All Features
Dashboard
The dashboard is the landing page after signing in. It shows a summary of active audits and key compliance metrics across all workspaces you have access to, giving teams a quick view of overall posture without navigating into individual audits.
Audits
An audit is Governy’s core unit of work - a structured assessment of an organization against a specific compliance framework. Each audit has a dedicated sidebar and the following workspace sections:
| Section | Purpose |
|---|---|
| Overview | Audit metadata, assigned users, and overall progress metrics |
| Assessment | Requirement-by-requirement compliance scoring with filtering by status |
| SoA (ISO 27001) | Statement of Applicability spreadsheet for all 93 Annex A controls |
| Evidences | File and document attachments linked to specific requirements |
| Planning | Remediation milestones, deadlines, and scheduling |
| Tasks | Action items assigned to team members with status tracking |
| Documentation | Audit-level policy documents and reference materials |
| Report | Generate a structured compliance report |
| Users | Manage which users have access to this audit |
| Approval Center | Review and approve pending requirements scoped to this audit |
Assessment statuses
- Not Assessed - default state, not yet reviewed
- Compliant - control is fully implemented
- Partially Compliant - control is partially implemented
- Non Compliant - control is not implemented
- N/A - not applicable to this organization
Evidence management
Any requirement can have evidence attached directly to it - files, documents, and links. Evidence is tracked per requirement and visible in the Evidences tab for a cross-audit overview.
Statement of Applicability (SoA)
Exclusive to ISO 27001 audits. The SoA tab presents all 93 Annex A controls in a spreadsheet view. Auditors declare each control as Applicable or Not Applicable and provide a written justification. Export is blocked until every control has a decision. The 11 controls new in the 2022 revision are labeled New 2022.
Framework Library
The Frameworks page lists all compliance frameworks available in the platform. Each framework contains a structured requirement tree organized by groups or chapters.
Built-in frameworks:
- ISO 27001:2022 - Two journeys: ISMS Clauses 4-10 and the Statement of Applicability for all 93 Annex A controls.
- GDPR - Single assessment journey covering all General Data Protection Regulation requirements.
- DORA - Single assessment journey for the Digital Operational Resilience Act.
Custom frameworks can be added to the platform with fully configurable journeys and navigation - see Extensibility.
Measures
Measures are reference security controls that can be linked to audit requirements to document how a control is being addressed. They serve as a knowledge base of security practices mapped to framework requirements.
Suggested Measures
The Suggested Measures page surfaces actionable remediation recommendations derived from non-compliant requirements across your audits. Each suggestion is rated by:
- Compliance impact - how much addressing this measure improves overall compliance
- Implementation effort - estimated difficulty of putting the measure in place
Filters let teams focus on specific frameworks or effort levels, making it easy to prioritize quick wins.
Approval Workflows
A requirement is added to the approval queue automatically once it has a self-assessment score and supporting evidence - there is no manual submission step. Approvers can approve or reject the requirement with a comment.
The global Approval Center (accessible from the main sidebar) consolidates all pending requirements across every audit in the platform. Audit-level approval centers scope this view to a single audit.
Administration
User Management
Administrators can create, edit, activate, deactivate, or delete user accounts. New users can be invited via email with a verification step before the account becomes active.
Role-Based Access Control
Permissions are enforced through a role assignment system. Roles can be scoped globally or per-workspace, and users can be organized into groups for bulk permission management.
Workspace Management
Workspaces group related audits together (e.g., all audits for a specific entity or year). Each workspace has its own assigned users, available frameworks, and access settings, managed from the admin panel.
Profile & Settings
Every user can update their profile (name, email), change their password with one-time email code verification, and switch the interface language between English and French. Language preference is saved per account.