ICP 2: Compliance Executive - Compliance Maturity Assessment

Thank you for taking the time to complete this assessment. Your insights will help us understand the compliance challenges facing technology executives managing multiple regulatory frameworks across security, privacy, and operational resilience.

This assessment takes approximately 12–18 minutes. All responses are confidential.

Your Contact Details

Name *

Please enter your name

Email Address *

Please enter a valid email address

Position / Title

Organisation

Section A: Your Organisation

1.What best describes your role? *

Chief Information Security Officer (CISO)
Head of Compliance / GRC
VP Security / Risk
Data Protection Officer (DPO)
Business Continuity Manager
Other:

Please select your role

2.How large is your organisation? *

Please select your organisation size

3.What industry sector does your organisation operate in?

4.Which compliance frameworks does your organisation currently manage?

Select all that apply

5.How many separate compliance frameworks does your team manage simultaneously?

Section B: Current Compliance Challenges

6.Rate the severity of each challenge in your compliance operations:

1 = Not a Problem, 2 = Minor, 3 = Moderate, 4 = Significant, 5 = Critical

Challenge	1	2	3	4	5
Framework fragmentation — separate documentation with massive duplication
Audit preparation burden — weeks of effort pulling evidence across domains
Privacy by design gaps — GDPR Article 25 not embedded in development
Operational resilience gaps — business continuity not embedded in SDLC
Maturity invisibility — cannot quantify compliance progress for the board
Disconnected stakeholder ownership — unclear RACI across CISO, DPO, BCM

7.How much time does your team spend on audit preparation annually?

Less than 2 weeks total
2–4 weeks
1–3 months
3+ months

8.What percentage of your compliance work is reactive versus proactive?

Mostly reactive (70%+ responding to findings)
More reactive than proactive (50–70%)
Roughly balanced
More proactive than reactive
Mostly proactive with embedded compliance

9.How do you currently demonstrate compliance maturity to your board or executive team?

We cannot quantify it currently
Manual reports and spreadsheets
Separate reporting per framework
Unified dashboard with cross-framework maturity scoring

Section C: Privacy & Operational Resilience

10.How does your organisation currently implement GDPR Article 25 (privacy by design)?

Not systematically addressed
Legal/DPO review late in the development cycle
Manual checklists or guidelines for developers
Embedded in SDLC with automated DPIAs and tooling

11.Is your organisation subject to operational resilience requirements?

Yes — FCA PS21/3 (UK financial services)
Yes — DORA (EU financial services)
Yes — both FCA PS21/3 and DORA
Yes — other regulator
No current mandate
Not yet, but expecting requirements soon

Section D: Platform Capabilities

12.Rate how valuable each capability would be for your compliance operations:

1 = Not Valuable, 2 = Slightly, 3 = Moderately, 4 = Very, 5 = Essential

Capability	1	2	3	4	5
Automated cross-framework mapping (ISO 27001/27701/22301, SOC 2, NIST)
Privacy by design automation (DPIAs, data minimisation, GDPR Article 25)
Operational resilience integration (FCA PS21/3, DORA, business continuity)
Executive-ready maturity dashboards for board presentation
Evidence reuse and automated collection across all compliance domains
Continuous maturity scoring translating compliance into strategic metrics

13.How would you react to a 50% reduction in redundant compliance documentation through automated cross-framework mapping?

Game-changer — would transform our compliance operations
Impressive — would want to validate with our framework set
Sceptical — our frameworks are too different for automated mapping
Not directly relevant — our duplication is minimal

14.How important is it that compliance positions you as a strategic leader rather than just an administrator?

Critical — governance should be a business differentiator
Important — I want executive recognition for compliance excellence
Secondary — audit readiness is my primary focus
Not a priority — I just need to pass audits

Section E: Expansion & Future Requirements

15.Are you planning to pursue additional certifications or enter new regulated markets?

Select all that apply

ISO 27701 (Privacy Information Management)
ISO 22301 (Business Continuity)
DORA compliance
NIS2 compliance
New regulated markets
No expansion plans currently

16.What is the most significant compliance risk on your horizon?

Section F: Solution Fit

17.Based on what you know about Trusted Path, rate your agreement with each statement:

1 = Strongly Disagree, 2 = Disagree, 3 = Neutral, 4 = Agree, 5 = Strongly Agree

Statement	1	2	3	4	5
This addresses the compliance challenges in my organisation
The efficiency metrics (50% redundancy reduction) are credible and meaningful
A unified platform across security, privacy, and resilience compliance is valuable
This would position compliance as a strategic differentiator for our organisation
I would be willing to participate in a compliance gap analysis
I would recommend this internally if it delivers proven compliance value

18.What concerns would you have about adopting a unified compliance platform?

19.What would be the ideal next step for you?

Comprehensive compliance gap analysis
Executive presentation with maturity dashboard and ROI
Framework mapping visualisation demo
Pilot deployment for one audit cycle
Stakeholder alignment session (CISO, DPO, BCM)
Not interested at this time

20.Is there anything else you'd like to share about your compliance challenges or governance priorities?

Thank you for completing this assessment.

Your insights will help us deliver solutions that turn compliance from an obligation into a strategic differentiator.