Product
Modules That Map to How Teams Mature
How Modules Map to Plans
- Foundations— Governance, Evidence (manual), Assessments, Trust Center
- Continuous— Adds integrations, vendor workflows, risk register, and AI-assisted drafting
- Security Ops— Adds phishing simulations, tabletop exercises, and breach monitoring
- Resilience— Adds training and emergency communications
- Command— Adds on-prem monitoring and unexpected configuration change alerts (early access)
Plan names reflect maturity and automation depth, not headcount.
Module Directory
Assessments
Import questionnaires, draft cited answers, approve language, and export.
Outputs: Reviewer-ready export, approved golden answers
Evidence
Capture artifacts, track freshness, and export reproducible bundles.
Outputs: Evidence bundle, coverage verdict report
Governance
Policies, approvals, training records, and change history in one place.
Outputs: Policies with approvals, governance excerpts
Risk
Risks, exceptions, remediation tasks, and vendor due diligence workflows.
Outputs: Risk register export, vendor due diligence export
Trust Center
Tiered sharing, deal rooms (plan-based), agreements, and access logs.
Outputs: Curated buyer packs, access log export
Aurora Copilot
AI-assisted drafting grounded in your evidence (human-reviewed).
Outputs: Draft answers with citations
Practice Readiness
Tabletop exercises and readiness records that export as evidence (plan-based).
Outputs: After-action report, Readiness record exports
Command
Infrastructure evidence from scoped, read-only collectors (early access).
Outputs: Status snapshot export, Drift report
Supporting Product Surfaces
Vendor Risk Management
Vendor-specific due diligence workflow supporting the Risk module.
Owned by: Risk
Route: /product/vendor-risk-management
Canonical module route: /product/risk
Compliance Training
Training assignment and completion evidence under Practice Readiness.
Owned by: Practice Readiness
Route: /product/compliance-training
Canonical module route: /product/practice-readiness
Phishing Resiliency
Phishing simulation outcomes and follow-up evidence under Practice Readiness.
Owned by: Practice Readiness
Route: /product/phishing-resiliency
Canonical module route: /product/practice-readiness
Emergency Communication
Incident communications timelines and acknowledgement trails under Practice Readiness.
Owned by: Practice Readiness
Route: /product/emergency-communication
Canonical module route: /product/practice-readiness
Incident Readiness
Incident playbooks, exercises, and remediation evidence under Practice Readiness.
Owned by: Practice Readiness
Route: /product/incident-readiness
Canonical module route: /product/practice-readiness
Continuous Compliance
Automation/cadence narrative spanning Evidence and Governance outcomes.
Owned by: Evidence + Governance
Route: /product/continuous-compliance
Canonical module route: /product/evidence
Legacy route handling
- /product/practice redirects to /product/practice-readiness
Product Questions
Do I need to buy every module?
Do I need to buy every module?
No. Plans bundle the modules most teams need at each maturity stage. Start with exports, then expand.
Can we start with exports and add automation later?
Can we start with exports and add automation later?
Yes. Start manual, then connect integrations and scheduled checks without redoing mapping.
How do we share with reviewers?
How do we share with reviewers?
Use Trust Center tiers for controlled access, agreement gates, and access logging.
Want a Plan Recommendation Based on Your Next Review?
Tell us what reviewers asked for and your timeline. We’ll map the shortest path to a reviewer-ready export.
No obligation. We’ll start with the export format.