Organizational Setup

Flow's organizational setup controls platform-wide configuration including user management, role-based access, risk categories, matrix settings, and review cadences. Each organization operates as an isolated tenant with its own data, users, and configuration.

Overview

Organizational setup covers:

• Multi-Tenancy - Complete data isolation between organizations
• User Management - Role-based access control with four permission levels
• Risk Categories - Customizable risk taxonomy for your organization
• Matrix Configuration - Risk scoring settings (see Risk Matrix Scoring)
• Review Cadence - Default review period for risk reassessment
• Plan Management - Organization plan and feature access

Organization Creation

When a new organization is created, Flow provisions:

• A dedicated organization record with isolated data space
• Default risk matrix settings (5x5 matrix)
• Default risk level cutoffs (Low: 1–5, Medium: 6–12, High: 13–20, Critical: 21–25)
• Standard likelihood and impact scale definitions
• A default review cadence of 90 days
• Pre-configured risk categories

Default Risk Categories

New organizations start with these categories:

• Cybersecurity
• Operational
• Financial
• Compliance
• Technology
• Human Resources
• Third Party
• Product
• Strategic

Categories can be added, removed, or renamed in Settings to match your organization's risk taxonomy.

User Roles

Flow supports four user roles with escalating permissions:

Role	Description	Permissions
Viewer	Read-only access	View risks, reports, and dashboards
Risk Owner	Assigned risk management	View + manage assigned risks and actions
Risk Manager	Broad risk management	View + manage all risks, controls, and actions
Admin	Full platform access	All permissions + organization settings, user management

Role Assignment

• The first user in an organization is automatically assigned the Admin role
• Admins can invite additional users and assign roles
• Role changes take effect immediately

Organization Settings

Accessing Settings

Navigate to Settings from the application sidebar to access the configuration dialog. Settings are organized into sections:

• Organization - Name, plan, and general settings
• Risk Matrix - Matrix dimensions, level cutoffs, and scale definitions
• Users - Team members and role assignments
• Notifications - Alert preferences and compliance notifications
• AI Settings - AI feature configuration

Editable Settings

Setting	Description	Default
Organization Name	Display name for your organization	Set at creation
Matrix Size	Risk matrix dimensions	5x5
Level Cutoffs	Score thresholds for Low/Medium/High/Critical	5/12/20/25
Likelihood Definitions	Custom descriptions for each likelihood level	Standard 5-point scale
Impact Definitions	Custom descriptions for each impact level	Standard 5-point scale
Default Review Cadence	Days between risk reviews	90 days
Risk Categories	List of available risk categories	9 default categories

Multi-Tenancy

Data Isolation

Each organization in Flow has complete data isolation:

• Risks, controls, actions, and compliance items are scoped to the organization
• Users can only access data within their assigned organization
• All queries filter by organizationId at the database level
• Audit logs are organization-specific

Clerk Integration

Flow uses Clerk for authentication and organization management:

• Users authenticate through Clerk's sign-in flow
• Organization membership is synced between Clerk and Flow's database
• New users are automatically provisioned when they first sign in

Best Practices

• Configure Early - Set up your risk matrix, categories, and review cadence before adding risks
• Right-size Roles - Assign the minimum role needed for each user's responsibilities
• Review Categories - Periodically review and update risk categories to reflect your evolving risk landscape
• Consistent Settings - Ensure matrix and scoring settings align with your risk framework and board-approved risk appetite