Governance & Disclosure Model
Govula workspace binding and audience governance documentation.
This section is intended for: Technical Team, Auditor, Management. Unauthorised access is restricted.
Document Purpose: This document provides a formal explanation of Govula's workspace binding and audience governance model for audit purposes.
1. Overview
Govula implements a multi-framework compliance platform with strict governance controls to ensure controlled disclosure and audit-safe operation. The platform supports multiple compliance frameworks internally while maintaining a single authoritative view per stakeholder group.
2. Core Governance Principles
2.1 Framework Enablement
Compliance frameworks (ISO 27001, SOC 2, NIST CSF, HIPAA, PCI DSS, etc.) are data-layer entities that are never directly exposed to external stakeholders. Each framework may be enabled or disabled by administrators without affecting the visibility of other frameworks.
2.2 Workspace Isolation
Each enabled framework creates a dedicated workspace. Workspaces are the unit of disclosure, not frameworks. A workspace contains:
- Statement of Applicability (SoA) specific to that framework
- Control justifications and evidence
- Framework-specific audit narratives
- Compliance snapshots and reports
Workspaces progress through defined lifecycle states:
- DRAFT — Initial preparation state
- IN PROGRESS — Active control population and evidence gathering
- READY FOR DISCLOSURE — Pre-authorisation review state
- AUTHORISED — Approved for audience binding
Only workspaces in the AUTHORISED state may be bound to external stakeholder audiences.
2.3 Audience Binding
The platform defines four stakeholder audiences with distinct access requirements:
| Audience | Access Model | Workspace Visibility |
|---|---|---|
| TECHNICAL | Full access | All workspaces (including draft and in-progress) |
| MANAGEMENT | Bound workspace only | Single authorised workspace |
| AUDITOR | Bound workspace only | Single authorised workspace |
| BOARD | Bound workspace only | Single authorised workspace |
Each non-technical audience is explicitly bound to exactly one authorised workspace. This binding is immutable once locked and serves as an audit artefact.
3. Disclosure Control Mechanisms
3.1 Report Generation
All reports, SoA documents, and data exports are generated exclusively from the workspace bound to the requesting user's audience. Reports do not accept framework or workspace parameters; the workspace is resolved automatically based on the authenticated user's role.
- Identify requesting user
- Resolve user to audience mapping
- Resolve audience to bound workspace
- Generate report from bound workspace only
3.2 Access Enforcement
The platform enforces workspace access at the API level, not merely at the UI level. Any attempt by a non-technical user to access a workspace other than their bound workspace results in an HTTP 403 Forbidden response.
3.3 Cross-Framework Isolation
Each workspace maintains its own:
- Statement of Applicability (SoA)
- Control justifications
- Evidence mappings
- Audit narratives
While internal cross-framework control mappings may exist for evidence reuse purposes, these mappings are never exposed to auditors or management stakeholders and cannot influence the content of bound workspace reports.
4. Audit Trail
All workspace binding operations are logged to an immutable audit trail, including:
- Binding creation and modification
- Binding lock operations
- Administrator who performed the action
- Timestamp of the operation
This audit log is available to administrators and auditors for compliance verification.
5. Design Guarantees
The Govula governance model provides the following guarantees:
- Zero accidental framework exposure: Non-technical stakeholders cannot view frameworks or workspaces they are not bound to.
- Deterministic behaviour: Report generation is deterministic based on the requesting user's audience binding.
- Audit-safe defaults: The system defaults to restrictive access and requires explicit administrative action to grant visibility.
- Immutable attestation: Locked bindings cannot be modified without administrative override and audit logging.
Summary Statement
Govula may internally support multiple compliance frameworks for operational efficiency. However, each external stakeholder audience is bound to a single authorised workspace at any given time. All reports, Statements of Applicability, evidence displays, and compliance dashboards presented to that audience are generated exclusively from their bound workspace. No other frameworks, workspaces, or preparatory views are visible or accessible to non-technical stakeholders.
6. Document Control
This document describes the technical implementation of the Govula governance model. For questions regarding the operation or configuration of these controls, contact your organisation's system administrator.