CFAS — Compliance Framework Assessment Software

Workspace · FY26-27 · IRDAI 2026

Dashboard

PROGRESS

1,142

Items Assessed

SCORE

847

Earned Points

TARGET

1,240

Max Possible

COMPLIANCE

68.3%

Overall Gap

POPULATION

1,240

Total Items

Overall Maturity

FY26-27

68.3%

<60% Material Gap 60-85% Maturing ≥85% Audit-Ready

Status Breakdown

COMPLIANT

847

68.3% of total

PARTIAL

263

21.2% — evidence needed

NON-COMPLIANT

98

7.9% — remediation

NOT APPLICABLE

32

2.6% — exceptions

Domain Heatmap

Dashboard · Maturity

Maturity Assessment

Maturity at a glance

68.3%

Maturing (60-85%)

Click any segment to drill into items.

How we measure — scoring methodology

Each of 1,240 IRDAI items is scored 0-2. Maturity % = (earned points ÷ max points) × 100. N/A items excluded from denominator.

Status	Score	Criteria
Compliant	2 / 2	Policy/procedure exists AND artefact evidence exists AND both auditee remarks describe design + effectiveness.
Partial	1 / 2	One side present (policy OR artefact) but not both. Or artefacts stale (>12 months) or covering only a subset.
Non-Compliant	0 / 2	No policy AND no operating evidence. Must appear on remediation tracker with target date.
N/A	excluded	Requirement does not apply to PIBL's business or product mix. Auditee Remarks must carry the justification.

Maturity bands — FY26-27

Current

68.3%

<60% Material Gap 60-85% Maturing ≥85% Audit-Ready

Year-on-year trend

External benchmarking — how PIBL compares to peer Indian insurance brokers + ISO 27001 industry

How the refresh works — every number traceable: Clicking Refresh benchmarks calls public sources (IRDAI annual returns, BSI ISO 27001 industry report, Bureau Veritas peer studies). Each row in the comparison shows the live source URL, vintage date, and how the % was computed.

Last fetch: never

Advanced search — filter items, see maturity for the filtered subset

Same Advanced Search component as the items list, scoped to recompute maturity for whatever subset you select. Useful for asking "what if we exclude N/A items?", "what is the maturity for domain G09 only?", "where do all Partial items stand on average?".

Keyword

Status

Domain (G01-G34)

Clause Ref Prefix

All items 🔴 Critical only 🟡 Partial only 🟢 Compliant only Exclude N/A

Dashboard · Domain Heatmap

Domain Heatmap

All 34 IRDAI domains, colour-coded by current maturity. Click any tile to open the domain in a popup showing only its items — without leaving this page. Numbers recalculate live when you save in the working panel.

34 IRDAI Domains — colour by maturity band

Severity ranking — domains needing most attention

Sorted by share of Non-Compliant + Partial items. Top = highest remediation priority. Click to open in popup.

Assessment · Frameworks

Choose a framework

Click a framework to open its assessment list. Click + Add framework (Admin Area) to add ISO 27001:2022, DPDP, DGPSI, or a Prudent-defined framework.

📑

IRDAI Apr 2026 Guidelines

Information & Cyber Security · Ver 2.0

1,240line items

34domains

68.3%compliant

🛡

ISO 27001:2022

Information Security Management

93controls

—Not loaded

🔒

DPDP Act

2023 · notified 2025

47line items

—Not loaded

Assessment · Frameworks · change

IRDAI Apr 2026 Guidelines

Personal · My notes

📝 Notes

My folders

📂All notes 0

🔒Private 0

👥Shared 0

🗑Trash 0

All notes

—

Admin Area · User Management

Users & roles

Only members of the ITS-Group Entra group can be added. ITS-Admin members appear with the Admin badge — managed only in Entra.

Name	UPN	Per-app role	Assigned by	Last login	Actions

Admin Area · Framework Admin

Compliance frameworks

Framework	Version	Items	Active	Last updated	Actions

Admin Area · Audit Log

In-app audit log

Two views: User & Login Events on one side; Data Changes (Add / Edit / Delete / Modify) on the other. Tamper-proof platform audit lives in Microsoft Purview.

Timestamp (UTC)	Actor	Event	Target	Result

Timestamp (UTC)	Actor	Action	Target	Before → After

Admin Area · Settings

Application settings

General

SharePoint site URL

Production library path

Default FY on launch

Workspace · My profile

My profile

??

—

Profile is read-only. Identity and group membership are managed in Entra ID by ITS-Admin.