devguard

Reports

Reports give clear insights across governance, risk, and compliance, helping your organization make decisions, stay accountable, and improve through better visibility and understanding.

Reports

Reports give clear insights across governance, risk, and compliance, helping your organization make decisions, stay accountable, and improve through better visibility and understanding. Reports allow you to generate structured PDF outputs from your governance, risk, and compliance data, making it easy to present findings to auditors, stakeholders, and internal teams.

Statement of Applicability

The Statement of Applicability (SoA) is a key requirement of the ISO/IEC 27001 standard. It documents all controls from Annex A of the standard (or your chosen compliance framework), specifying:

  • Whether each control is applicable to your organization
  • The current implementation status of the control
  • The justification for inclusion or exclusion
  • Any related policies, risks, or assets supporting the control

The SoA ensures transparency, showing both auditors and internal stakeholders why certain controls are applied or excluded. It also demonstrates due diligence in aligning your ISMS (Information Security Management System) with ISO 27001 requirements.

In devguard, the SoA report pulls from your selected framework coverage and compiles a complete, auditable PDF for submission or internal governance.

Audits

Generate a detailed PDF report that summarizes the findings and results from one of your audits. Audit reports include:

  • General audit details (name, type, auditor, date range)
  • Notes and observations
  • Findings and non-conformities with assigned deadlines
  • Corrective measures and statuses

Audit reports provide evidence of audit outcomes and help track remediation progress over time.

Assets

Generate a comprehensive PDF report that analyzes your organization’s asset inventory. The report includes:

  • Asset distribution statistics
  • Full inventory of identified assets
  • Asset classification and priority (high, medium, low risk)
  • CIA (Confidentiality, Integrity, Availability) ratings
  • High-risk assets requiring enhanced protection

Asset reports ensure visibility into critical systems and data, supporting informed risk and compliance decisions.

Asset Reviews

Generate a PDF report from a completed or ongoing asset review. The report captures:

  • Review scope and coordinator
  • Assets reviewed (with ownership and descriptions)
  • Approval or skipped decisions per asset
  • Completion status and deadlines

Asset review reports are used to validate access rights and ensure compliance with access management policies.

Access Reviews

Generate a PDF report from a completed or ongoing entitlement review. The report contains:

  • Review type (onboarding, offboarding, or periodic review)
  • Coordinator and target roles/employees
  • Status of approvals, skips, and withdrawals
  • Progress toward completion

These reports provide assurance that entitlements are being properly managed and reviewed.

Policies

Generate a structured PDF of a selected policy. The report formats your policy with clear structure, including:

  • Title, version, and approval status
  • Full policy content in a standardized layout
  • Metadata such as authors, owners, and review cycles

Policy reports are useful for distribution to employees, auditors, or external stakeholders in a consistent, professional format.

Risks

Generate a PDF report analyzing your organization’s risks. The report includes:

  • Full inventory of identified risks
  • Probability, impact, and residual ratings
  • Linked controls, treatment actions, and vulnerabilities
  • Current status (initial and residual)
  • High, medium, and low-risk breakdowns

Risk reports provide the foundation for governance meetings, audits, and board updates.

Risk Reviews

Generate a PDF report from a completed or ongoing risk review. The report includes:

  • Review scope and coordinator
  • Risks reviewed (with diff views compared to older states)
  • Approval, withdrawal, and progress tracking
  • Finalized review outcomes

Risk review reports ensure transparency into ongoing risk evaluation and provide evidence for audit readiness.

Report Options and Settings

Each report allows you to:

  • Select the source of the report (e.g., which audit, which risk review, or all assets)
  • Define scope and priority filters (e.g., high-risk only)
  • Generate PDF for download
  • Reset and select another report source
  • Add a Custom Footer for classification purposes, such as:
    • Confidential – For Internal Use Only
    • External Distribution
    • Draft – Not Finalized

These options allow you to tailor reports to their audience while maintaining a professional and compliant output.

How is this guide?

On this page