Compliance

The Compliance module functions as the central hub and repository for cybersecurity governance artifacts and program documentation. In addition to the Risk Assessment Management Procedure (RAMP) and the Cyber Incident Response Procedure (CIRP), it generates dynamic strategy documents, policies, and governance materials that evidence program maturity during ISO, SOC 2, and similar framework-based attestations—without thick generic templates that can bury an organization in hidden commitments and audit traps. It enables you to meet compliance standards with precise, durable processes that reflect real operating practices and incorporate platform data for end-to-end auditability.

The module is organized into three main sections: Governance, Procedures, and Policies.

Governance

Adversarial’s Governance capability goes beyond documentation. The platform serves as the nerve center for governance reporting, providing a concise Cybersecurity and Governance Committee (CyberGov) charter and on-demand Board and CyberGov decks populated with live operational data. These reports surface shifts in threat profile, risk posture, incident activity, and remediation performance—without manual data reconciliation or drowning leaders in evolving cybersecurity jargon and tool categories. Generated directly from the system of record, the decks are delivered as editable PPTX files across configurable time horizons. They clearly communicate inherent risk, residual exposure, and the effectiveness of the organization’s response over time.

CyberGov Charter

The Cybersecurity and Privacy Governance (CyberGov) Committee Charter can be generated directly within the Adversarial platform. Its purpose is to establish a committee that oversees management’s implementation of the organization’s cybersecurity and privacy risk management programs. While organizations may use different names for this committee, the objective is consistent: ensure cybersecurity practices and programs are appropriately implemented and governed.

The charter includes recommended committee composition, common titles and roles, and clearly defined duties and responsibilities for each member. Many organizations schedule CyberGov meetings approximately two weeks before a Board meeting to review the latest information and prepare any items requiring Board communication.

The Charter can be downloaded as a DOCX file, tailored to your organization’s needs, and shared with the relevant stakeholders. For details on running the committee, see CyberGov.

CyberGov and Board Decks

Within the Governance section of the Compliance module, select Manage to open the deck generator. Choose a Report Type (CyberGov or Board), update the Report Name, and set the Start Date and End Date for the reporting period.

By default, Report Name and Start/End Date are pre-populated for the most recent completed quarter—reflecting the typical cadence for Board and CyberGov reporting. To produce ad hoc reports, adjust the name and dates as needed.

Choose the report type based on the audience and the level of detail required:

• Board Deck (concise, executive-ready)

  • Core module overview
  • Threat profile summary, including changes to prioritized threat objectives
  • Primary risk slide featuring the Remediation Agility chart
  • Incident overview focused on Sev1 and Sev2
  • Compliance slide summarizing policy changes, with editable sections for attestations and TPRM activities managed outside the platform

• CyberGov Deck (deeper operational detail)

  • Includes all Board Deck content
  • Risk tables highlighting critical and high-urgency items
  • Incident tables covering Sev1, Sev2, and Sev3

Threat Profile slide

The Threat Profile slide renders your organization’s threat profile heat map. If a threat objective’s score changed during the reporting period, an arrow shows the movement from the previous position to the current one. Objectives that did not change during the period show only the current position.

Executive Summary

The Executive Summary is generated by AI. It takes threat profile data, risk metadata, and incident metadata from the reporting period and produces narrative summaries for threats, risks, incidents, and compliance. See AI Features for details on how AI is used in governance reporting.

Risk Management

The Remediation Agility (RemAgi) chart is the primary risk slide in both the Board and CyberGov decks. It illustrates how effectively your organization reduces residual risk over time through a rolling 365-day view of High and Critical risks opened and closed each day, aligned to their Service Level Agreements (SLAs).

A risk’s due date is determined by its assigned urgency, which maps to the applicable SLA. The chart is driven by the fields Urgency, Status, Discovered Date, Due Date, and Closed Date. Each column is a daily snapshot of the risk register:

• A gray point represents an open risk still within SLA.
• A red point represents an open, past-due risk.

A risk appears in each day’s column while it remains open.

The RemAgi chart elevates the conversation to realized remediation outcomes—reducing the noise of granular findings and helping senior leadership and the Board focus on whether High vs. Critical classifications are appropriate, whether SLAs are meaningful, and what factors may be driving delays (for example, resource constraints, code freezes, vendor dependencies, or recent M&A with uncertain posture). Within the generated decks, a reporting-period callout highlights on-time (gray) versus overdue (red) activity for the current cycle, while the full-year view shows sustained risk identification and remediation over time.

