UI State and Workflow Mapping
Canonical state names are enforced across stages, queue views, and action guards.
| State | Operational Meaning | Primary Owner | Allowed Next States | Blocking Rule |
|---|---|---|---|---|
| Draft | Artifact/request prepared | Author | Submitted | Schema or required fields missing |
| Submitted | Entered queue with owner assignment | Reviewer | In Review, Blocked | No valid reviewer mapping |
| In Review | Governance validation in progress | Reviewer / Approver | Approved, Rejected, Blocked | SoD conflict or missing evidence linkage |
| Approved | Accepted for control lifecycle execution | Approver | Active | Active role not permitted |
| Active | Operationally valid control path | Operator | Ready for Audit, Drifted | Evidence freshness violation |
| Drifted | Detected deviation from approved baseline | Risk Manager | Exception Requested, Active, Blocked | No triage action within SLA window |
| Exception Requested | Temporary risk acceptance requested | Exception Manager | Exception Approved, Rejected | No compensating controls defined |
| Exception Approved | Time-bounded exception with guardrails | Approver | Ready for Audit, Active | Expiry or owner missing |
| Ready for Audit | Complete lineage and evidence package | Audit Publisher | Published, Blocked | Unresolved high severity drift |
| Published | Report finalized and exported | Audit Publisher | Active | N/A |
| Blocked | Prerequisite failed or policy denied | Context-dependent | Draft, In Review, Active | Role mismatch, guardrail or missing dependency |