Dashboard
The Dashboard is your real-time landing page for governance, risk, and compliance.
Overview
It highlights overall Compliance Health, shows progress for each enabled framework, summarizes assets and risks, and surfaces upcoming deadlines so you always know what needs attention first. It also displays pending invitations to organizations, making it a helpful entry point for new users.
First Steps
The fastest path to a working, auditable program is to adopt a framework, scaffold your policies, and plug in the core collections (definitions, acronyms, labels, locations, schedules). Then connect risks and assets, and keep momentum with reviews, coverage, deadlines, and reports.
Enable Frameworks
Adopt one or more frameworks (e.g., ISO 27001, NIST CSF). Adoption activates their controls and turns on coverage tracking across the platform.
Create Policy Skeletons
Create categories and add policy shells with sections. Map sections to adopted controls and assign approvers for accountability.
Set Up Collections
Define shared building blocks: Definitions, Acronyms, Labels, Locations, Schedules, Variables. Linked content stays in sync across all policies and records.
Add Controls
Need extra requirements? Add controls to your custom frameworks and mark mandatory ones. Official frameworks remain immutable and maintained for you.
Inventory Assets
Add key assets (systems, data, services). Classify with CIA ratings, link locations and controls, and set up access memberships and retention.
Register Risks
Create risks with owners, threat/vulnerability classes, and initial ratings. Link controls and treatment actions to drive mitigation and reviews.
Track Coverage & Deadlines
Monitor control coverage and upcoming obligations in one place. Use the Deadlines view to plan work and avoid last-minute firefighting.
Generate Reports
Produce audit-ready PDFs: Statement of Applicability, Policies, Risks, Reviews, Assets, Audits, and more—with custom footers for classification.
What You’ll Build
You’ll establish a living system where frameworks supply the “what,” policies define the “how,” and controls connect those policies to real world assets and risks. Collections keep terminology consistent. Reviews keep data honest. Coverage and deadlines keep the program on track. Reports make it defensible.
Start with one framework and a small set of core policies. Map sections to controls as you write, not after. Add your top 10 assets and top 10 risks first—enough to light up Coverage, Deadlines, and Reports. Then iterate weekly with Reviews to keep everything fresh and auditable.
Key Concepts
-
Frameworks & Controls – Official frameworks are maintained and immutable; adopt them to unlock their controls. Add custom frameworks and controls if you need client- or region-specific requirements.
-
Policies & Sections – Build policies from sections. Use the “/” command to add rich content (headings, lists, tables, images, code blocks, policy sections, columns, horizontal rules, and collections). Use the “:” command to insert linked data—changes sync everywhere.
-
Assets & CIA Triad – Assets hold confidentiality, integrity, and availability ratings and can inherit/average CIA from their asset classes. Link locations, controls, memberships, and retention to enable access reviews.
-
Risks & Treatments – Quantify probability and impact, then reduce them with mapped controls and treatment actions. Initial, mitigated, and residual positions appear in the Assessment Matrix.
-
Reviews, Deadlines, Coverage, Audit Logs – Reviews provide snapshots with approvals and diffs. Deadlines centralize due dates from schedules. Coverage shows implementation progress for each framework. Audit Logs record every change, immutably.
Popular Destinations
Widgets
Compliance Health
This gauge calculates the percentage of mapped controls across all adopted frameworks. It displays both counts (Mapped vs. Unmapped) and the overall completion rate. Improving this metric generally means mapping policy sections, assets, and risks to the relevant controls—or implementing additional coverage where gaps exist.
Framework Status
Each enabled framework shows a miniature progress bar with:
- Controls mapped vs. Total controls
- The framework title and version (e.g., ISO/IEC 27001:2022, GDPR Checklist)
This lets you compare coverage between frameworks at a glance and decide where to focus mapping and implementation work next.
Assets Overview
The Assets panel summarizes your asset inventory and highlights priority distribution. It reflects the number of assets by priority bands and links to Assets and Entitlements. Use it to verify whether high-priority assets are properly controlled, reviewed, and included in access reviews.
Risks Overview
The Risks panel shows the current spread of high, medium, and low risks, along with totals. It links to Risks, Treatment Actions, and the Assessment Matrix so you can drill into items that need mitigation or re-assessment.
Upcoming Deadlines
This panel lists deadlines within the next 30 days pulled from schedules used across the platform (e.g., policy reviews, risk reviews, entitlement reviews, audit actions). Each entry shows its due date, status (e.g., Overdue, days left), and a link to the originating item. Use Show all upcoming deadlines to open the full Deadlines view.
Invitations & Onboarding
When you have pending invitations to join organizations, the Dashboard surfaces them directly, allowing new users to accept and get started quickly. This makes the Dashboard a natural first stop after sign-in.
Why devguard?
We believe in transparency, collaboration, and adaptability. Our platform is designed to empower developers to take ownership of compliance processes, fostering a culture of accountability and proactive risk management.
Our vision is to revolutionize how companies approach Governance, Risk, and Compliance (GRC) by fostering developer experiences that drive accountability, collaboration, and adaptability, ensuring every team member contributes to a secure, transparent, and compliant environment.
Our mission is to provide a flexible, user-driven platform for managing GRC. By simplifying the complex processes of compliance and governance, we aim to align organizational goals with user needs, allowing teams to focus on meaningful discussions and proactive management.
How is this guide?