Tenacy

Security audits (such as pentests, architecture reviews, and compliance checks) are essential for identifying vulnerabilities and areas for improvement in any information system. But detecting issues is only part of the challenge — you also need to centralize findings, manage remediation actions, and track progress over time. This is exactly what Tenacy enables, with a structured approach built around: Gap Registers, Action Plans, and Monitoring Dashboards.

Every audit can be formalized in Tenacy using a gap register, which centralizes all findings and their remediation process.

🔎 For a detailed guide on setting up your register (adding entries, assigning users, linking action plans, etc.), please refer to <a href="#">this article on non-conformity management in Tenacy</a> (link to be inserted).

___________________________________________________________

Let’s say a pentest conducted on your web platform reveals several vulnerabilities:

- Misconfigured TLS
- A cross-site scripting (XSS) flaw
- Improper password storage

You create a gap register titled “Pentest Audit – May 2025”, and assign your SecOps team as owner.

💡 You can immediately link an action plan to this register to document all remediation measures (see Step 2).

From the register, create each identified gap by specifying:

The impacted perimeter (e.g., web app, infrastructure, endpoints)

Optionally, a gap group for better reporting (e.g., “Critical Vulnerabilities”, “GDPR Non-Compliance”)

- A clear description
- The impacted perimeter (e.g., web app, infrastructure, endpoints)
- The severity/criticality
- Optionally, a gap group for better reporting (e.g., “Critical Vulnerabilities”, “GDPR Non-Compliance”)

Step 1.2 – Link Gaps to Your Policy Measures

Within each gap, you can associate relevant security policy measures (e.g., “strong authentication”, “application security”).

👉 This helps assess the impact on your overall compliance, and clearly demonstrates where improvements are being made.

To address and track remediation efforts, create an action plan register from the Action Plans tab. You can then link each action directly to its related gap from the “Actions” tab within the gap view.

Implement salted password hashing on the backend

- Fix the vulnerable script
- Enforce TLS 1.2+
- Implement salted password hashing on the backend

💡 This ensures full traceability between identified issues and corrective actions.

Once actions are linked, you’ll find them under the Action Plan tab, where you can group and organize them as needed.

To track the progress of gap remediation, create a custom dashboard with the following features:

Visibility: Public (for extended project teams) or private (e.g., only for the CISO)

Time window: Allows you to view historical data (e.g., past 6 months)

Organization: Structured into sections (e.g., audits, critical gaps) and blocks (e.g., remediation rates, open vs. closed gaps)

- Visibility: Public (for extended project teams) or private (e.g., only for the CISO)
- Time window: Allows you to view historical data (e.g., past 6 months)
- Organization: Structured into sections (e.g., audits, critical gaps) and blocks (e.g., remediation rates, open vs. closed gaps)

🔎 You can refer to <a href="https://help.tenacy.io/en/articles/281077-create-a-dashboard-for-tracking-audits-and-gaps">this article to learn how to build dashboards for audit and gaps tracking. </a>

Manage your audits in Tenacy

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

Manage your audits in Tenacy

Create a Gap Register

Use Case: Pentest Audit

Step 1.1 – Add and Qualify the Gaps

Step 1.2 – Link Gaps to Your Policy Measures

Create and Link an Action Plan

Monitor with a Custom Dashboard