VaultMail — Managed Trust Dashboard

Overview

Compliance Shield Dashboard

VaultMail audit readiness, regulatory controls, review cadence, and continuity posture in one managed workspace.

Archiving & Retention

SEC 17a-4 / FINRA 4511

WORM Locked

Immutable journaling and retention evidence are active across regulated mailboxes.

12/12

Nightly archive seal and retention proofs are attached.

Account Security

SEC Reg S-P Safeguards

MFA Enforced 100%

Privileged access is protected and emergency accounts are under review control.

12/12

All 48 managed users are covered by MFA.

Domain Authentication

Anti-Spoofing

DMARC p=reject

Primary advisory domains are rejecting forged sender traffic by policy.

10/10

Reject posture is active on monitored sender domains.

Continuity Planning

FINRA Rule 4370

Runbook Active

Emergency mailbox access is documented, escrowed, and validated for partner incapacity scenarios.

10/10

Break-glass continuity procedure validated on Apr 18, 2026.

Data Governance

GLBA / Privacy

DLP Active

Sensitive export controls, PII masking, and case approvals are being enforced.

9/12

34 sensitive fields are monitored through governed export paths.

VaultMail Email Risk & Continuity Audit

Audit Readiness Posture

/ 56

Status: AUDIT READY

VaultMail Email Risk & Continuity Audit across archiving, authentication, continuity, and data governance controls.

Last Health ReviewApr 18, 2026VaultMail Governance Team

Next Scheduled ReviewJul 17, 2026Governance Tier

Continuity RunbookSecuredValidated Apr 18, 2026

Regulatory Pillars5/5Archiving, security, continuity, and privacy

56-Point Breakdown

Regulatory Pillar Scores

VaultMail audit scoring by control family

53/56

Archiving & Retention

WORM Locked

12/12

Account Security

MFA Enforced 100%

12/12

Domain Authentication

DMARC p=reject

10/10

Continuity Planning

Runbook Active

10/10

Data Governance

DLP Active

9/12

Quarterly Review

April 2026 schedule and deadlines

Last Health Review

Apr 18, 2026

VaultMail Governance Team

Next Scheduled Review

Jul 17, 2026

Governance Tier

Break-Glass Continuity Runbook

Documented emergency procedure for principal mailbox access when an advisor is incapacitated or otherwise unavailable.

Secured • validated Apr 18, 2026

Quarterly Health Review

VaultMail governance review of archiving, MFA, DMARC, continuity, and DLP controls.

09:30

Continuity Runbook Validation

Confirm emergency mailbox access steps, escrow contacts, and documented approvals.

13:30

KPI

Operational efficiency

3.40

3% from previous weeks

Finished

Protected workflows

85%

+7 protected workflows

Open Calendar Items

1 due today

Weekly Workload

Operational concentration by stream

M365

DLP

CRM

IAM

WORM

Live Feed

Priority events awaiting review

Blocked DMARC Spoofing Attempt (Origin: Russia)

M365 Exchange • 4:14 PM

Quarantined Email — SSN Detected (DLP Rule: PII-003)

M365 DLP • 3:47 PM

Mass Contact Export Blocked — User: j.martinez@smithadvisory.com

Salesforce Shield • 2:22 PM

Suspicious Login Attempt from Unregistered Device (São Paulo, BR)

Azure AD • 6:58 AM

Interactions

M365 Email

Microsoft 365 Compliance and Message Security

Archive sealing, identity review, and spoofing defense all have real drilldowns now, with actions that persist in the workspace and can later be bound to live sources.

Immutable Archive

WORM posture and seal cadence

Records this week

14,832

Archive status

Locked

Identity and Access

MFA posture and break-glass review

MFA

100%

48/48 users compliant

Break Glass

Protected admin accounts

Close break-glass review for April 20

Michelle Choi

Validate dormant mailbox MFA exception

Dann Petty

DMARC Landscape

Spoofing pressure and response posture

Blocked Total

1,247

This Week

Recent Incidents

Containment work with real state changes

Credential harvester neutralized

Contained

Inbound phishing kit URL was detonated and blocked before delivery.

M365 Defender • Apr 21, 3:54 PM

Macro-enabled attachment quarantined

Open

Finance mailbox received a document matching MAL-017 indicators.

M365 DLP • Apr 20, 11:42 PM

Sender alignment drift detected

Open

Forged sender alignment failed against billing alias.

