, or similar. Prioritize based on SOC 2 readiness timeline.