For operations, risk, and compliance teams: policies enforced, exceptions time-boxed, separation of duties guaranteed by the system — not by convention.
Policy exceptions happen in messages — unbounded, unexpiring, unprovable.
Separation of duties depends on people remembering, not on enforcement.
Weeks spent assembling what should already exist as a record.
The control matrix is a file someone owns — until they leave.
· Product recreation based on live NILARA workflows.
Every step has an owner, a record, and a seal — so the evidence package assembles itself.
| Step | Owner | What’s recorded | Sealed |
|---|---|---|---|
| Change requested | Model owner | Change request linked to the model record | Request logged |
| Risk review | Model risk / 2nd line | Assessment attached to the record | Review recorded |
| Approval | Risk committee | Sign-off on a defined route | Approval bound to identity & time |
| Deployment | Owner | Approved version marked effective | Prior version retained |
| Access review | IT / security | Who can change or deploy | Access reviewed & logged |
| Audit evidence | Internal audit | Complete change & approval trail | Evidence package exported |
Exception requests, limit changes, and attestations route by policy; the system refuses the same person on both sides, and escalates on SLA.
Versioned policies, procedures, and control evidence with access rules, retention, and export-ready audit packages.
Reviews, attestations, and remediation with owners and due dates — and an executive view of control health.
Requester states scope, duration, and reason.
Risk assesses; comments on the record.
Approver chosen by rule; SoD enforced.
Exception expires on schedule; re-review queued.
Every control has one accountable owner.
Owners attach proof, not just checkmarks.
Missing attestations rise on a defined path.
The quarter exports as one ordered record.
Impact and rationale documented.
Reviewed against the framework.
Approved by the accountable executive.
New control live; history preserved.
Every step above is owned, timed, and sealed to the record — these are the workflows we model with you in week one.
The system blocks conflicting approvals — no reliance on memory.
Every exception is scoped, time-boxed, and provably re-reviewed.
Who approved what, when, under which rule — on demand.
One effective version; attestation coverage visible.
Evidence accumulates as work happens.
Open exceptions, overdue attestations, and remediation in one view.
Run these in your evaluation — they’re the moments where governed and “governed” differ.
Attempt it. Separation of duties should block you by rule, not by policy memo.
Grant a time-boxed exception; verify it expires and re-review is queued automatically.
One export: who attested, with what evidence, and what escalated.
Watch the old version preserved and the new one carry its approval.
Who approved X, when, under which rule — target: under five minutes.
At the workflow engine: routes evaluate identity and role on every step, and the same identity cannot satisfy conflicting steps. It’s a rule the system executes, not a policy people follow.
Not necessarily — NILARA governs the operational record (policies, exceptions, attestations, evidence). Many teams feed their GRC reporting from NILARA exports and the API.
Yes — scoped, read-only, time-boxed roles with their access itself on the trail.
We’ll model it end to end — request, approval, evidence, and the export your auditor asks for.