Capability Posture
Capability Posture gives you a KSI-aligned view of how well your organisation has implemented security across 11 pre-defined capability themes. Where the Dashboard shows aggregate compliance metrics, Capability Posture breaks implementation down by strategic security domain—making it easy to identify exactly which areas need attention and how they relate to one another.
Accessing Capability Posture
Section titled “Accessing Capability Posture”Navigate to Overview → Capability Posture in the left sidebar. The feature is available to all users with access to your organisation.
The Theme Grid
Section titled “The Theme Grid”The main view presents all 11 capability themes as a grid of cards. Each card gives you an at-a-glance summary for that theme.
Card Anatomy
Section titled “Card Anatomy”Each theme card contains:
| Element | Description |
|---|---|
| Theme icon + name | Identifies the capability theme |
| KSI badge | Tags the card with its Key Security Indicator alignment |
| Posture percentage | Colour-coded implementation score (see below) |
| Maturity level badge | Overall maturity rating from L0 to L5 |
| Status bar | Visual distribution of the 8 implementation statuses across your controls |
| Control count | ”X of Y controls” — scoped controls vs. total in the theme |
| At Risk badge | Appears when one or more controls have an At Risk status |
Posture Colour Coding
Section titled “Posture Colour Coding”The posture percentage is colour-coded to signal health at a glance:
| Colour | Range | Meaning |
|---|---|---|
| Green | ≥ 70% | Strong implementation — on track for audit readiness |
| Amber | 40–69% | Partial implementation — requires attention |
| Red | < 40% | Significant gaps — immediate action recommended |
Understanding Posture Scores
Section titled “Understanding Posture Scores”The posture percentage for each theme is calculated as:
Posture % = (Monitored + Implemented) ÷ (Scoped Controls − Not Applicable) × 100
This means:
- Controls marked Not Applicable are excluded from the denominator — they do not count against or towards your score.
- Only controls that are fully Implemented or actively Monitored contribute to the numerator.
- Controls that are In Progress, Not Started, At Risk, or Deferred do not count as implemented.
This formula ensures your posture score reflects genuine implementation rather than planned or partial work.
Implementation Statuses
Section titled “Implementation Statuses”Every scoped control within a theme carries one of eight implementation statuses:
| Status | Meaning |
|---|---|
| Monitored | Control is implemented and actively monitored for compliance |
| Implemented | Control is fully implemented and operational |
| Ready for Review | Implementation is complete and awaiting formal review |
| In Progress | Implementation is actively underway |
| Not Started | Control has been scoped but no implementation work has begun |
| At Risk | Implementation is behind schedule or has identified issues |
| Not Applicable | Control does not apply to your organisation’s environment |
| Deferred | Implementation has been intentionally postponed |
Only Monitored and Implemented statuses contribute to your posture percentage.
Maturity Levels
Section titled “Maturity Levels”Each theme and individual control carries a maturity level from L0 to L5:
| Level | Label | Description |
|---|---|---|
| L0 | Not Assessed | No maturity assessment has been performed |
| L1 | Initial | Ad-hoc processes with no formal procedures in place |
| L2 | Developing | Basic procedures exist but are inconsistently applied |
| L3 | Defined | Processes are documented and standardised across the organisation |
| L4 | Managed | Processes are measured, monitored, and actively managed |
| L5 | Optimised | Continuous improvement is embedded; metrics drive decisions |
The maturity badge on each theme card represents the average maturity across that theme’s scoped controls.
Exploring a Capability Theme
Section titled “Exploring a Capability Theme”Click any theme card to open the detail view for that theme.
Key Stats Panel
Section titled “Key Stats Panel”The top of the detail view displays a summary panel:
| Stat | Description |
|---|---|
| Scoped | Total controls scoped to this theme |
| Total | All controls available in this theme (scoped and out-of-scope) |
| Posture % | The calculated posture score using the formula above |
| Maturity | Aggregate maturity level for this theme |
Status Distribution
Section titled “Status Distribution”Below the stats panel, a breakdown shows how your controls are distributed across the 8 implementation statuses. This helps you understand the composition of your current posture — for example, whether amber is driven by many “In Progress” controls (nearing completion) or many “Not Started” controls (work yet to begin).
Controls Table
Section titled “Controls Table”The detail view includes a paginated table of every scoped control in the theme:
| Column | Description |
|---|---|
| SCF ID | Unique identifier for the control in the SCF framework |
| Name | Full control name |
| Domain | The control domain it belongs to |
| Status | Current implementation status |
| Maturity | Current maturity level |
| Relevance | How central this control is to the capability theme |
Pagination: The table defaults to 50 controls per page. You can increase this to a maximum of 200 controls per page using the page-size selector. Use the navigation controls to move between pages.
Interpreting Your Posture
Section titled “Interpreting Your Posture”Red Posture (< 40%)
Section titled “Red Posture (< 40%)”A red posture indicates significant implementation gaps. Recommended actions:
- Open the theme detail view and sort controls by Not Started status to identify the largest unstarted block.
- Prioritise controls with the highest number of framework mappings — these have the widest compliance impact.
- Set implementation statuses to In Progress as work begins to make progress visible.
- Review controls marked At Risk first — these may be blocking other downstream controls.
Amber Posture (40–69%)
Section titled “Amber Posture (40–69%)”An amber posture means partial implementation is in place. Recommended actions:
- Focus on controls currently In Progress or Ready for Review — moving these to Implemented has the fastest impact on your score.
- Review Deferred controls and reassess whether deferral is still appropriate given your audit timeline.
- Ensure Not Applicable markings are accurate — incorrectly marked controls inflate your excluded denominator.
Green Posture (≥ 70%)
Section titled “Green Posture (≥ 70%)”A green posture indicates strong implementation and is a positive signal for audit readiness. At this stage:
- Confirm that Implemented controls have associated evidence to support audit claims.
- Review maturity levels — a green posture with low maturity (L1–L2) may still attract auditor scrutiny.
- Monitor At Risk badges — a single at-risk control can undermine an otherwise strong posture.
Best Practices
Section titled “Best Practices”- Review Capability Posture weekly during active compliance programs to track momentum.
- Use the theme grid as a prioritisation tool — address red themes before amber, and ensure no theme sits at L0 maturity before an audit.
- Cross-reference with Risk Management — high-risk items with low capability posture represent compounded exposure.
- Brief executives using theme cards — the colour-coded grid communicates compliance health without requiring technical detail.
- Replace placeholder banner — the banner image on this page uses a default placeholder. Ask your platform administrator to upload a
capability-posture.pngto the banners directory when a custom image is available.
Related Guides
Section titled “Related Guides”- Dashboard Overview — Aggregate compliance metrics and KPIs
- Core Features — Control scoping, implementation statuses, and maturity management
- Risk Management — Link capability gaps to your risk register
- AI Integration (MCP) — Query capability posture data via AI assistants