Security
Protecting the information you manage in Governy is a first-class concern. The platform is built around a simple principle: only the right people can see and change the right things, and your data stays under your control. This page gives a plain-language view of the safeguards in place — useful both for evaluating Governy and for reassuring your own stakeholders.
Least-privilege access
Every action in Governy is governed by role-based access control. Each person is given a role that grants exactly the access their job needs — and no more. The roles map to the real responsibilities in a compliance workflow:
| Role | Intended for |
|---|---|
| Admin | Platform administrators with full access |
| Domain Manager | Workspace leads who manage their team and content |
| Analyst | Practitioners who carry out assessments and attach evidence |
| Approver | Reviewers who sign off on assessments |
| Auditee | Contributors who supply evidence for specific requirements |
| Reader | Stakeholders with read-only visibility |
Roles are scoped to each workspace, so access always fits the context. The same person can hold different roles in different workspaces, and no one ever has broader access than their current assignment requires. Sensitive actions — approving assessments, managing users, removing records — are reserved for the roles explicitly entitled to them. Dividing responsibilities across these roles enforces segregation of duties — the person who carries out an assessment is never the one who approves it — a separation every major framework expects.
Strong authentication
Accounts are protected by several independent layers of modern authentication:
- Standards-based sign-in (OAuth 2.0) — access is based on the standard OAuth 2.0 authorisation protocol, with secure internal credential management and stateless sessions using JWT tokens.
- Invite-only access — people can only join through a tracked invitation; accounts cannot be self-registered, keeping the user base under administrator control.
- Verified identities — accounts are confirmed before they become active.
- Two-step verification — an optional second factor at sign-in adds protection, and high-risk account changes require an extra verification step.
Accountability
Key activity is recorded — who reviewed and approved each assessment, and the full version history of evidence and documents. The result is a clear, attributable trail that stands up to certification audits and internal review.
Your data, your infrastructure
Governy is self-hosted: it runs entirely within your own environment. Your audit data, evidence files and user information are stored and processed on infrastructure you control — giving your organisation full ownership over data residency and retention. Nothing leaves your environment unless you choose to export it.