--- title: "Step 6 - Prove the Progress" slug: "step-6-prove-the-progress" updated: 2025-06-06T20:23:10Z published: 2025-06-06T20:23:10Z canonical: "help.nucleussec.com/step-6-prove-the-progress" --- > ## Documentation Index > Fetch the complete documentation index at: https://help.nucleussec.com/llms.txt > Use this file to discover all available pages before exploring further. # Step 6 - Prove the Progress You’ve prioritized, automated, and handed off work for remediation. But to truly *mature* your vulnerability management program, you need to **show your impact**—clearly, consistently, and with metrics that drive decisions. Nucleus helps you move beyond simple counts of “open” vs. “closed.” It gives you the tools to measure how fast you’re reducing risk, where progress is happening (or stalled), and how that aligns with your business priorities. --- ## 📈 What to Track (and Why It Matters) ### Metrics Your CISO Actually Cares About | Metric | What It Tells You | | --- | --- | | **MTTR (Mean Time to Remediate)** | Are we fixing critical vulnerabilities fast enough? | | **SLA Adherence** | Are teams remediating within policy? | | **Risk Reduction Over Time** | Are our efforts driving real exposure reduction? | | **Top Active Risks** | What’s currently putting us in the most danger—by volume, users, or business impact? | | **Open vs. Resolved Trends** | Where is risk getting addressed—and where is it lingering? | These metrics turn vulnerability management from a technical task into a **risk-informed decision-making engine**. --- ## 💡 How Nucleus Makes Reporting Easy ### 1. **Executive Trends Page** Track program health and velocity: - SLA compliance by business unit - MTTR across different risk bands - Average vulnerability lifetime 📘 **Tip**: Filter by asset group, team, or tag to isolate performance trends across departments. --- ### 2. **Custom Dashboards** Visualize your KPIs in real time: - SLA violations - Open findings by age or exploitability - Tickets vs. resolved counts 📘 **Tip**: Use this for stakeholder check-ins or internal VM retrospectives. --- ### 3. **Resolved Findings View** Answer questions like: - How long did this finding take to fix? - Which team resolved the issue? - Was the SLA met? 📘 **Tip**: Filter by `resolution_date` and `nucleus_risk_score` to analyze fix timelines for critical items. --- ### 4. **Saved Filters for Reporting** Build reusable, shareable reports using the [Scheduled Reports](/v1/docs/scheduling-reports) built in to Nucleus: - “Top Exploitable Findings by Business Unit” - “All overdue SLA items owned by Team: Cloud” - “Closed Critical Findings in the last 30 days” 📘 **Tip**: Use these views in weekly reviews or send as exports to team leads. --- ### 5. **Automated Report Exports** Schedule CSV or PDF reports: - Send weekly/monthly SLA and MTTR metrics to execs - Push team-specific dashboards or exports to Slack/email - Keep audit stakeholders looped in without lifting a finger 📘 **Tip**: Use the Automation Center to schedule these exports. --- ## 🎯 Strategic Value | Role | What They Gain | | --- | --- | | **Analyst** | Clean data to back up triage decisions, track backlog, and identify stuck teams | | **CISO / Risk Leader** | Proof of continuous improvement, resource alignment, and SLA accountability | --- ## 🚀 Next Step Start with these: 1. Navigate to **Analyze > Executive Trends** - Review SLA performance and MTTR over the last 30 days - Filter by business unit or exploitability 2. Head to **Resolved Findings** - Filter by `resolution_date = last 30 days` and group by `nucleus_risk_score` 3. Build a **Custom Dashboard** in the **Analyze** menu 4. Create a **Saved Filter** and export or schedule it to run weekly using **Scheduled Reports** --- ## 💬 Need Help? We can help you build your first dashboard, trend report, or stakeholder packet. 📧 [support@nucleussec.com](mailto:support@nucleussec.com)