User guide

Ironframe GRC — Complete Beginner User Guide

Reading level: 11th grade · Audience: New users with zero prior GRC or Ironframe experience
Canonical path: /docs/user-manuals/user-guide · Master operator manual

This guide follows the professional GRC workflow: identify → assess → mitigate → monitor. Every step maps to a real route in the Ironframe SaaS application.


1. Introduction — What is Ironframe?

Ironframe is a Governance, Risk, and Compliance (GRC) platform. It helps organizations:

  • Governance — Set rules and policies (who can do what)
  • Risk — Measure financial exposure (ALE) and threats
  • Compliance — Prove controls to auditors with immutable evidence

Quick tip: Think of Ironframe as a command center with three panels: data on the left (22%), your work in the center (48%), and audit logs on the right (30%).

Command Center layout

Related reading: Glossary · Quick-Start · Training Index

source-file: docs/TAS.md
source-file: config/route-manifest.v0.1.0-ga-epic17.json


2. Getting Started

2.1 Account access

  1. Receive your sales-assisted invitation email (public self-registration may be disabled).
  2. Open Login at your workspace URL (local dev: sign in via Supabase at /login).
  3. Complete MSA/DPA legal sign-off when prompted at /legal/accept.
  4. Land on the Integrity Hub at /integrity after authentication.

Quick tip: Open DevTools → Application → Cookies and confirm ironframe-tenant is set after login.

2.2 Navigation basics

AreaRouteWhat you do there
Integrity Hub/integrityView ALE exposure, maturity score, threat posture
Evidence Vault/evidenceAccess immutable WORM audit evidence
Cockpit/cockpitView 19-agent workforce coordination
Board Report/board-reportExecutive readiness summary
Documentation/docsThis handbook and training manuals
Audit exports/dashboard/exportsDownload tenant-scoped CSV/PDF
Audit trail/reports/audit-trailForensic audit trail reports
Support/dashboard/supportTenant-scoped CS console; replies queue for operator HITL
Admin approvals/dashboard/admin/approvalsGLOBAL_ADMIN unified queue (SUPPORT + SALES drafts)

Integrity Hub

2.3 Tenant workspace setup

  1. Use the tenant switcher (building icon, top navigation).
  2. Select Medshield, Vaultbank, or Gridcore (your assigned tenant).
  3. Confirm data changes when switching — this proves tenant isolation.

Quick tip: Never share screenshots that show another tenant's UUID or exposure values.

Lab: Tenant Switching


3. Core Tasks (GRC Professional Workflow)

3.1 Identify — Threats and exposure

  1. Go to /integrity.
  2. Review sovereign pool baseline cards (whole-integer USD cents internally; formatted strings in UI).
  3. Note critical threat count and active vulnerabilities.
  4. Open Threat Pipeline / Active Risks from the dashboard home.

3.1.1 Enter a threat (Manual Risk Registration)

Use this path when you need to record a new hazard on the Main Ops command post (/).

  1. Confirm you are on Main Ops (/) with the Threat Pipeline visible in the center column (48% pane).
  2. Click Manual Risk REGISTRATION (blue chip on the right side of the pipeline search bar).
  3. Complete the Manual Risk Entry form:
    • Risk title — short label for the hazard.
    • Source agent / analyst — who reported it (for example Analyst or Strategic Intel).
    • Target sector/entity — affected business unit or asset class.
    • Inherent risk ($M) — estimated loss exposure in millions (UI field; ledger stores integer cents internally).
    • Justification — minimum 50 characters describing why the hazard is credible.
  4. Submit the form. The hazard enters the Threat Pipeline and appears under Active Risks for the four-stage lifecycle (Identify → Assess → Mitigate → Monitor).
  5. Optional alternate paths (when enabled in your tenant):
    • Strategic Intel — click a Top Sector Threats profile button to register verified intel with pre-filled justification.
    • Deficiency Discovery Gate — after opening Manual Risk Registration, use the Sentinel interview block to queue governed deficiency discovery.
    • Kimbot (Bot B) — shadow-plane simulation injector for red-team drills only (not production Agent 17).

Quick tip: If the Manual Risk chip is closed, open it first — the Deficiency Discovery Gate copy directs you to Manual Risk Registration before Sentinel intake unlocks.

Constitutional baselines (cents): Medshield 1110000000 · Vaultbank 590000000 · Gridcore 470000000

3.2 Assess — Risk scoring and frameworks

  1. Review DORA and framework readiness percentages on /board-report.
  2. Map controls using the Feature Glossary.
  3. Use the right-panel Live Audit Ledger Stream to trace events.

3.3 Mitigate — Remediation and controls

  1. Open a threat card from Active Risks.
  2. Add remediation notes and assign ownership.
  3. Track Sustainability Pulse (kWh, liters) on the right panel — physical units only.

3.4 Monitor — Continuous compliance

  1. Visit /evidence for WORM-locked evidence.
  2. Run /reports/audit-trail for exportable audit history.
  3. Read syndicated briefings at /governance-frame (separate from this /docs plane).

3.5 Export audit deliverables {#export-audit-deliverables}

  1. Set tenant scope in the switcher (not Global Command Center).
  2. Navigate to /dashboard/exports.
  3. Download CSV or PDF for the active tenant.
  4. Archive exports with timestamp and tenant UUID for auditor handoff.

Analyst Export Console at /dashboard/exports


4. Advanced Features

FeatureRouteSummary
Trust Center/trustProcurement materials, subprocessors, residency
Admin onboarding/admin/onboardingGLOBAL_ADMIN tenant provisioning
Sales portal/sales-agent-portalPublic lead intake; returns QUEUED receipt; pitch held for admin HITL dispatch
Approvals queue/dashboard/admin/approvalsGLOBAL_ADMIN DISPATCH / PURGE for SUPPORT and SALES pending drafts
Governance Frame/governance-frameExternal briefing reader (not editable here)
IronBoard bridge:8082Agent coordination (read-only telemetry to boardroom)

Technical depth: Architecture · Deployment · Security


5. Troubleshooting & FAQs

SymptomFix
Redirect to /loginSession expired — sign in again
Redirect to /unauthorizedNo user_role_assignments row — contact admin
Blank panels after tenant switchWait for refetch; refresh page
Exports show "no active tenant"Select a specific tenant (not Global)
/docs/... page shows "Compilation Ingress Portal"Document not yet synced — run documentation pipeline or npm run docs:seed

More help: FAQ · Error Messages · Support Guide


6. Full training manual (63+ pages)

Complete step-by-step chapters with navigation paths and screenshots:

TrackIndex
Level 1 — StudentLEVEL1-STUDENT-INDEX
Level 2 — PractitionerLevel 2 Practitioner Index (/docs/training/level2-practitioner-index)

Sample chapters:


7. Documentation map (verified tree)

DocumentPath
This guideuser-manuals/user-guide.md
Technical Architecture (TAS)TAS.md
Competitive landscapecompetitive-landscape.md
Infrastructure & env (ops)deployment-and-ops.md
Quick-Startquickstart.md
Dashboard manualdashboard-guide.md

Note: Legacy references to /docs/user-guide.md at repository root redirect here. There is no separate infrastructure.md — use technical/deployment-and-ops.md.

ref: GET /api/board/shared-context
source-file: config/training-corpus-manifest.json