Screenshots and Visual Walkthroughs

Use this guide when you need a visual path through the most common administrator tasks. The screenshots show the main page areas; always confirm the exact record, owner, dates, and status before saving changes.

1. Start from the Dashboard

Use the dashboard as the daily triage page.

1. Review alert cards for critical risks, overdue issues, pending approvals, and expiring exceptions.
2. Open the related module from the card or navigation.
3. Confirm whether the item has an owner, due date, and next action.
4. Escalate items that are critical, overdue, or blocked.
5. Return to the dashboard after updates to confirm the status changed as expected.

2. Review Compliance Assessments

Use the assessments page to monitor control responses, evidence, and review progress.

1. Filter by assessment status, owner, framework, or due date.
2. Open an assessment that is overdue, in progress, or pending review.
3. Check control responses and evidence quality.
4. Return weak responses to the owner when evidence does not support the answer.
5. Convert non-compliance into a risk, issue, exception, or finding when follow-up is required.
6. Close the assessment only after required review and follow-up decisions are documented.

3. Review Framework Coverage

Use frameworks to understand which obligations and controls are in scope.

1. Open the relevant framework.
2. Review domains, requirements, and mapped controls.
3. Confirm whether the framework is active and current.
4. Use framework reporting to identify low-compliance domains.
5. Start or update assessments when coverage is incomplete.

4. Manage Risk Register Items

Use the risk register to manage risk ownership, scoring, treatment, and review.

1. Filter by residual rating, owner, status, category, or overdue review.
2. Open high and critical risks first.
3. Check inherent score, residual score, treatment decision, owner, and review date.
4. Confirm whether linked controls, assets, vendors, or issues explain the risk context.
5. Update treatment progress or create follow-up issues.
6. Do not accept or close a risk without documented justification.

5. Publish and Monitor Policies

Use the policies page to manage policy lifecycle and acknowledgements.

1. Review draft, pending approval, published, and expired policies.
2. Open the policy and confirm owner, version, effective date, review date, and audience.
3. Submit for approval when content and attachments are ready.
4. Publish only after approval.
5. Monitor acknowledgement completion for the target audience.
6. Create reminders or follow-up actions for overdue acknowledgements.

6. Prepare Audit Evidence

Use audit pages to manage audit scope, findings, evidence, and closure.

1. Open the audit or finding.
2. Confirm scope, owner, due date, severity, and status.
3. Review linked evidence and remediation notes.
4. Return weak evidence to the owner with a clear request.
5. Submit findings for verification when remediation evidence is ready; material findings should be linked to an issue or risk, and verified assessment-control findings trigger targeted reassessment.
6. Export the relevant report or evidence pack when ready for review.

7. Monitor Vendors and Third-Party Risk

Use vendors to manage third-party ownership and risk.

1. Filter vendors by criticality, status, owner, or review date.
2. Open high-criticality vendors first.
3. Confirm service description, owner, risk rating, assessment status, and next review date.
4. Link risks, findings, or issues when vendor exposure requires follow-up.
5. Update review status after assessment or remediation.

8. Maintain Assets

Use assets to keep business and technical ownership clear.

1. Filter assets by criticality, owner, department, or status.
2. Confirm critical assets have owners and review dates.
3. Link risks or controls when the asset affects compliance or risk exposure.
4. Update ownership when systems or business services change.

9. Track Incidents and Operational Issues

Use incidents and issues to track operational response and closure.

1. Open high-severity or overdue records first.
2. Confirm owner, status, due date, impact, and response notes.
3. Link related risks, vendors, assets, or controls when relevant.
4. Require closure evidence before marking the item resolved.
5. Escalate repeated delays or critical incidents.

10. Review KPIs and Reports

Use KPIs and reports to prepare management updates.

1. Review KPI status: on track, at risk, or critical.
2. Open source records for KPI values that changed significantly.
3. Check whether the change is real performance movement or data quality correction.
4. Export reports only after verifying filters and source data.
5. Schedule reports only when the audience, owner, and purpose are clear.

11. Manage Settings and Administration

Use settings carefully because changes can affect many users.

1. Review users, roles, departments, and workflow ownership.
2. Apply least-privilege access.
3. Avoid duplicate departments or lookup values.
4. Reassign ownership before deactivating users.
5. Review configuration changes during monthly admin checks.