Stakeholder Views
How different stakeholders access and interact with compliance information.
This section is intended for: Technical Team, Auditor, Management. Unauthorised access is restricted.
Role-Based Information Access
Compliance information is consumed differently by different stakeholders. A board member needs a different view than a security engineer. Govula provides tailored interfaces for each perspective.
Access to views is controlled by role-based permissions. Users see only the views and data appropriate to their role and organizational scope.
Executive View
Target Audience
Board members, C-suite executives, senior leadership, governance committees
The Executive View provides a high-level summary of compliance posture without technical complexity. It is designed for decision-makers who need to understand risk and readiness, not implementation details.
Key Information Displayed
- Compliance Score: Overall percentage across all selected frameworks, with trend indication
- Risk Summary: Count and severity of open risk items requiring attention
- Audit Readiness: Assessment of readiness for upcoming certification or audit
- Trend Charts: Compliance trajectory over time
- Key Decisions Needed: Items requiring executive approval or attention
Decisions Supported: Resource allocation, risk acceptance, audit timing, certification readiness sign-off
Technical / Risk View
Target Audience
Security teams, IT operations, compliance officers, risk managers, control owners
The Technical View provides detailed control-level information for teams responsible for implementation and remediation. It surfaces gaps, priorities, and actionable items.
Key Information Displayed
- Control Status: Individual control implementation status with filtering
- Gap Analysis: Controls that are not implemented or partially implemented
- Evidence Status: Evidence freshness, missing evidence, expiring items
- Drift Detection: Changes from previous assessment period
- Remediation Recommendations: AI-generated suggestions for addressing gaps
- Risk Ratings: Control-level risk assessment
Decisions Supported: Remediation prioritization, evidence collection, control implementation, risk assessment
Auditor View
Target Audience
External auditors, certification body assessors, internal audit, regulators (via scoped access)
The Auditor View provides a read-only interface optimized for verification and evidence review. It surfaces traceability, justifications, and historical state.
Key Information Displayed
- Statement of Applicability: Complete SoA with all controls and justifications
- Evidence Links: Direct access to evidence supporting each control
- Audit Trail: Complete history of changes, approvals, and overrides
- Historical Snapshots: Point-in-time views of compliance state
- Export Packages: Downloadable evidence packs for offline review
Purpose: Verification of compliance claims, evidence review, audit preparation, certification assessment
View Permissions
Access to views is controlled by role-based access control (RBAC). The platform includes default roles with appropriate permissions:
| Role | Executive | Technical | Auditor |
|---|---|---|---|
| Administrator | Full Access | Full Access | Full Access |
| Compliance Manager | Full Access | Full Access | Full Access |
| Security Analyst | Read Only | Full Access | Read Only |
| Executive | Full Access | Summary Only | No Access |
| Auditor (External) | No Access | No Access | Scoped Access |
Custom roles can be created with specific permission combinations. Multi-tenant organizations can further scope access by organizational unit.
Cross-View Consistency
All views draw from the same underlying data. When compliance state changes, all views reflect that change simultaneously. This ensures:
- Executives and technical teams see the same compliance reality
- Auditors can verify that internal views match what is reported
- No discrepancies between different stakeholder reports
- Single source of truth for all compliance discussions