Risks included in the reporting period

A risk appears on the RemAgi chart and in the CyberGov risk tables if any of the following conditions are met:

• Discovered and currently open during the reporting period
• Discovered and closed during the reporting period
• Due during the period (due on or before the period end, and either still open or closed during/after the period)
• Discovered outside the period but closed during the period

Note

Risks populated with a Closed Date are reflected in the Remediation Agility chart regardless of whether their status is set to Closure Proposed or Closed—the presence of a closed date is the determining factor. This is an important consideration for risks created or updated by an integration, where a risk may be created in the Closure Proposed state with a closed date already assigned.

Incident Management

The Incident chart is the main incident slide in both the Board and CyberGov decks. It provides a rolling 365-day view of incident reporting and shows how effectively your organization is detecting and containing incidents.

• The Board Deck focuses on Sev1 and Sev2 incidents.
• The CyberGov Deck covers Sev1, Sev2, and Sev3 incidents.

The chart is driven by the fields Severity, Occurred Date, Detected Date, and Contained Date. For each incident, the chart makes visible when it occurred, when it was detected, and when it was contained. Within the generated decks, a reporting-period callout highlights incidents for the current cycle, while the full-year view shows consistent incident identification and containment across the year. Callout information includes the Threat Objective, Title, INC ID, and Detected Date. The color around the Threat Objective (red, orange, yellow) aligns with the assigned severity level.

Incidents included in the reporting period

An incident appears on the Incident chart and in the CyberGov incident tables if any of the following conditions are met:

• Detected date falls within the reporting period
• Occurred date falls within the reporting period
• Contained date falls within the reporting period
• Detected or occurred before the reporting period, but contained within it

Procedures

As the system of record, the Adversarial platform maintains two procedural guides—the Risk Assessment Management Procedure (RAMP) and the Cyber Incident Response Procedure (CIRP)—that define the methods and processes for managing risks and incidents. These procedures also serve as the platform’s embedded AI knowledge base, double as training guides for analysts, and provide audit-ready evidence of risk and incident management.

As part of onboarding, new users should review the procedure(s) relevant to their role and responsibilities.

Risk Assessment Management Procedure (RAMP)

The RAMP governs how your organization assesses and manages risks. It defines relevant fields, scoring methodologies, and the end-to-end workflow for risk management within the platform. The RAMP is embedded in the AI features used in the Risk Register and serves as a training guide for analysts responsible for risk management.

Cyber Incident Response Procedure (CIRP)

The CIRP governs how your organization responds to cybersecurity incidents. It defines relevant fields, severity definitions with examples, escalation paths, and a detailed account of how an incident is managed from detection through containment. The CIRP ensures a common rubric and consistent severity scoring is applied across all incidents while necessary escalation and notification paths are clearly outlined.

The CIRP is the embedding for the AI scoring feature in the Incident module and can be used as a training guide for security teams responsible for managing incidents.

AI and Procedural Embeddings

The Adversarial platform includes several features that leverage AI Large Language Models (LLMs) to automate risk and incident management and streamline communications.

Risk Register — When risks enter the register—through automated API integrations, bulk CSV imports, or manual entry—AI can be applied individually or in bulk to assess likelihood and impact ratings, memorialize the rationale, and discern the Threat Objectives potentially associated with each risk. The AI embeds risk register details alongside the RAMP and a tactical embedding supplement. Requests are routed to Adversarial’s commercial OpenAI account by default, with the ability to train models or share customer data with OpenAI explicitly disabled.

Incident Register — Available incident details can be embedded alongside the CIRP and an embedding supplement on demand to propose incident severities per the CIRP, explain the rationale, and discern related Threat Objectives.

Governance Reporting — Several elements of governance reporting leverage AI to construct narrative summaries. The Executive Summary identifies themes and patterns across risk and incident metadata, while the risk management slide uses similar prompts to summarize remediation agility.

Content generated by AI within the platform is clearly delineated, available for user review and modification, and guided by the prescriptive procedural documents alongside tactical supplements. These supplements are available for review on demand and, together with the procedural guides, provide more deterministic outcomes on risk and incident scoring than most manual team processes in practice.

Policies

The Policies section includes a platform-generated Cybersecurity Policy tailored to your organization’s Threat Profile. Based on the prioritized Threat Objectives set in the Threats module, relevant policy sections can be tuned in real time before saving and approval.

Policy settings can be adjusted per section with three levels:

• Aggressive (most lenient)
• Moderate
• Conservative (most restrictive)

For organizations with existing policies, the Adversarial-generated policy can serve as a gap-analysis baseline. It can be downloaded as a DOCX file and edited as needed.

Tip

The Threat Profile is the backbone of the platform. It informs both the Cybersecurity Policy and Adversarial Key Risks (AKRs). Use the What-if Report live preview to see how changes to Threat Objectives affect AKR assignments and policy recommendations before committing.

Once the Threat Profile is established, save suggested changes and route them through the two-level approval process. If governance review is required, you can hold final approval until the next CyberGov or Board meeting.