SecPortalSecPortal/Docs
Dashboard

Engagements & Findings

Create engagements to track security assessments and log findings or compliance controls.

Creating an Engagement

Open a client's detail page and use the engagement form. Each engagement requires:

  • Title:e.g., "External Security Assessment - Q1 2026"
  • Type:determines what item types and statuses are available
  • Scope (optional):description of what's in scope
  • Dates (optional):start and end dates

Engagement Types

SecPortal supports the following engagement types:

Penetration Test

Findings with severity ratings and CVSS scores

Vulnerability Assessment

Vulnerability scanning and analysis

Cyber Essentials

UK Cyber Essentials compliance controls

Cyber Essentials Plus

CE Plus with technical verification

ISO 27001 Audit

Information security management controls

SOC 2 Assessment

Service organisation compliance controls

Bug Bounty

Bug bounty programme tracking

Security Review

General security assessments

Adding Findings

Within an engagement, click "Add Finding" to create a new item. For security assessments and vulnerability scans, each finding includes:

  • Title:name of the vulnerability
  • Severity:Critical, High, Medium, Low, or Info
  • Status:Open, Resolved, Closed, etc.
  • Description:detailed vulnerability description
  • Recommendation:remediation guidance
  • CVSS Score:auto-calculated from CVSS 3.1 vector

For compliance engagements (CE, ISO 27001, SOC 2), findings are replaced with controls that have compliance-specific statuses like Compliant, Non-Compliant, Not Assessed, etc.

Finding Templates

SecPortal includes 300+ pre-built finding and control templates. When adding a finding, you can search and select from templates to auto-fill the title, description, severity, and recommendation fields. This saves time on commonly reported vulnerabilities.

Scanner Import

Import findings in bulk from security scanners via CSV:

  • Export findings from Nessus, Burp Suite, or any scanner as CSV
  • Use the "Bulk Import" button on the engagement page
  • Map CSV columns to SecPortal fields
  • Review and confirm the import

Finding Statuses

Findings move through a lifecycle:

Open / Pending:awaiting remediation
Resolved / Compliant:fix verified or control met
Closed / N/A:accepted risk or not applicable

Clients can update remediation status from the portal. Your team then verifies and closes the finding.

Documents

Upload documents to any engagement:reports, evidence files, scope documents, or any other deliverables. Documents are accessible to both your team and clients via the portal. Supported file types include PDF, DOCX, XLSX, images, and more.