Appearance
Organization Management
User Roles and Rights
The platform assigns specific roles and permissions to users based on their responsibilities both on the platform, and within a specific project.
User Types
The platform has two user types: organization administrators and users. Organization admins have permission to access and edit any aspect of the organization. This includes organization settings and all projects, as well as user management. Given these sweeping rights, we recommend minimizing the number of users with organization administrator rights.
Users, on the other hand, can only view and edit those parts of the platforms which they have been given permission to access or edit. These permissions apply on a project basis, so a user could have full owner rights to one project and not even have view permission to another.
User Roles
Each project has its own role assignments to allow you to customize access and permissions.
Owner
This role is automatically assigned to organization admins for each project and is not visible or changeable in the user interface. The Owner has comprehensive control over the project and is responsible for project setup and ongoing management. They possess all permissions, granting full access to all project aspects, including the ability to invite other users to the project.
Reviewer
The Reviewer focuses on evaluating and providing feedback on project elements. Their primary responsibilities include reviewing, verifying, and approving changes to project elements. When an Editor completes a control or risk and requests a status change, the Reviewer is responsible for approving these requests.
Editor
The Editor is tasked with modifying project elements. They have the authority to edit project components and request status changes for review. Editors play a crucial role in updating project information and preparing it for review.
Auditor
The Auditor’s primary role is to assess and ensure project compliance. They review project elements specifically for compliance purposes and provide detailed compliance assessments.
This role structure clearly defines each stakeholder's responsibilities and authority within the project, ensuring efficient project management and compliance. By assigning specific permissions to each role, the platform facilitates a streamlined workflow where each user understands their duties and the scope of their authority within the project.
| owner | reviewer | editor | auditor | |
|---|---|---|---|---|
| Create projects | X | X | X | X |
| Update project's settings | X | |||
| Delete project | X | |||
| Read projects | X | X | X | X |
| Update project roles | X | |||
| update_project | X | X | ||
| add_framework | X | |||
| Upload evidence | X | X | ||
| Update evidence | X | X | ||
| download_evidence | X | X | X | X |
| Update control | X | X | ||
| Create risk | X | X | ||
| Update risk | X | X | ||
| Create asset card | X | X | ||
| Update asset card | X | X | ||
| Download asset card | X | X | X | X |
| Create comment | X | X | X | X |
| Set review decision | X | X | ||
| Force update status | X | |||
| Create test | X | X | ||
| Update test | X | X | ||
| Reassign reviewers | X | X |
Readiness Status
Readiness
We use the concept of “readiness” for our Controls, Risks, and other concepts such as Dataset Cards or Assets. The readiness describes where in your compliance workflow for the item is.
Readiness Statuses
In Progress
In progress means that work is currently ongoing and that additional progress will be needed before the status of the concept can be changed.
In review
If a concept is ready for review, a user can request a review from another user with the reviewer or owner role for the project, or force push directly to another status as an organization administrator or owner. A concept will remain “in review” until the review has been performed.
Completed
When a concept has been reviewed, it can be moved to the completed status. This means that all necessary work to fulfill a concept has been completed. This status may revert back to in progress either manually, or through automated pathways, indicating that the concept now requires additional attention.
Out of Scope
A concept such as a Control can be placed out of scope if it has been determined that a Control is not relevant for the project or the organization.
NOTE: An example would be Controls related to Data Privacy in a project dealing with industrial machinery where no personal data are processed in any way.
Review Process
On the platform you have the possibility to request a status change for controls, risks, and asset cards. Assuming you finished your task and believe it is completed, you can request a change of the status to completed. You do this by selecting the desired status, reviewers and an optional comment.
Reviewers can then approve or reject the status change, and depending on the first decision the control's status is changed into the old or into the requested status. Other reviews are made stale after a first reviewer has made a decision. While nobody has made a decision, the control is in the in review state and shows up on the reviewer's dashboard as ready to be reviewed control.
Anyone who can edit the project can also cancel pending status change requests. For this simply press cancel request and confirm in the dialogue.
As mentioned, the same review procedure for status change request also applies to risks and model or dataset cards.
Moreover, project owners can always force update statuses.
Notifications
The Notification Center is a centralized hub for all platform activity, providing real-time updates on important actions and events. It offers a streamlined interface that consolidates all notifications into one accessible location.
Notification Categories
- System notifications: Updates about system maintenance or important announcements
- User activities: Alerts for mentions in comments, new followers, and file sharing
- Workflow updates: Status changes in your projects, such as task completions or milestone achievements
- Errors and alerts: Messages about failed tasks or issues requiring immediate attention
Notification States
- Unread: New notifications appear in bold
- Read: Notifications lose their bold formatting once clicked
- Archived: Notifications can be stored for future reference
Filtering and Sorting Options
- Date: Arrange from newest to oldest or vice versa
- Type: Filter by the categories listed above
- Status: View unread, read, or archived notifications