• Introduction

  • Getting Started

    • First Login
    • Dashboard
    • Navigation
    • User Profile

  • Administration

    • User Management
    • Tenant Settings
    • Activity Log

  • Risk Management

    • Risks
    • Risk Assessments
    • Threats
    • Incidents
    • Findings

  • Control Management

    • Controls
    • Control Objectives
    • Effectiveness Reports

  • Tasks

    • Task Management

  • Compliance

    • References
    • Requirements
    • Requirement Groups
    • Evidence

  • Assessments

    • Baselines
    • Challenges

  • Organization & Assets

    • Legal Entities
    • Locations
    • Teams
    • Persons
    • IT Assets
    • Information Assets
    • Physical Assets
    • Products
    • Processes
    • Capabilities
    • Third Parties
    • Engagements
    • Scope Groups

  • Blueprints

    • Blueprints

  • Structures

    • Standards
    • Domains
    • Categories
    • Projects
    • Assurances

  • Compliance ID

    • Overview
    • General Settings
    • VUCA Score Sharing
    • Control Sharing
    • Requirement Sharing
    • Assurance Sharing
    • News & FAQ
    • Access Management
    • Subscriber Management
    • The Public ID Page

Introduction

Demo Data

Introduction

The documentation screenshots and examples throughout this guide use data from a fictional organization called NovaTrust Financial Services. This demo environment provides a realistic view of how vucavoid works in practice, complete with risks, controls, compliance requirements, incidents, and the connections between them.

Understanding this demo context helps you navigate the screenshots and relate what you see to your own organization's GRC needs.

About NovaTrust Financial Services

NovaTrust is a medium-sized fintech company specializing in digital payment processing and e-wallet solutions. Operating globally with headquarters in New York, the company faces the regulatory and security challenges typical of the financial services industry.

Attribute Details
Industry Financial Services / Fintech
Specialization Payment processing, e-wallet solutions
Headquarters New York, USA
Global presence USA, Europe (Netherlands, Germany), Asia Pacific (Singapore)
Employees ~250 across all entities
Compliance scope PCI DSS, SOC 2, GDPR, ISO 27001

This profile was chosen because fintech organizations face comprehensive GRC requirements across multiple regulatory frameworks. The demo data demonstrates how vucavoid handles real-world complexity: overlapping compliance requirements, multi-jurisdictional operations, and the interconnected nature of risks, controls, and evidence.

What the Demo Includes

The NovaTrust demo environment contains a complete GRC dataset with realistic relationships between entities. Rather than isolated records, this data shows how everything connects, from risks linked to controls, controls mapped to requirements, and evidence supporting compliance claims.

Organization Structure

Entity Type Count Examples
Legal Entities 5 NovaTrust Inc. (USA), NovaTrust EU B.V. (Netherlands), NovaTrust Technology GmbH (Germany)
Locations 8 New York HQ, Amsterdam Office, Frankfurt Tech Center, Singapore Branch
Teams 8 Security Operations, Compliance, IT Infrastructure, Risk Management
Persons 25 Key personnel in scope for GRC activities

See Legal Entities, Locations, and Teams for details on modeling your organizational structure.

Asset Inventory

Asset Type Count Examples
IT Assets 30 Payment gateway servers, database clusters, API infrastructure, security appliances
Information Assets 25 Customer PII, cardholder data, transaction logs, encryption keys
Physical Assets 15 Data center equipment, access control systems, backup media

The demo includes assets with various lifecycle states, EOL/EOS tracking for IT assets, and business criticality ratings. See IT Assets, Information Assets, and Physical Assets.

Business Context

Entity Type Count Purpose
Products 10 Payment services offered to customers
Processes 12 Business processes in scope for compliance
Capabilities 8 Organizational capabilities supporting operations
Third Parties 15 10 vendors + 5 clients with risk profiles
Engagements 8 Audit and consulting engagements

Third parties include cloud providers, payment processors, and consulting firms. Each has relationship context and risk considerations. See Third Parties and Engagements.

Risk & Control Framework

Record Type Count Coverage
Risks 50 Data security, compliance, operational, third-party risks
Risk Assessments 100+ Historical assessments showing trend data
Treatment Plans 40 Active mitigation strategies
Controls 100 Technical, administrative, and physical controls
Control Objectives 25 Grouped by security domain
Control Effectiveness Reports 60 Evidence of control performance

Risks include fintech-specific scenarios: payment card data breach, ransomware attacks, regulatory non-compliance, and third-party failures. Controls are mapped to the risks they mitigate. See Risks, Controls, and Control Effectiveness Reports.

Compliance Framework

Record Type Count Coverage
Standards 4 PCI DSS, SOC 2, ISO 27001, GDPR
References 20 Specific clauses and control requirements
Requirements 150 Detailed compliance obligations
Requirement Groups 7 Logical groupings for assessment
Evidence 45 Documents, screenshots, attestations

The demo shows requirements at various fulfillment stages: fully compliant, partially compliant, and gaps requiring attention. See References, Requirements, and Evidence.

