Skip to main content
Version: 1.0.0

Quick Start by Scenario

Use this guide when you are new to administering the platform or need a short operating plan for the first review cycle.

Start Task Shortcuts

TaskOpen
Find the right guide for a specific taskHow Do I Task Index
Set up users, roles, departments, and workflowsTenant Setup Order, Admin Operations Runbook
Run a compliance assessmentCompliance and Assessments, Assessment Playbooks
Manage a high or critical riskRisk Management, Workflow and Status Reference
Publish a policyGovernance
Onboard vendors and assetsThird Parties and Assets
Prepare reports for managementReports and Analytics

1. First 30 Minutes

Goal: understand immediate health and urgent work.

  1. Open the dashboard.
  2. Review critical risks, overdue issues, pending approvals, and expiring exceptions.
  3. Open Reports and review KPI cards.
  4. Check whether any high-priority item has no owner.
  5. Open the assessment list and identify overdue or stalled assessments.
  6. Open the risk register and filter high and critical residual risks.
  7. Write down the top five items needing attention.

Output:

  • immediate triage list
  • owners to contact
  • items requiring escalation

2. First Day

Goal: confirm ownership, access, and urgent workflows.

  1. Review users and roles for the main admin, compliance, risk, control owner, auditor, and executive roles.
  2. Confirm department assignments for active users.
  3. Review pending approvals and identify blocked approvers.
  4. Review overdue issues, findings, and assessments.
  5. Review critical risks and confirm each has an owner, treatment decision, and review date.
  6. Review policies pending approval or acknowledgement.
  7. Review vendors and assets without owners or criticality.

Output:

  • access and ownership corrections
  • approval follow-up list
  • overdue work list
  • critical risk follow-up list

3. First Week

Goal: stabilize administration and reporting.

  1. Clean up duplicate departments, categories, or lookup values.
  2. Reassign records owned by inactive or incorrect users.
  3. Review evidence quality for active assessments.
  4. Confirm non-compliance follow-up decisions: risk, issue, finding, exception, or accepted gap.
  5. Review high-risk vendors and critical assets.
  6. Review scheduled reports and remove reports without a clear owner or audience.
  7. Prepare a short management update.

Output:

  • clean ownership model
  • first data quality improvements
  • management summary
  • list of decisions needed

4. First Monthly Review

Goal: run a complete governance review cycle.

  1. Review dashboard period movement.
  2. Review compliance score and major assessment changes.
  3. Review high and critical risks, treatment progress, and appetite breaches.
  4. Review overdue audit findings and issues.
  5. Review policies due for review and acknowledgement gaps.
  6. Review expiring exceptions.
  7. Review high-risk vendors and critical assets.
  8. Review KPI breaches and explain the source cause.
  9. Validate report filters and source data.
  10. Export the management report pack.

Output:

  • monthly GRC health summary
  • risk and compliance decisions needed
  • overdue work escalation list
  • data quality action list

5. Before an Audit

Goal: prepare reliable evidence and reduce review delays.

  1. Confirm audit scope and period.
  2. Review related frameworks, controls, assessments, and policies.
  3. Check evidence quality for sampled controls.
  4. Ensure open findings have owners, due dates, and remediation notes.
  5. Export assessment, policy, risk, and finding reports as needed.
  6. Prepare explanations for accepted risks and policy exceptions.
  7. Confirm all evidence is current and relevant.

Output:

  • audit evidence pack
  • known gaps list
  • remediation and exception summary

6. Before an Executive Meeting

Goal: provide a concise management view.

  1. Review dashboard trends.
  2. Review KPI status and explain critical or at-risk indicators.
  3. Summarize critical risks and decisions required.
  4. Summarize compliance score movement and major non-compliance.
  5. Summarize overdue issues and findings.
  6. Summarize exceptions expiring soon.
  7. Validate all report filters.
  8. Export only the reports needed by the audience.

Output:

  • executive summary
  • decisions required
  • owner action list
  • report pack

7. New Department Onboarding

Goal: bring a department into the governance operating model.

  1. Create or confirm the department name.
  2. Add users and assign correct roles.
  3. Identify department control owners, risk owners, policy owners, vendor owners, and asset owners.
  4. Assign existing records to the department where appropriate.
  5. Launch required assessments or evidence requests.
  6. Review department risks, vendors, and assets.
  7. Add the department to relevant policy acknowledgement campaigns.

Output:

  • department access and ownership setup
  • initial assessments and assignments
  • department-level risk and compliance view

8. New Administrator Handover

Goal: transfer administration without losing context.

  1. Review active users, roles, departments, and workflows.
  2. Review open assessments, critical risks, overdue issues, findings, policies, exceptions, vendors, and reports.
  3. Review scheduled reports and their recipients.
  4. Review known data quality problems.
  5. Review current management commitments and pending decisions.
  6. Confirm who can approve access changes and workflow decisions.

Output:

  • admin handover checklist
  • current issues list
  • decision and escalation map