Platform Functionalities

Governy turns compliance work that usually lives in scattered spreadsheets, shared drives and email threads into a single, structured platform. This page walks through everything the platform does, organised the way teams actually work: assess, document, collaborate and report. No technical background is required to follow along. The interface is designed to stay clean and uncluttered, so even occasional contributors are productive from their first sign-in.

GIF PLACEHOLDER — Product tour

Insert a short GIF here giving a 20-second tour: signing in, the dashboard, opening an audit, and the audit sidebar.

The big picture

Everything in Governy is organised around two simple ideas:

• A workspace groups related work together — for example, all the compliance work for one company, one client, or one year.
• An audit is a single assessment of an organisation against one framework (such as ISO 27001 or GDPR). Each audit gets its own dedicated space with its own requirements, evidence, tasks, approvals and report.

A workspace can contain as many audits as you need, and the right people are given access to exactly the audits they should see — and nothing more.

---

Assessment

Assessment is the heart of Governy. Every audit begins with a structured, requirement-by-requirement review of how well your organisation meets the chosen framework. This enhanced self-assessment brings together clear scoring, an at-a-glance dashboard and automatic remediation suggestions, so the people closest to each control can record where they stand and immediately see how to improve.

GIF PLACEHOLDER — Assessment scoring workflow

Insert a GIF here showing: navigating the Assessment tab, scoring requirements, changing statuses, and filtering by compliance state.

Compliance scoring

Each requirement is reviewed on its own and given one of five clear statuses:

Status	Meaning
Not Assessed	Default state — not yet reviewed
Compliant	The control is fully in place
Partially Compliant	The control is partly in place
Non Compliant	The control is not in place
N/A	The control does not apply to this organisation

Statuses can be changed at any time as work progresses, so the audit always reflects reality.

Compliance dashboard

Every audit opens on an overview that shows, at a glance, how far the assessment has progressed and where the organisation stands. Progress bars and completion rates let everyone — from the analyst doing the work to the executive sponsoring it — understand the state of play in seconds. Reviewers can filter requirements by status to focus only on what still needs attention.

GIF PLACEHOLDER — Audit overview dashboard

Insert a GIF here showing: the audit overview with progress metrics, then filtering the requirement list by status.

Suggested measures

As requirements are assessed, Governy automatically proposes concrete actions to close the gaps it finds. Each suggestion is rated on two easy-to-grasp dimensions:

• Compliance impact — how much addressing it improves your overall score
• Implementation effort — how much work it is likely to take

Teams can filter by framework or by effort level — making it easy to pick off quick wins first or to plan high-impact work deliberately.

GIF PLACEHOLDER — Suggested measures

Insert a GIF here showing: opening Suggested Measures, sorting by impact, and filtering by effort.

Approval workflow

When a requirement has both a score and supporting evidence, Governy routes it to the audit’s approvers automatically — there is no separate “submit” button to remember. Approvers then approve or reject each item with an inline comment, building a clear, attributable record of who reviewed what and when.

Two complementary views keep reviewers efficient:

• Global Approval Center — one queue showing everything awaiting approval across every workspace on the platform
• Audit-level Approval Center — the same queue, narrowed to a single audit, ideal for a dedicated reviewer

GIF PLACEHOLDER — Approval workflow

Insert a GIF here showing: a reviewer opening the Approval Center, reading the evidence, and approving with a comment.

Statement of Applicability (ISO 27001)

ISO 27001 audits include a dedicated Statement of Applicability (SoA) workspace. All 93 Annex A controls are laid out in a structured grid; for each one, the auditor declares whether it is Applicable or Not Applicable and records a written justification. The 11 controls introduced in the 2022 revision are clearly labelled. Export of the SoA is deliberately blocked until every control has a decision — so a document can never leave the platform half-finished.

GIF PLACEHOLDER — Statement of Applicability

Insert a GIF here showing: the SoA grid, marking controls applicable/not applicable, adding a justification, and exporting.

