The Findings module is separate from the Audit module. The Audit module is a log for findings identified during formal internal audits. The Findings module is where you manage the full remediation lifecycle.
Finding statuses
Findings move through three statuses:| Status | Description |
|---|---|
| Abierto | Finding registered; no remediation progress yet (0%). |
| En Tratamiento | Remediation is underway (progress 1–99%). |
| Cerrado | Finding resolved; progress is 100% and a closed timestamp is recorded. |
Status transitions are driven automatically by the progress value. Setting progress to 0 sets status to Abierto, any value 1–99 sets En Tratamiento, and 100 sets Cerrado. Clicking the Cerrar button directly sets progress to 100 and status to Cerrado in one action.
Registering a new finding
Complete the finding details
Fill in the required information:
| Field | Description |
|---|---|
| ID | Auto-generated identifier (e.g., HAL-001) |
| Type | NC Mayor, NC Menor, Observación, or OFI |
| Requirement | ISO 27001 clause or subclause reference (e.g., 4.1) |
| Description | Clear description of the finding |
| PAC | Corrective action plan — what will be done to resolve it |
| Responsible | Person or team accountable for resolution |
| Due date | Target completion date (YYYY-MM-DD) |
Updating a finding
As remediation work progresses, update the finding to reflect current status:Update fields
You can update the following fields:
- Progress — Percentage complete (0–100)
- Responsible — Reassign if ownership changes
- Due date — Extend or bring forward the deadline
- PAC — Refine the corrective action description
- Closing evidence — Document or reference to evidence of resolution
Closing a finding
Confirm resolution
Before closing, ensure the corrective action has been implemented and closing evidence is documented.
Add closing evidence
Enter a reference to the closing evidence (e.g., a document ID, test result, or meeting minute) in the Closing evidence field.
Finding lifecycle
Finding types and required actions
| Type | Description | Corrective action required? |
|---|---|---|
| NC Mayor | Major non-conformity | Yes — mandatory corrective action |
| NC Menor | Minor non-conformity | Yes — corrective action required |
| Observación | Observation | Recommended — monitor closely |
| OFI | Opportunity for improvement | Optional |
Findings data reference
Each finding record contains the following fields:| Field | Type | Example |
|---|---|---|
id | string | HAL-001 |
type | string | NC Mayor |
requirementId | string | 4.1 |
description | string | Finding description |
pac | string | Corrective action plan |
responsible | string | Ana García |
dueDate | string | 2025-12-31 |
progress | number | 0–100 |
closingEvidence | string | Evidence reference |
status | string | Abierto | En Tratamiento | Cerrado |
createdAt | ISO date | 2025-01-15T10:30:00.000Z |
Frequently asked questions
What is the difference between Findings and Audit findings?
What is the difference between Findings and Audit findings?
The Audit module is an immutable log of findings identified during formal internal audits. The Findings module is the active corrective action tracker where you manage the full remediation lifecycle — assigning owners, setting deadlines, tracking progress, and recording closure evidence.
How does progress affect Security Metrics?
How does progress affect Security Metrics?
The Tasa de Cierre (closure rate) KPI on the Security Metrics dashboard is calculated from the ratio of closed findings to total findings. Keeping progress updated ensures an accurate picture of your remediation health.
What counts as an overdue finding?
What counts as an overdue finding?
A finding is counted as overdue (Hallazgos Vencidos) when its due date has passed and its status is still Abierto. The Security Metrics dashboard shows a count of overdue open findings.
Can I filter findings by type or status?
Can I filter findings by type or status?
Yes. The PAC tracker table supports filtering by finding type and status to help you focus on the most critical items.