Operational Data

Record Type Count Purpose
Findings 30 Audit findings at various remediation stages
Incidents 15 Security incidents with response documentation
Tasks 40 Assigned work items with deadlines
Baselines 4 Gap assessment baselines
Baseline Matches ~100 Control-to-requirement mappings

Findings and incidents demonstrate the full lifecycle from identification through remediation. Tasks show assignment patterns and overdue management. See Findings, Incidents, and Tasks.

Blueprints

Blueprint Type Count Examples
Control Blueprints 5 Reusable control templates
Reference Blueprints 3 Standard requirement sets
Domain Blueprints 4 Organizational domains
Blueprint Sets 4 Grouped blueprints for deployment

Blueprints demonstrate how organizations can create reusable templates for common GRC elements. See Blueprints.

Demo Users

The demo environment includes users with different roles, demonstrating vucavoid's permission system and how various GRC responsibilities are distributed across an organization.

User Role Responsibilities
Sarah Chen CISO Tenant admin with full access. Risk, compliance, incident, and control management
James Wilson GRC Manager Risk analysis, compliance tracking, requirement management
Maria Garcia Compliance Officer Compliance analysis, requirement fulfillment, control management
David Kim Risk Analyst Focused risk management role
Emma Johnson Security Engineer Control implementation, incident response
Michael Brown Internal Auditor Finding management, audit activities
Lisa Anderson IT Manager Asset management, incident handling
Robert Taylor Operations Director Tenant admin with asset and compliance oversight
Jennifer Martinez Legal Counsel Compliance analysis, requirement management
William Davis CFO Executive viewer role (view-only access)

This distribution shows how vucavoid supports role-based access. The CISO has comprehensive access, while specialists focus on their domains, and executives have visibility without edit capabilities.

See User Management for details on configuring roles and permissions.

Using the Demo for Learning

When exploring the documentation, you'll see NovaTrust data in screenshots. Here are some ways to relate what you see to your own organization:

Understand the Connections

Notice how records link together:

  • Risks reference the controls that mitigate them
  • Controls map to the requirements they satisfy
  • Findings generate tasks for remediation
  • Incidents may trigger new risk assessments

These relationships aren't just organizational. They power reporting, VUCA score calculations, and audit evidence.

Follow Realistic Workflows

The demo data includes records at various lifecycle stages:

  • Risks: Some newly identified, some under assessment, some with completed treatment
  • Findings: Some open, some in remediation, some closed
  • Tasks: Some pending, some overdue, some completed

This helps you understand how records progress through their lifecycles in practice.

See Multi-Framework Compliance

NovaTrust demonstrates managing multiple frameworks simultaneously:

  • PCI DSS requirements for payment security
  • SOC 2 criteria for service organization controls
  • ISO 27001 controls for information security
  • GDPR requirements for data protection

Notice how a single control can satisfy requirements from multiple frameworks, and how evidence can support multiple compliance claims.

Screenshots and Your Data

The screenshots throughout this documentation show NovaTrust data. When you log in to your own vucavoid tenant, you'll see your organization's data instead. The interface and capabilities are identical. Only the content differs.

VUCA Score in Demo Data

The NovaTrust demo includes a realistic VUCA score reflecting its GRC health:

  • Some risks with overdue treatment deadlines (affects Volatility)
  • A few controls missing recent effectiveness reports (affects Uncertainty)
  • Multiple compliance frameworks creating cross-dependencies (affects Complexity)
  • Some requirements without clear ownership (affects Ambiguity)

This demonstrates that even well-managed organizations have areas requiring attention. The VUCA score helps prioritize where to focus improvement efforts.

See VUCA Score for a complete explanation of how the score is calculated.

  • Overview - Introduction to vucavoid and GRC management
  • Key Concepts - Core terminology and platform philosophy
  • Dashboard - Understanding your VUCA score and widgets
  • Risks - Managing your risk register
  • Controls - Implementing and tracking controls
  • Requirements - Tracking compliance obligations
Previous
System Requirements
Next
First Login

Cookie Use on Our Site

To ensure the smooth functioning of our website, we use a limited number of cookies. These cookies are essential for providing you with the services available on our website and to use some of its features. Here is a brief overview:
  • vucavoid_session: This cookie is essential for user authentication. It ensures that your session is secure and recognizes you as you navigate through our site.
  • XSRF-TOKEN: This cookie is critical for website security. It helps protect against cross-site request forgery attacks.
  • latest_marketing_banner_visible_{MARKETING_BANNER_ID}: This cookie simply remembers if you have seen our latest site banner, enhancing your browsing experience without tracking your personal data.

These cookies are strictly necessary to deliver the website, and therefore, we do not require your consent to place these cookies. For more information, please visit our Privacy Policy.