Reports
Reports give clear insights across governance, risk, and compliance, helping your organization make decisions, stay accountable, and improve through better visibility and understanding.
Reports
Reports give clear insights across governance, risk, and compliance, helping your organization make decisions, stay accountable, and improve through better visibility and understanding. Reports allow you to generate structured PDF outputs from your governance, risk, and compliance data, making it easy to present findings to auditors, stakeholders, and internal teams.
Statement of Applicability
The Statement of Applicability (SoA) is a key requirement of the ISO/IEC 27001 standard. It documents all controls from Annex A of the standard (or your chosen compliance framework), specifying:
- Whether each control is applicable to your organization
- The current implementation status of the control
- The justification for inclusion or exclusion
- Any related policies, risks, or assets supporting the control
The SoA ensures transparency, showing both auditors and internal stakeholders why certain controls are applied or excluded. It also demonstrates due diligence in aligning your ISMS (Information Security Management System) with ISO 27001 requirements.
In devguard, the SoA report pulls from your selected framework coverage and compiles a complete, auditable PDF for submission or internal governance.
Audits
Generate a detailed PDF report that summarizes the findings and results from one of your audits. Audit reports include:
- General audit details (name, type, auditor, date range)
- Notes and observations
- Findings and non-conformities with assigned deadlines
- Corrective measures and statuses
Audit reports provide evidence of audit outcomes and help track remediation progress over time.
Assets
Generate a comprehensive PDF report that analyzes your organization’s asset inventory. The report includes:
- Asset distribution statistics
- Full inventory of identified assets
- Asset classification and priority (high, medium, low risk)
- CIA (Confidentiality, Integrity, Availability) ratings
- High-risk assets requiring enhanced protection
Asset reports ensure visibility into critical systems and data, supporting informed risk and compliance decisions.
Asset Reviews
Generate a PDF report from a completed or ongoing asset review. The report captures:
- Review scope and coordinator
- Assets reviewed (with ownership and descriptions)
- Approval or skipped decisions per asset
- Completion status and deadlines
Asset review reports are used to validate access rights and ensure compliance with access management policies.
Access Reviews
Generate a PDF report from a completed or ongoing entitlement review. The report contains:
- Review type (onboarding, offboarding, or periodic review)
- Coordinator and target roles/employees
- Status of approvals, skips, and withdrawals
- Progress toward completion
These reports provide assurance that entitlements are being properly managed and reviewed.
Policies
Generate a structured PDF of a selected policy. The report formats your policy with clear structure, including:
- Title, version, and approval status
- Full policy content in a standardized layout
- Metadata such as authors, owners, and review cycles
Policy reports are useful for distribution to employees, auditors, or external stakeholders in a consistent, professional format.
Risks
Generate a PDF report analyzing your organization’s risks. The report includes:
- Full inventory of identified risks
- Probability, impact, and residual ratings
- Linked controls, treatment actions, and vulnerabilities
- Current status (initial and residual)
- High, medium, and low-risk breakdowns
Risk reports provide the foundation for governance meetings, audits, and board updates.
Risk Reviews
Generate a PDF report from a completed or ongoing risk review. The report includes:
- Review scope and coordinator
- Risks reviewed (with diff views compared to older states)
- Approval, withdrawal, and progress tracking
- Finalized review outcomes
Risk review reports ensure transparency into ongoing risk evaluation and provide evidence for audit readiness.
Report Options and Settings
Each report allows you to:
- Select the source of the report (e.g., which audit, which risk review, or all assets)
- Define scope and priority filters (e.g., high-risk only)
- Generate PDF for download
- Reset and select another report source
- Add a Custom Footer for classification purposes, such as:
- Confidential – For Internal Use Only
- External Distribution
- Draft – Not Finalized
These options allow you to tailor reports to their audience while maintaining a professional and compliant output.
How is this guide?