User groups determine the applications and fields users can access within the Compliance Management app. The app has six default user groups:
- Compliance Team: Users in this group can access the app, where they can launch and complete assessments in order to ensure their organization is abiding by all applicable legislation.
- Requirement Owner & Delegate: Users in this group are responsible for managing requirements in the app. Requirement owners and their delegates are responsible for documenting controls and addressing remediation activities, including issues and corrective actions. They are given full responsibility for any requirements assigned to them.
- Control Owner & Delegate: Users in this group are responsible for ensuring controls are adequate for the organization's risks and that control documentation is kept up-to-date.
- Issue Owner & Delegate: These users are responsible for documenting issues discovered during an assessment. Issue Owners and their delegates then create corrective actions to remediate the issue, which they assign to the Corrective Action Owner. Issue owners and their delegates must monitor corrective actions until they are completed.
- Corrective Action Owner & Delegate: These users manage the corrective actions assigned to them by the Issue Owner. Corrective action owners and their delegates must monitor corrective actions until they are completed.
- Alert Owner: These users manage alerts assigned to them by the Compliance Team. Alert owners are responsible for reviewing the details of alerts and attaching new issues and corrective actions.
- Policy Owner: Users in this group are responsible for ensuring policies are up to date, including document the policy narrative, attaching supporting documents to the policy, and adding comments.
- Administrator: Users in this group are responsible for adding users.