devguard

Dashboard

The Dashboard is your real-time landing page for governance, risk, and compliance.

Overview

It highlights overall Compliance Health, shows progress for each enabled framework, summarizes assets and risks, and surfaces upcoming deadlines so you always know what needs attention first. It also displays pending invitations to organizations, making it a helpful entry point for new users.

First Steps

The fastest path to a working, auditable program is to adopt a framework, scaffold your policies, and plug in the core collections (definitions, acronyms, labels, locations, schedules). Then connect risks and assets, and keep momentum with reviews, coverage, deadlines, and reports.

Enable Frameworks

Adopt one or more frameworks (e.g., ISO 27001, NIST CSF). Adoption activates their controls and turns on coverage tracking across the platform.

Create Policy Skeletons

Create categories and add policy shells with sections. Map sections to adopted controls and assign approvers for accountability.

Set Up Collections

Define shared building blocks: Definitions, Acronyms, Labels, Locations, Schedules, Variables. Linked content stays in sync across all policies and records.

Add Controls

Need extra requirements? Add controls to your custom frameworks and mark mandatory ones. Official frameworks remain immutable and maintained for you.

Inventory Assets

Add key assets (systems, data, services). Classify with CIA ratings, link locations and controls, and set up access memberships and retention.

Register Risks

Create risks with owners, threat/vulnerability classes, and initial ratings. Link controls and treatment actions to drive mitigation and reviews.

Track Coverage & Deadlines

Monitor control coverage and upcoming obligations in one place. Use the Deadlines view to plan work and avoid last-minute firefighting.

Generate Reports

Produce audit-ready PDFs: Statement of Applicability, Policies, Risks, Reviews, Assets, Audits, and more—with custom footers for classification.

What You’ll Build

You’ll establish a living system where frameworks supply the “what,” policies define the “how,” and controls connect those policies to real world assets and risks. Collections keep terminology consistent. Reviews keep data honest. Coverage and deadlines keep the program on track. Reports make it defensible.

Start with one framework and a small set of core policies. Map sections to controls as you write, not after. Add your top 10 assets and top 10 risks first—enough to light up Coverage, Deadlines, and Reports. Then iterate weekly with Reviews to keep everything fresh and auditable.

Key Concepts

  • Frameworks & Controls – Official frameworks are maintained and immutable; adopt them to unlock their controls. Add custom frameworks and controls if you need client- or region-specific requirements.

  • Policies & Sections – Build policies from sections. Use the “/” command to add rich content (headings, lists, tables, images, code blocks, policy sections, columns, horizontal rules, and collections). Use the “:” command to insert linked data—changes sync everywhere.

  • Assets & CIA Triad – Assets hold confidentiality, integrity, and availability ratings and can inherit/average CIA from their asset classes. Link locations, controls, memberships, and retention to enable access reviews.

  • Risks & Treatments – Quantify probability and impact, then reduce them with mapped controls and treatment actions. Initial, mitigated, and residual positions appear in the Assessment Matrix.

  • Reviews, Deadlines, Coverage, Audit Logs – Reviews provide snapshots with approvals and diffs. Deadlines centralize due dates from schedules. Coverage shows implementation progress for each framework. Audit Logs record every change, immutably.

Widgets

Compliance Health

This gauge calculates the percentage of mapped controls across all adopted frameworks. It displays both counts (Mapped vs. Unmapped) and the overall completion rate. Improving this metric generally means mapping policy sections, assets, and risks to the relevant controls—or implementing additional coverage where gaps exist.

Framework Status

Each enabled framework shows a miniature progress bar with:

  • Controls mapped vs. Total controls
  • The framework title and version (e.g., ISO/IEC 27001:2022, GDPR Checklist)

This lets you compare coverage between frameworks at a glance and decide where to focus mapping and implementation work next.

Assets Overview

The Assets panel summarizes your asset inventory and highlights priority distribution. It reflects the number of assets by priority bands and links to Assets and Entitlements. Use it to verify whether high-priority assets are properly controlled, reviewed, and included in access reviews.

Risks Overview

The Risks panel shows the current spread of high, medium, and low risks, along with totals. It links to Risks, Treatment Actions, and the Assessment Matrix so you can drill into items that need mitigation or re-assessment.

Upcoming Deadlines

This panel lists deadlines within the next 30 days pulled from schedules used across the platform (e.g., policy reviews, risk reviews, entitlement reviews, audit actions). Each entry shows its due date, status (e.g., Overdue, days left), and a link to the originating item. Use Show all upcoming deadlines to open the full Deadlines view.

Invitations & Onboarding

When you have pending invitations to join organizations, the Dashboard surfaces them directly, allowing new users to accept and get started quickly. This makes the Dashboard a natural first stop after sign-in.

Why devguard?

We believe in transparency, collaboration, and adaptability. Our platform is designed to empower developers to take ownership of compliance processes, fostering a culture of accountability and proactive risk management.

Our vision is to revolutionize how companies approach Governance, Risk, and Compliance (GRC) by fostering developer experiences that drive accountability, collaboration, and adaptability, ensuring every team member contributes to a secure, transparent, and compliant environment.

Our mission is to provide a flexible, user-driven platform for managing GRC. By simplifying the complex processes of compliance and governance, we aim to align organizational goals with user needs, allowing teams to focus on meaningful discussions and proactive management.

How is this guide?

On this page