Decision Packet · v1.0
Q2 2026 — Crown-Jewel Risk Disposition
Situation
Risk & Impact
Recommendation
Evidence
| Artifact | Hash | Status | Detail | Captured |
|---|---|---|---|---|
| Asset inventory snapshot — 487 endpoints | #a3f8e1b2 | verified | — | |
| Control mapping cross-walk — 93 controls | #b7c4d9e0 | verified | — | |
| Vendor SOC-2 attestation — current | #c9d0e2f1 | pending | Refresh window opens 2026-05-12; vendor confirmed window… | |
| Vendor SOC-2 attestation — secondary processor | #d2e3f4a5 | pending | — | |
| Residual-risk model — revenue-at-risk | #e1f2a3b4 | verified | — | |
| Patch cycle #38 — CAB queue position | #f3a4b5c6 | overridden | — | |
| Overridden per compensating-control narrative — see attached | ||||
| Penetration test report — Q1 follow-up | #a5b6c7d8 | stale | — | |
| Prior packet audit trail — pkt_2026-01-09_b8c4e2 | #b6c7d8e9 | verified | — | |
Approval Chain
- Chief Information OfficerM. AlvarezSigned 2026-04-17T14:08:11Z
- Chief Information Security OfficerJ. ParkSigned 2026-04-17T14:18:42Z
- Chief Compliance Officer—Pending signatureAwaiting vendor SOC-2 refresh — window opens 2026-05-12