• Introduction

  • Getting Started

    • First Login
    • Dashboard
    • Navigation
    • User Profile

  • Administration

    • User Management
    • Tenant Settings
    • Activity Log

  • Risk Management

    • Risks
    • Risk Assessments
    • Threats
    • Incidents
    • Findings

  • Control Management

    • Controls
    • Control Objectives
    • Effectiveness Reports

  • Tasks

    • Task Management

  • Compliance

    • References
    • Requirements
    • Requirement Groups
    • Evidence

  • Assessments

    • Baselines
    • Challenges

  • Organization & Assets

    • Legal Entities
    • Locations
    • Teams
    • Persons
    • IT Assets
    • Information Assets
    • Physical Assets
    • Products
    • Processes
    • Capabilities
    • Third Parties
    • Engagements
    • Scope Groups

  • Blueprints

    • Blueprints

  • Structures

    • Standards
    • Domains
    • Categories
    • Projects
    • Assurances

  • Compliance ID

    • Overview
    • General Settings
    • VUCA Score Sharing
    • Control Sharing
    • Requirement Sharing
    • Assurance Sharing
    • News & FAQ
    • Access Management
    • Subscriber Management
    • The Public ID Page

Introduction

Multiple Tenants

Introduction

vucavoid is a multi-tenant platform. Each organization (tenant) operates in complete isolation from others. This architectural decision is fundamental to how vucavoid handles sensitive GRC data.

This page explains the data isolation model, how users relate to tenants, the single exception to isolation (blueprints), and common scenarios where multi-tenant access applies.

Data Isolation

No tenant data can be shared between tenants. This is an absolute rule with no exceptions for operational data.

When you create a risk, control, finding, incident, or any other GRC record in vucavoid, that record exists only within your tenant. No other tenant can see it, reference it, or access it in any way. This applies to:

  • All compliance records (risks, controls, requirements, findings, incidents)
  • All organizational assets (IT assets, information assets, physical assets)
  • All structural elements (standards, domains, categories, projects)
  • All baseline and challenge assessments
  • All evidence and documentation
  • All activity logs and audit trails

This isolation is enforced at the database level. There is no configuration option to share tenant data, no API endpoint to access cross-tenant records, and no administrative override.

Why This Matters

For a GRC platform handling sensitive compliance data, data isolation is non-negotiable. Your risks, control weaknesses, incident reports, and audit findings are confidential to your organization. Multi-tenant isolation ensures that even platform administrators cannot inadvertently expose one tenant's data to another.

How Users and Tenants Relate

The relationship between user accounts and tenants follows six principles:

Principle Description
Account initialization requires invitation User accounts are created through two paths: registering a new organization (which creates both the user and tenant) or accepting an invitation from an existing organization. There is no way to create a user account without an associated tenant.
New users must be invited To add someone to your organization, you must invite them from within your tenant. See User Management for the invitation process.
One email can access multiple tenants A single email address can be associated with multiple tenants. If you're a consultant, auditor, or hold positions in multiple organizations, you use one login to access all of them. Your personal account settings (name, password, two-factor authentication) are shared across all tenant memberships.
Users cannot share tenant data between tenants Even if you belong to multiple tenants, you cannot transfer, copy, or reference data from one tenant in another. Each tenant context is completely separate. Switching tenants means working with an entirely different dataset.
Unaffiliated users have no access A user account without any tenant membership can only access personal account settings. Platform features require at least one active tenant membership.
Email determines identity, accounts regulate affiliations Your email address is your identity across vucavoid. Your account manages which tenants you belong to and what roles you hold in each. This separation means you can be an administrator in one tenant and a read-only viewer in another, all under the same email login.

The Blueprints Exception

Blueprints are the only data that can exist outside tenant boundaries. This exception exists because blueprints serve as templates, not operational records.

How Blueprint Sharing Works

Blueprints have three visibility levels:

Level Scope Example
System blueprints Platform-wide, maintained by vucavoid ISO 27001 controls, SOC 2 requirements
Personal blueprints Owned by your user account Templates you create for your own reuse
Shared blueprints Personal blueprints shared to specific tenants Templates you share with clients or subsidiaries

When you create a personal blueprint, you can specify which of your tenants can see and materialize it. This allows consultants to maintain a library of templates and selectively share them with client organizations.

What Happens When You Materialize

When you materialize a blueprint, vucavoid creates actual records in your tenant. Those records become tenant data, subject to full isolation. The blueprint is a template. The materialized records belong entirely to your tenant with no connection to other tenants that might have materialized the same blueprint.

Not a Sync Mechanism

Blueprint sharing is one-way template distribution, not data synchronization. If you update a blueprint after sharing it, tenants that already materialized it do not receive updates. Each materialization is a point-in-time copy.

When You Need Multiple Tenants

Multi-tenant access supports several common scenarios:

Corporate Groups with Subsidiaries

A parent company oversees GRC programs across multiple subsidiaries. Each subsidiary operates as a separate tenant with its own risks, controls, and compliance posture. Personnel at the group level belong to multiple tenants to maintain visibility without merging data.

Consultants Serving Multiple Clients

GRC consultants work with multiple organizations. Each client is a separate tenant. The consultant's single account accesses all client tenants, maintaining clear data separation between engagements while allowing the consultant to reuse personal blueprints across clients.

External Auditors

Auditors need read access to review compliance data. Organizations invite auditors to their tenant with appropriate viewer roles. The auditor may belong to many tenants (one per audit engagement) without any data crossing between them.

Third-Party Vendor Access

Some organizations grant vendors limited access for specific purposes. Inviting a vendor to your tenant with restricted roles provides visibility into relevant controls or requirements without exposing your complete GRC program.

Investor or Stakeholder Visibility

Investors or board members may need visibility into compliance posture without operational access. Inviting them with read-only roles provides transparency while maintaining data security.

Regulatory or Compliance Body Access

External regulators conducting oversight can be invited with appropriate access levels. Tenant-based access control ensures they see only what you explicitly share.

Switching Between Tenants

If you belong to multiple tenants, switching is straightforward:

Via Sidebar Dropdown

  1. Click your current organization's name in the sidebar
  2. A dropdown shows all tenants you belong to
  3. Select the tenant you want to work in
  4. The page refreshes with that tenant's data
  1. Press Cmd+K (Mac) or Ctrl+K (Windows/Linux)
  2. Type the tenant name
  3. Select the tenant from search results

Your personal settings persist across tenant switches. Your roles, permissions, and data access change based on what each tenant has configured for your account.

See First Login for more details on the tenant switching interface.

Previous
Key Concepts
Next
VUCA Score

Cookie Use on Our Site

To ensure the smooth functioning of our website, we use a limited number of cookies. These cookies are essential for providing you with the services available on our website and to use some of its features. Here is a brief overview:
  • vucavoid_session: This cookie is essential for user authentication. It ensures that your session is secure and recognizes you as you navigate through our site.
  • XSRF-TOKEN: This cookie is critical for website security. It helps protect against cross-site request forgery attacks.
  • latest_marketing_banner_visible_{MARKETING_BANNER_ID}: This cookie simply remembers if you have seen our latest site banner, enhancing your browsing experience without tracking your personal data.

These cookies are strictly necessary to deliver the website, and therefore, we do not require your consent to place these cookies. For more information, please visit our Privacy Policy.