Module Map
Use this page to decide which guide to open when administering a module.
Core GRC Domains
- Compliance: assessments, statement of applicability, evidence, frameworks
- Risk Management: risks, appetite, templates, vulnerabilities
- Controls: control library, mappings, testing, exceptions, linked risks
- Governance: policies, exceptions, change management
- Audit: audits, programs, findings
- Third Parties: vendors and vendor risk context
- Privacy: processing activities, DSARs, PIA, consent, transfers, data flow
- Awareness: training courses, surveys, personal learning tasks
Supporting Domains
- Asset Management: assets and asset groups
- Operations: issues, incidents, regulatory changes, calendar
- Reports and Analytics: reports, KPIs, scheduled reports
- Integrations: webhooks
- Setup: roles, users, departments, organization chart, workflows, templates, settings
Documentation Pattern Per Module
Each module is intended to be self-contained. Module-specific workflows, screenshots, FAQs, and playbooks should live under the module instead of a separate global screenshot or playbook menu.
Use this pattern for the main module page:
- what the module is for
- core records and actors
- workflow and status model
- list page, detail page, forms, and actions
- cross-module behavior
- reporting and KPI impact
- common mistakes and checklist
- screenshots and FAQ
Use module-owned playbook subpages for step-by-step operating flows:
- assessment playbooks under Compliance and Assessments
- risk playbooks under Risk Management
- audit playbooks under Audit Management
- control playbooks under Controls
- asset and vendor playbooks under Assets and Third Parties
Available Module Guides
This documentation includes guides for:
- Compliance and Assessments
- Risk Management
- Controls
- Governance
- Audit Management
- Operations
- Third Parties and Assets
- Privacy and Awareness
- Reports and Analytics