Submission
Silverpine Litigation Group
Firm metadata
- Firm Administrator (Firm Administrator)
- firmadmin@silverpine.example
- New York
- 5-15 people
- gworkspace
- current · renews 2026-11
- litigation, employment
Posture summary
Findings by control
Governance
- GAP C-01 Written Information Security Program (self-reported)
- GAP C-02 Periodic Risk Assessment (self-reported)
- GAP C-03 Leadership Oversight & Accountability (self-reported)
Identity & Email
- PARTIAL C-04 Multi-Factor Authentication on Email and Identity
- PARTIAL C-05 Privileged Access Separation
- PARTIAL C-06 Email Security Filtering
- GAP C-07 Security Awareness Training & Phishing Simulation
Operational & Technical
- GAP C-08 Managed Endpoint Detection & Response (EDR)
- GAP C-09 Patch & Vulnerability Management
- PARTIAL C-10 Endpoint Encryption
- GAP C-11 Personal Device Access Controls
- PARTIAL C-12 Backup Coverage
- GAP C-13 Backup Isolation & Restoration Testing
- PARTIAL C-14 Data-at-Rest Encryption
- PARTIAL C-15 Joiner/Mover/Leaver Process
- GAP C-16 Acceptable Use & Written Security Agreements
- GAP C-17 Documented Onboarding Security Checklist
- GAP C-18 Vendor Security Due Diligence
- GAP C-19 Vendor Contractual Security Requirements
- PARTIAL C-20 Regulatory Scope Awareness
- GAP C-21 Written Incident Response Plan
- GAP C-22 Continuous Security Monitoring
Material gaps
- GAP C-01 Written Information Security Program
- GAP C-02 Periodic Risk Assessment
- GAP C-03 Leadership Oversight & Accountability
- GAP C-07 Security Awareness Training & Phishing Simulation
- GAP C-08 Managed Endpoint Detection & Response (EDR)
- GAP C-09 Patch & Vulnerability Management
- GAP C-11 Personal Device Access Controls
- GAP C-13 Backup Isolation & Restoration Testing
- GAP C-16 Acceptable Use & Written Security Agreements
- GAP C-17 Documented Onboarding Security Checklist
- GAP C-18 Vendor Security Due Diligence
- GAP C-19 Vendor Contractual Security Requirements
- GAP C-21 Written Incident Response Plan
- GAP C-22 Continuous Security Monitoring
Open-text answers
Q-23 - Who handles IT and security?
Solo IT person, mostly reactive.
Q-24 - Top cybersecurity concern
Worried about ransomware — we don't have a written plan.
Actions
Raw submission JSON
Expand JSON
{
"id": "22222222-2222-4222-8222-222222222222",
"submitted_at": "2026-05-21T13:05:48.000Z",
"schema_version": "1.1.0",
"crosswalk_reference": "framework-system-v2-section-2.md v1.0.2 (content v2.0)",
"email": "firmadmin@silverpine.example",
"firm_name": "Silverpine Litigation Group",
"contact_name": "Firm Administrator",
"contact_role": "Firm Administrator",
"firm_size": "small",
"state": "NY",
"practice_areas": [
"litigation",
"employment"
],
"email_platform": "gworkspace",
"insurance_status": "current",
"insurance_renewal": "2026-11",
"answers": {
"Q-01": "most",
"Q-04": "native_only",
"Q-23": "Solo IT person, mostly reactive.",
"Q-24": "Worried about ransomware — we don't have a written plan."
},
"scores_by_control": {
"C-01": "GAP",
"C-02": "GAP",
"C-03": "GAP",
"C-04": "PARTIAL",
"C-05": "PARTIAL",
"C-06": "PARTIAL",
"C-07": "GAP",
"C-08": "GAP",
"C-09": "GAP",
"C-10": "PARTIAL",
"C-11": "GAP",
"C-12": "PARTIAL",
"C-13": "GAP",
"C-14": "PARTIAL",
"C-15": "PARTIAL",
"C-16": "GAP",
"C-17": "GAP",
"C-18": "GAP",
"C-19": "GAP",
"C-20": "PARTIAL",
"C-21": "GAP",
"C-22": "GAP"
},
"score_counts": {
"pass": 0,
"partial": 8,
"gap": 14,
"total_scored": 22
},
"visible_questions": [],
"status": "reviewing",
"internal_notes": "High-need lead. Schedule walkthrough for next week.",
"deleted_at": null
}