Operational Journeys by Persona
Each role has clear queue, responsibility, and blocked-action behavior.
| Persona | Primary Goal | Queue View | Primary Actions | Blocked If |
|---|---|---|---|---|
| Global Admin | Maintain secure and reliable governance operation | Settings Alerts | Map roles, enforce guardrails, resolve policy conflicts | No secondary admin approver for high-risk changes |
| Control Author | Deliver high-quality control artifacts | Draft Queue | Ingest, normalize, scope, submit | Schema contract validation failure |
| Reviewer | Validate draft quality and governance readiness | In Review | Review, request changes, submit for approval | Missing evidence contract alignment |
| Approver | Execute final governance decisions | Needs Approval | Approve/reject control and exception requests | SoD violation or active-role mismatch |
| Evidence Operator | Maintain evidence completeness and freshness | Evidence Gaps | Attach evidence, reconcile packet coverage | Insufficient mapped requirement IDs |
| Risk / Exception Manager | Contain drift and risk posture | Drift / Exceptions | Triage drift, open exceptions, define controls | No compensating controls or expiry window |
| Audit Publisher | Release audit-ready reports with lineage | Ready for Audit | Publish report package, export lineage bundle | Any unresolved blocker state in workflow chain |