Page-Level Reference
This reference explains what administrators should look for on the main pages, how to use common actions, and which mistakes to avoid.
1. Dashboard
| Area | What It Means | Admin Action |
|---|---|---|
| Summary cards | Current counts and key performance signals. | Review changes before management meetings. |
| Alerts | Items needing immediate attention. | Open the source record and confirm owner action. |
| Pending approvals | Workflow items waiting for decision. | Remind or reassign approvers when stuck. |
| My tasks | Work assigned to the current user. | Complete or update status before due date. |
| Trends | Movement over the selected period. | Investigate sharp changes before reporting. |
Common mistake: treating the dashboard as the source record. Correct the source module instead.
2. Assessments Page
| Area | What It Means | Admin Action |
|---|---|---|
| Assessment list | All assessment cycles and their status. | Filter by due date, owner, status, and framework. |
| Progress | Completion of responses and reviews. | Follow up with owners where progress is stalled. |
| Control responses | Compliance status, explanation, and evidence. | Return unsupported responses for correction. |
| Evidence | Files, links, or notes supporting the response. | Confirm evidence is current and relevant. |
| Review actions | Submit, request changes, approve, or close. | Use only when the assessment is ready for that stage. |
Escalate when an assessment is overdue, has critical non-compliance, or lacks required evidence.
3. Risk Register Page
| Area | What It Means | Admin Action |
|---|---|---|
| Risk list | Active and historical risks. | Filter high and critical residual risks first. |
| Inherent score | Risk before treatment. | Confirm it reflects the original exposure. |
| Residual score | Risk after treatment or controls. | Confirm treatment evidence supports the reduction. |
| Treatment | Avoid, mitigate, transfer, accept, or monitor. | Make sure the decision is documented. |
| Review date | Next required risk review. | Escalate overdue reviews for high and critical risks. |
| Linked records | Assets, vendors, controls, issues, findings. | Use links to explain business context. |
Common mistake: lowering residual risk without treatment evidence.
4. Policies Page
| Area | What It Means | Admin Action |
|---|---|---|
| Policy status | Draft, pending approval, published, archived, or expired. | Move policies through the lifecycle with approvals. |
| Version | Current policy version. | Keep version changes clear and traceable. |
| Owner and approver | Accountability and decision authority. | Avoid the same person owning every decision. |
| Audience | Users expected to read or acknowledge. | Confirm before publishing. |
| Acknowledgements | Completion by target audience. | Follow up on overdue acknowledgements. |
| Review date | Next scheduled policy review. | Start review before the date passes. |
Common mistake: publishing before the audience and acknowledgement rules are correct.
5. Vendor Page
| Area | What It Means | Admin Action |
|---|---|---|
| Vendor profile | Name, owner, service, status, and criticality. | Keep ownership and service description current. |
| Assessment status | Progress of vendor risk review. | Follow up on incomplete assessments. |
| Risk rating | Vendor exposure level. | Review high-risk vendors regularly. |
| Linked risks/issues | Follow-up work related to the vendor. | Keep remediation linked for traceability. |
| Review date | Next vendor review. | Escalate overdue reviews for critical vendors. |
Common mistake: leaving critical vendors without owner or review date.
6. Reports and KPI Page
| Area | What It Means | Admin Action |
|---|---|---|
| KPI cards | Current value and threshold status. | Investigate at-risk and critical KPIs. |
| Filters | Scope used for report interpretation. | Confirm filters before exporting. |
| Export | PDF or Excel output. | Export only after checking source data quality. |
| Scheduled reports | Recurring delivery. | Use only for stable audience and purpose. |
| Source links | Records behind the number. | Open source records to explain unexpected values. |
Common mistake: sending a report without validating filters and source data.
7. Settings Page
| Area | What It Means | Admin Action |
|---|---|---|
| Users | People with platform access. | Review inactive users and ownership before removal. |
| Roles | Permission sets. | Apply least privilege. |
| Departments | Business structure for ownership and reporting. | Avoid duplicates and outdated departments. |
| Workflows | Approval and review routing. | Confirm approver coverage. |
| Lookup values | Categories, priorities, and classifications. | Keep values consistent and non-duplicated. |
Common mistake: changing settings without considering reporting and ownership impact.