M365 Exchange • Apr 21, 1:15 AM

Break-Glass Sessions

Acknowledge the sessions you have documented so the sidebar and notifications stay honest.

m.chandler@smithadvisory.com

Emergency mailbox rule correction after phishing detonation test.

Approved by Dana Orr

d.orr@smithadvisory.com

Retention tag alignment check.

Approved by System

CRM Governance

Salesforce Governance and Data Protection

Export blocks, audit coverage, and connector status across the CRM estate.

Data Exfiltration

Mass export blocks and queue pressure

Blocked Total

Investigations opened this month

This Month

High-friction events needing follow-up

Audit Controls

History, masking, and approval posture

Field history tracking

History capture is enabled across client profile, holdings, and permissions objects.

Active

PII masking

Sensitive fields are masked in support views and exported only through governed paths.

Active

Manager export approval

Large exports require exception approval tied to business reason.

Partial

Field history

active

PII masking

enforced

Connector Readiness

Connector status and queue depth

Salesforce Shield Events

Connected

Primary event stream for data access and export monitoring.

Queue 12 • 4:18 PM

Field Audit Snapshot

Connected

Nightly capture of field history coverage and retention posture.

Queue 4 • 11:10 AM

Case Annotation Bridge

Degraded

Bi-directional notes sync for investigations and approvals.

Queue 22 • 2:48 PM

Investigations

Blocked exports requiring review and disposition.

j.martinez@smithadvisory.com

In Progress

Mass contact export blocked after threshold of 2,000 records was exceeded.

2,430 records • Apr 21, 2:22 PM

a.chen@smithadvisory.com

Todo

Bulk report download halted while manager approval is pending.

860 records • Apr 20, 9:05 PM

ops-service-account

Done

Automated export matched approved service window and was logged only.

0 records • Apr 20, 4:40 PM

Workspace Defaults

Local defaults for retention, masking, and review settings.

Workspace Preferences

Simulate live activity

Let seeded demo numbers drift slowly so the workspace feels active.

Quiet signals

Prefer subtle activity cues over badges and loud attention states.

Workflow Defaults

Create appointments from calendar actions

Save newly created appointments into the local workspace timeline.

Keep completed tasks in archive

Persist completed actions for future reporting and review.

Threat Intel

Collection, Watchlists, and Triage

Collected sources, watchlisted actors, indicators, and analyst advisories.

Collection Sources

Signals collected today

M365 Defender IOC feed

Every 15 minutes

Connected

Salesforce Shield anomaly feed

Hourly

Connected

Open-source advisory stream

Every 4 hours

Delayed

Watch Actors

Campaigns relevant to this client profile

Silver Lantern

High

Credential phishing cluster targeting wealth advisory inboxes.

Eastern Europe • 18 indicators

Paper Current

Medium

PDF lure campaign using finance workflows as pretext.

LATAM • 9 indicators

Calm Quarry

Low

Opportunistic sender spoofing using misaligned SPF records.

Global • 6 indicators

Indicators

Actionable items ready for acknowledgment

secure-portal-client[.]com

domain

Block domain

185.171.92.14

Watch IP

client-billing@vaultmali-support.com

sender

Add sender block

7b4fc9e2f5d3...

hash

Attach to report

Triage Queue

Recent threat events waiting for acknowledgment or dismissal.

Blocked DMARC Spoofing Attempt (Origin: Russia)

M365 Exchange

Quarantined Email — SSN Detected (DLP Rule: PII-003)

M365 DLP

Mass Contact Export Blocked — User: j.martinez@smithadvisory.com

Salesforce Shield

Suspicious Login Attempt from Unregistered Device (São Paulo, BR)

Azure AD

Advisories

Recent analyst notes and vendor guidance.

Credential-harvester kit now spoofing advisor scheduling portals

Actors are imitating appointment confirmations and archive review requests.

Open-source advisory stream

Sender-alignment bypass attempts rising against finance aliases

New misalignment pattern observed across billing and executive aliases.

M365 Defender IOC feed

Reports

Templates, Runs, and Schedules

Generate reports, review recent runs, and manage recurring schedules.

Templates

Reusable report definitions

SEC 17a-4 Archive Summary

regulatory

Archive integrity, retention, and hold coverage for regulated communications.

M365 Threat Posture Brief

operations

DMARC, phishing, MFA, and break-glass posture in one leadership summary.

CRM Export Governance Pack

executive

Blocked exports, approval drift, and audit-control coverage for client data.

