The Practice Console

Run a dozen programs.
From one console.

You run security for a dozen companies. Stop re-deriving the same status across a dozen spreadsheets. The Practice Console puts every client's program in one place, and Hudson keeps each one moving.

A dozen clients means a dozen spreadsheets. Status gets re-derived by hand the night before every QBR, and the program that's slipping hides in a tab no one opened. The Practice Console keeps every client's program live in one place, with Hudson surfacing the one that needs you today.

Hudson writes the risk story
for every program.

Risk stories3 programs need attention
NovaPayC

NovaPay still has four critical findings open, and its security program is below where it should be (2.7 out of 5). Detection and response are the weakest areas, and nothing has improved in the last 30 days. This one needs attention before the next client review.

Review findingsRaise concern
Vireo Health SystemsD

Vireo Health is going backwards. Its program slipped 0.3 points in the last month to 2.4 out of 5, with two criticals still open. Every area is weak in the same way, so this is a broad capability gap, not a one-off — worth getting ahead of now.

Review findingsRaise concern

Hudson reads every assessment, finding, trend and peer benchmark, then writes a plain-English risk story for each program, so a QBR narrative is ready before you open the deck.

What each story reads Maturity baseline Open criticals Peer benchmarks 30-day trend

Every client's program, side by side.

Client book11 active programs
N
NovaPayFintech · SOC 2
2.8▼ 0.3Needs you
V
Vireo HealthHealthtech · HIPAA
2.4▼ 0.3Needs you
L
LoomyardSaaS · ISO 27001
3.9▲ 0.2Healthy
C
Cedar TrustBanking · CIS v8
3.2▲ 0.3Healthy
H
HapworthLogistics · NIST CSF
3.6▲ 0.1On track

Every client's program on one screen: maturity, trend, open criticals and audit status, side by side. Hudson sorts by what's slipping, so the client that needs you today is already at the top.

One view shows Normalized maturity 30-day trend Open criticals Audit status
Go deeper on any signal.
Risk Movers30d
Improving
CE
Cedar Trust Bank2.9 → 3.2
+0.3
Degrading
VI
Vireo Health Systems2.7 → 2.4
–0.3
NP
NovaPay3.0 → 2.8
–0.2

Who moved, this month

Risk movers surface the programs improving and degrading fastest, so momentum is visible at a glance.

Framework coverage5 clients
ClientNISTISOCISSOC 2
LLoomyard94%88%81%96%
HHapworth86%79%68%90%
CCedar Trust78%64%61%82%
NNovaPay41%22%30%52%

Coverage, every framework, every client

One matrix of how far each client has gotten on every framework they're held to, so the gaps stand out.

Action Queue · Findings15 overdue
N
No documented offline backup testNovaPay
71d
L
No documented backup recovery runbookLoomyard
66d
N
DMARC policy at p=noneNovaPay
61d
V
Backup restore untested in 14 monthsVireo Health
55d

The overdue work, across the book

Every overdue finding from every client in one queue, ranked by age, so nothing rots in a client's backlog.

External attack surfacemonitor only
L
LoomyardUpdated 3d ago · Monitor only
86
SSLB
HeadersA+
DNSA+
EmailB
No threats detected
62 subdomains26 ports

Watch the book from the outside in

Continuous external scans on every program: SSL, headers, DNS, email and breach signals, scored and tracked.

The assessment
that writes itself.

Walk any program's framework out loud. Command transcribes the conversation, drafts the status and maturity for every control, and pulls the evidence, so you review instead of type.

NovaPay · SOC 2 assessmentLiveCC6.1 · Access controls
Transcribing live · 14:32REC
Analyst
How do you manage and review access to production systems?
Client · CISO
Access is provisioned through Okta with role-based groups, and we run a quarterly access review with system owners.
Analyst
Is the quarterly review documented anywhere?
Client · CISO
Yes, the Q2 review is signed off in Command with the owner attestations
Hudson · drafting from the conversation
Access is provisioned via Okta with role-based groups; a quarterly access review is performed with system owners and signed off in Command with owner attestations.
Suggested status
Met
Maturity
4.0
Q2 Access Review.pdfevidence pulled
Watch the report draft itself from the conversation
Hudson · one analyst, every client

Hudson works the whole book.

One Hudson across every client: it drafts assessments and policies, investigates findings, plans remediation, and tells you which program needs you today, and always asks before it acts. Reach it anywhere with ⌘K.

See how Hudson works

Run your whole book in Command.

One note when the Practice Console is live, or reach out for a look before then. We'll walk through your client book and what running it in Command looks like.