Report generation

Once an audit is far enough along, a polished compliance report can be generated straight from the platform. The report pulls together assessment results, evidence summaries and compliance metrics into a single professional document that is ready to share with management, clients or certification bodies.

GIF PLACEHOLDER — Report generation

Insert a GIF here showing: generating and previewing a compliance report from the Report tab.

---

Documentation & evidence

Governy treats proof as a first-class part of compliance. Every control, finding and policy can be backed by attached files and tracked throughout its life.

GIF PLACEHOLDER — Evidence upload

Insert a GIF here showing: attaching evidence to a requirement, picking a file, previewing it in the viewer, and seeing it linked to the control.

Evidence management

Any requirement can have evidence attached directly to it — files, documents and supporting materials. Evidence is tracked per requirement with version history, so teams can always see the latest proof and what came before it. The Evidences tab gives a single, cross-audit view of everything that has been collected.

A built-in evidence wizard guides contributors step by step through attaching their materials, so even occasional users — such as an external auditee — can take part without any training.

Document library

Beyond per-requirement evidence, each audit has a Documentation tab for audit-wide documents — security policies, procedures, third-party certifications and other reference materials that apply to the audit as a whole rather than to a single control. A document can be linked to a single requirement or to several at once, so a policy that satisfies multiple controls is recorded once and referenced everywhere it applies — with one shared version history kept in step across all of them.

GIF PLACEHOLDER — Document library

Insert a GIF here showing: opening the Documentation tab and adding an audit-level policy document.

Built-in file viewer

Documents can be read directly inside the platform, with no download required. The inline viewer supports common document formats, so a reviewer can open, read and validate a piece of evidence without ever leaving the audit.

Measures library

Governy maintains a reusable library of reference security controls — measures — that can be linked to audit requirements to document exactly how a control is being met. Over time this becomes a shared knowledge base of good practice mapped to framework requirements, making responses consistent across every audit your team runs.

---

Collaboration

Compliance is a team sport. Governy is built for several people to work together — dividing the work, tracking progress and bringing in the right person at the right moment.

GIF PLACEHOLDER — Tasks and planning

Insert a GIF here showing: assigning a task to a team member, updating its status, and viewing the planning timeline.

Tasks

Each audit has a Tasks tab where action items can be created, assigned to a specific person and tracked through to completion. Because tasks live inside the audit, remediation work stays connected to the requirement it relates to — there is no separate project tool to keep in sync. Tasks can be followed as a simple list or on a Kanban board — cards moving across columns such as To do → In progress → Done — so the whole team sees at a glance what still has to be implemented to reach compliance, and who is responsible for each item.

Planning & milestones

The Planning tab lets teams set remediation milestones and deadlines, giving a clear schedule for moving requirements from non-compliant to compliant. This is especially valuable when working toward a fixed certification date.

Multi-user audit workspaces

Every audit supports several participants in different roles — analysts carrying out the assessment, approvers signing off, and auditees supplying evidence. The Users tab inside each audit lets administrators control who has access and in what capacity.

Invite-based onboarding

New people join through a simple email invitation: they receive a link, confirm their email address and they are in — no manual account creation by an administrator. This keeps onboarding effortless for external auditors, auditees and new colleagues alike.

GIF PLACEHOLDER — Inviting a teammate

Insert a GIF here showing: sending an email invitation and the new user accepting it.

Multilingual interface

The entire platform is available in English and French. Each person chooses their own language independently, which makes Governy a natural fit for cross-border teams and for serving clients in either language.

GIF PLACEHOLDER — Switching language

Insert a GIF here showing: a user switching the interface between English and French from their profile.

Workspace-level access control

Users and their roles are scoped to each workspace. One person can be an Analyst on one engagement and a Reader on another — so sensitive audit data is only ever visible to the people who genuinely need it. The roles available are described in detail on the Security page.