Run History

Queued and completed output

Ready

Queued

Archived

Schedules

Recurring report runs

Regulatory month-end package

Last business day of month

Next run Apr 30, 4:00 PM

Weekly threat posture recap

Every Monday at 09:00

Next run Apr 27, 4:00 PM

Latest Runs

Recent report output and queue status.

SEC 17a-4 Archive Summary - April 2026

Ready

Michelle Choi

18 pages • Apr 21, 1:20 PM

M365 Threat Posture Brief - Week 16

Queued

Dana Orr

12 pages • Apr 21, 4:05 PM

CRM Export Governance Pack - March 2026

Archived

Dann Petty

14 pages • Apr 2, 7:40 PM

Runner State

Current counts for templates, runs, and enabled schedules.

Templates

Total runs

Enabled schedules

Last updated

2:05 AM

Settings

Workspace Configuration and Source Bindings

Workspace controls, connector status, and source bindings.

Color Palette

Named workspace palettes applied through shared visual tokens.

Swap the background wash, glass tint, accent hue, and ambient glow without breaking the dashboard’s layout or interaction styling.

Current Palette

Soft Smoke

A cooler stone palette with enough depth to make the glass feel premium.

Shell Presentation

Choose whether the workspace sits inside a framed stage or fills the canvas.

Full Screen Canvas removes the outer presentation frame while keeping the rounded inner workspace behavior and all saved state intact.

Current Mode

Full Screen

Workspace Preferences

Everything here persists locally

Workspace Preferences

Simulate live activity

Let seeded demo numbers drift slowly so the workspace feels active.

Quiet signals

Prefer subtle activity cues over badges and loud attention states.

Focus mode

Reduce ambient glow and UI motion for review sessions.

Workflow Defaults

Create appointments from calendar actions

Save newly created appointments into the local workspace timeline.

Keep completed tasks in archive

Persist completed actions for future reporting and review.

Connector State

Source adapter status and queues

M365 Mailbox Ingest

Connected

Primary regulated mailbox journaling stream.

Queue 8 • 4:18 PM

Salesforce Shield

Connected

Export monitoring and field-audit evidence.

Queue 5 • 4:02 PM

Threat Advisory Stream

Degraded

Intel advisories and open-source feed normalization.

Queue 14 • 12:30 PM

Environment Snapshot

Current workspace state

Firm

Smith Advisory Partners

Workspace

Trust workspace

Palette

Soft Smoke

Shell mode

Full Screen

Demo pulse

Unread notifications

Binding Map

Binding keys, source adapter names, and seed files used by this workspace.

overview

Sealed archive throughput summary.

Binding Key

overview.metrics.updates

Source Adapter

vaultmail.archive.metrics.sealed_records

Seed File

src/data/seed/overview.ts

overview

Archive run detail items shown in updates drilldown.

Binding Key

overview.updates.archive_runs

Source Adapter

vaultmail.archive.runs

Seed File

src/data/seed/overview.ts

m365

DMARC source clustering and disposition guidance.

Binding Key

m365.dmarc.sources.russia

Source Adapter

m365.dmarc.country_clusters

Seed File

src/data/seed/m365.ts

crm

Blocked export investigations and their follow-up workflow.

Binding Key

crm.exports.mass_export_martinez

Source Adapter

salesforce.shield.export_investigations

Seed File

src/data/seed/crm.ts

threat-intel

Indicators of compromise available for action.

Binding Key

intel.indicators.domain.secure_portal_client

Source Adapter

threatintel.indicators.normalized

Seed File

src/data/seed/threatIntel.ts

reports

Report templates available for generation and scheduling.

Binding Key

reports.templates.sec_17a4

Source Adapter

vaultmail.reports.templates

Seed File

src/data/seed/reports.ts

settings

Connector readiness and live source state.

Binding Key

settings.connectors.m365_ingest

Source Adapter

vaultmail.connectors.status

Seed File

src/data/seed/settings.ts

settings

Presentation mode for framed versus full-screen workspace layout.

Binding Key

settings.workspace.fullscreen_shell

Source Adapter

vaultmail.workspace.presentation.shell_mode

Seed File

src/data/seed/settings.ts

settings

Named workspace palette selection and visual treatment.

Binding Key

settings.workspace.color_palette

Source Adapter

vaultmail.workspace.appearance.palette

Seed File

src/data/seed/settings.ts

interactions

Operational interaction log and next action guidance.

Binding Key

interactions.archive_engine

Source Adapter

vaultmail.operations.archive_engine

Seed File

src/data/seed/interactions.ts