Compliance

Overview

What Compliance is

Compliance in 21RISK is a shared workspace for tracking whether sites, locations, departments, or business units meet the requirements your organization cares about. A Compliance board can represent a regulation, internal standard, insurance requirement, audit program, certification, supplier standard, or any other recurring set of controls.

Each board combines four things:

  • Requirements — The sections and questions that define what must be checked
  • Sites — The locations or organizational units where each requirement is assessed
  • Answers — The current status, owner, due date, cost, comments, labels, and files for each site-specific question
  • Evidence — The activity history, question revision history, files, and saved reports that explain what changed and why

The result is a live compliance register that can be updated by your team, reviewed by managers, and saved into reports when you need point-in-time evidence.

Core concepts

Concept What it means
Board The workspace for one compliance program. It contains the question structure, site scope, statuses, access settings, reports, and activity history.
Section A heading or folder used to group related requirements. Sections can contain other sections and questions.
Question A requirement that must be answered for each site. Questions are the leaf items that receive statuses and evidence.
Site A physical location or organizational level where compliance is tracked. Site hierarchy and site access are respected.
Answer The site-specific response to a question. It can include status, responsible user, due date, cost estimate, labels, comments, and files.
Status A board-specific answer option, such as Yes, No, Compliant, Non-compliant, Done, Blocked, or any other status your organization defines.
Report A saved snapshot of a site's compliance state at a point in time. Reports are useful for audit evidence and management reviews.

How a board is organized

A Compliance board uses a hierarchy of sections and questions. Sections are containers. Questions are the requirements that get answered. 

Fire Protection Program                 (section)
├── Sprinkler Systems                   (section)
│   ├── Are inspections completed?      (question)
│   └── Are impairment records current? (question)
├── Emergency Response                  (section)
│   ├── Is the evacuation plan current? (question)
│   └── Are drills documented?          (question)
└── Are local permits available?        (question)

Important rules:

  • Sections can contain child sections and child questions.
  • Questions cannot contain children.
  • Sections and questions can both appear at the top level of the board.
  • Questions can be moved before, after, or inside another section.
  • The hierarchy is kept in order automatically, so reports and matrix views remain readable.

The main views

Compliance boards are designed around a few practical work areas.

View Use it for
Questions by site View and manage the complete question matrix. Questions are rows, sites are columns, and each cell shows the current answer status.
Sites Compare sites by compliance percentage, open items, closed items, status distribution, estimated cost, last update date, and responsibility columns.
Site detail Work through one site's questions in a table or card view. Update statuses, owners, due dates, costs, files, and comments.
Questions Work from a cross-site table of question answers. Use it as a "what needs doing" list across all sites, with fields such as status, site, responsible user, due date, cost, and tags.
Reports Review saved point-in-time reports for individual sites.
Settings Configure board name, URL, introduction text, sites, statuses, automations, responsibilities, access, and activity.

The Questions by site matrix is usually the best place to understand the overall state of a board. The Site detail view is usually the best place to complete work for one site.

Statuses

Every question-site combination must have one status from the board's configured status set. Statuses define the answer options users can select, how site compliance is calculated, and whether certain statuses are restricted to specific users.

For example, a board can allow most users to set Awaiting review , while only reviewers can set Completed . Read Compliance statuses for status setup, Open/Closed/Ignore behavior, compliance calculation, and status rules.

When a new leaf question is created, 21RISK creates an answer item for each active site on the board. When a site is added to the board, 21RISK creates answer items for the board's current leaf questions. This keeps the matrix complete without requiring users to manually create every question-site cell.

Working with answers

An answer is the site-specific response to a question. It can include status, responsible user, due date, cost estimate, labels, comments, and files.

Use the site detail view when you want to work through one site. Use the Questions table when you want a cross-site list of what needs doing. Read Compliance site work and reports for the full workflow.

Question changes and audit history

Compliance requirements change over time. 21RISK records question changes as revisions instead of silently overwriting the old content.

Question edits can be minor changes or major changes. Major changes create a new question version so old answers are not made to look like they answered a new requirement. Read Compliance questions and sections for question structure, placement, versions, and history.

Reports and snapshots

Reports are saved snapshots of a site's compliance state at a point in time. Create a report when you need a stable record for an audit, management review, customer request, insurance renewal, or internal follow-up meeting.

Historical reports are read-only and preserve the question structure from the time the report was saved. Read Compliance site work and reports for report behavior and site-level work guidance.

Access and responsibilities

Compliance uses the same access principles as the rest of 21RISK: board access controls who can enter the board, and site access controls which sites a user or AI agent can work with.

Board settings include pages for:

  • Access — Manage who can use the board and who owns it
  • Effective access — Review the resulting access after group ownership, board access, and site access are combined
  • Sites — Choose which sites are included in the board
  • Responsibilities — Configure responsibility columns and responsible users for site-level follow-up
  • Status — Configure the statuses and status rules used by the board
  • Automations — Configure automated follow-up behavior where available
  • Activity — Review board activity and activity logs

Organization owners can access all boards. Other users and AI agents only operate within the permissions they have been granted.

Creating a board

To create a Compliance board:

  1. Open New from the main navigation.
  2. Choose Compliance .
  3. Enter a board name.
  4. Confirm or adjust the URL slug.
  5. Create the board.
  6. Add sites from the board settings.
  7. Configure statuses if the defaults do not match your workflow.
  8. Build your sections and questions.
  9. Start updating answers in the matrix or site detail view.

The user who creates the board is added as a board owner.

For most teams, the smoothest setup order is:

  1. Create the board with a clear name, such as Global Fire Safety Standard or Supplier Code of Conduct .
  2. Add the sites that should be assessed.
  3. Configure statuses and decide which status should be used for new unanswered items.
  4. Add responsibility fields if your process needs named owners for sites or topics.
  5. Build the section and question structure.
  6. Review the matrix to confirm all expected sites and questions appear.
  7. Assign owners, due dates, comments, files, and statuses as work begins.
  8. Save reports when you need point-in-time evidence.
previous Delete
next Compliance questions and sections