Audits
An audit is a self-contained workspace for one compliance effort. It brings together assessments, evidence, documents, tasks and approvals in one place, and the whole experience adapts automatically to the framework you’re working against.
The audit list
The audit list shows every compliance effort you can access, with its framework, linked workspace, creation date and current status. Select one to open its overview.
The overview
The overview is the central hub for an audit. Because Governy adapts to the chosen framework, two audits can look quite different depending on whether they follow ISO 27001, GDPR, CyFun, NIS2, DORA or a custom framework. The header shows the audit name, framework, workspace and — when applicable — a banner indicating the audit is locked.
Charts and metrics
The overview presents the visualisations that make sense for the active framework:
| Visualisation | Shown for |
|---|---|
| Compliance donut | All frameworks — share of requirements in each result state |
| Radar chart | Frameworks organised by domain — score per domain or control family |
| Domain bar chart | Standard frameworks — compliance per domain |
| GDPR breakdown | GDPR — article-level compliance |
| CyFun heatmap | CyFun — maturity levels across the five categories |
| Metadata & status cards | All frameworks — framework, dates, lock state and item counts |
Control explorer
An interactive tree of every requirement in the audit. Browse the hierarchy and select any item to open its assessment.
Quick links
Shortcuts to Evidence, Planning and Documentation.
One platform, many frameworks
Governy is built to support any number of compliance frameworks at the same time. Each audit follows exactly one framework, but your organisation can run several audits in parallel — one per framework — all from the same platform. Adding a new framework never requires technical work: once it’s available, it can be selected for a new audit and the interface adjusts itself.
Sections of an audit
Every audit offers a consistent set of sections, with a few that appear only for the frameworks that need them:
| Section | Purpose |
|---|---|
| Overview | Charts, metrics and quick links |
| Assessment | Self-assessment of every requirement |
| Statement of Applicability | ISO 27001 only — applicability decisions |
| Evidence | The audit’s evidence library |
| Documentation | Document library with version history |
| Planning | Task board and scheduling |
| Approval Center | Review, approve or reject assessments |
| Users | Manage who has access to the workspace |
How frameworks change the experience
| Framework | Assessment journeys | Highlights |
|---|---|---|
| ISO 27001 | Clauses (4–10) + Statement of Applicability | Applicability decisions, “New 2022” badges, 93 Annex A controls |
| GDPR | Article-focused assessment | Only relevant articles, per-article breakdown |
| CyFun | Assessment by maturity group | Maturity switcher, category heatmap |
| NIS2 / DORA | Single assessment | Standard multi-domain layout |
| Custom | Single assessment | Fully functional with no setup work |
Locked audits
When an administrator locks an audit, a banner appears and assessment fields become read-only for everyone — preserving the record. Approvers can still approve or reject, and auditees can still provide evidence.