Command dashboard
Live posture across incidents, notification clocks, risks, vendors, and the latest assessment.
Next notification deadlines
Regulatory bulletins
Incident Command Center
Open an incident, set the awareness moment, and the per-regime clocks start themselves. Everything is logged.
Open incident
Assessments
Health Suite engagements, multi-user and persistent. In the deployed edition you can import JSON saved from the desktop edition.
| Org | Health | Risk index | By | Updated |
|---|
Third-party risk
Vendor lifecycle with DPA tracking and review history.
| Vendor | Tier | DPA | Status | Data access |
|---|
Risk register
The company-level 5×5. Incidents, vendors, and assessments all feed here.
| Risk | Domain | Rating | Owner | Treatment | Status |
|---|
Administration
Users, roles, and the audit trail. In the deployed edition, the first Entra ID sign-in becomes the admin.
Regulatory update pipeline
Pulls signed content packs (regime clocks, bulletins) from the configured feed. Ed25519-verified against the key baked into this deployment; unsigned or tampered packs are rejected; downgrades refused. Off by default — nothing is fetched until you enable it.
Users
| Name | Role |
|---|
Audit log
| When (UTC) | Actor | Action | Entity | Detail |
|---|