Documents Management

The Documents Management module provides a centralized repository for all organizational documentation related to governance, risk, and compliance. Upload, categorize, and link documents to risks, controls, actions, and vendors for complete traceability.

Overview

Documents Management enables organizations to:

• Centralized Repository - Store all GRC documents in one searchable location
• Category Organization - Classify documents by type, category, and status
• Entity Linking - Associate documents with risks, controls, actions, and vendors
• Version Control - Track document versions and maintain revision history
• Access Management - Control document visibility with public and private options

Dashboard Statistics

The documents page provides real-time statistics at a glance:

• Total Documents - Complete count of uploaded documents with monthly upload trends
• Total Size - Aggregate storage consumption across all documents
• Active Documents - Count of currently active and valid documents
• Categories - Number of distinct document categories in use

Uploading Documents

Document Metadata

When uploading a document, you can specify:

• Title - Descriptive name for the document
• Description - Summary of document contents and purpose
• Document Type - Classification such as Policy, Procedure, Contract, or Evidence
• Category - Organizational category for grouping related documents
• Status - Current lifecycle status (Active, Draft, Archived, Expired)
• Version - Document version number for tracking revisions
• Tags - Searchable labels for quick discovery
• Expiry Date - Optional expiration date for time-sensitive documents
• Review Date - Scheduled review date for periodic document review

Linking to Entities

Documents can be linked to other GRC entities during upload or afterward:

• Risks - Attach evidence, assessments, or supporting documentation to specific risks
• Controls - Link control documentation, test results, and implementation evidence
• Actions - Associate action plans, remediation reports, and progress documentation
• Vendors - Attach contracts, assessments, and due diligence documentation to vendors

Document Table

Features

The documents data table provides:

• Sortable Columns - Sort by title, type, category, status, size, or date
• Search - Full-text search across document titles and metadata
• Filtering - Filter documents by type, category, status, or linked entity
• Column Visibility - Toggle visible columns to focus on relevant information
• Bulk Operations - Select multiple documents for batch actions
• Detail View - Click any document to view full metadata and linked entities

Document Types

Flow supports organizing documents by type:

• Policy - Organizational policies and governance documents
• Procedure - Standard operating procedures and process documentation
• Contract - Vendor contracts, SLAs, and agreements
• Evidence - Compliance evidence, audit artifacts, and test results
• Report - Assessment reports, audit findings, and analysis documents
• Certificate - Certifications, attestations, and formal recognitions
• Other - Additional document types as needed

Best Practices

• Consistent Naming - Use a standard naming convention for easy identification
• Regular Reviews - Set review dates to ensure documents remain current
• Complete Metadata - Fill in all relevant fields for maximum searchability
• Link Extensively - Connect documents to all relevant GRC entities for traceability
• Version Updates - Increment version numbers when making substantive changes
• Expiry Monitoring - Set expiry dates on time-sensitive documents like certificates and contracts