Onboarding roadmap

Welcome to brightGRC

Run one or more compliance programmes (ISO 27001, SOC 2, regional frameworks—whatever your plan exposes) in a single workspace: control libraries, implementation status, risks, tasks, evidence, and leadership review. Use the checklists below to stand up your environment. Tick items locally as you go—nothing is submitted until you save in each module.

Open dashboard Help center

Workspace & access

Company profile, seats, and how your team signs in.

  • Confirm company profile & domain
  • Invite teammates & review seat roles
  • Review module access (plan / visibility)
  • Optional: notification & SMTP settings
Seat admin

Programmes & controls

Framework instances, library controls, and your Statement of Applicability.

  • Confirm which standards are enabled for your company
  • Open the SOA / mapping view for your lead programme
  • Set applicability and implementation status per control
  • Link owners to controls that need evidence or testing
SOA & controls

Policies & documents

Template-based policies and procedures aligned to your programmes.

  • Pick a template set that matches your enabled frameworks
  • Complete merge fields (organisation, scope, dates)
  • Run legal / policy owner review before publication
  • Route signed documents into your change-control process
Policies

Risk, tasks & training

Operational work: risk treatments, assignments, and awareness.

  • Seed or import top risks for your scope
  • Assign owners and due dates on the task queue
  • Roll out security / compliance training where required
  • Close the loop from audit findings to remediation tasks
Tasks

Evidence & governance

Assurance artefacts, reviews, and continuity planning for your programmes.

  • Attach evidence to controls ahead of internal audit
  • Schedule management review inputs and action items
  • Maintain BC/DR contacts and test notes where applicable
  • Export or bundle packages your auditor expects
Evidence

Connectors

Websites, shops, and APIs feeding automation or telemetry.

  • Add a site connector (CMS / storefront)
  • Configure webhooks or scanner where offered
  • Verify API base URL & credentials in-browser
Connectors