What is a governance statement?

A governance statement is the atomic unit of compliance in Dictiva. It is a single, clear requirement that prescribes, prohibits, or permits a specific behavior — for example, 'All employees must complete security awareness training within 30 days of hire.' Statements are versioned, assigned a maturity level, and can be mapped to regulatory frameworks.

What are governance domains?

Governance domains are thematic areas that organize your compliance content. Dictiva uses 32 standard domains including Data Governance, Information Security, Privacy, Risk Management, and AI & Emerging Technology. Each domain contains statements, glossary terms, and regulatory mappings relevant to that area.

What is the governance library?

The governance library is Dictiva's curated collection of 10,000+ pre-written governance statements across all 32 domains and 57 regulatory frameworks. When you adopt a library statement, it creates an independent copy in your workspace that you can customize without affecting the original.

DocsGetting StartedCore Concepts

Core Concepts

Understand the key building blocks of Dictiva: governance statements, assemblies, domains, the library, and how they connect across the compliance lifecycle.

The Building Blocks

Dictiva is built around a small number of powerful concepts. Understanding these will help you get the most out of the platform.

Statements

A governance statement is the atomic unit of compliance in Dictiva. It's a single, clear requirement that prescribes, prohibits, or permits a specific behavior.

Example:

"All employees must complete security awareness training within 30 days of hire and annually thereafter."

Statement Anatomy

Every statement in Dictiva has:

Title — A short, descriptive name
Body — The full text of the requirement
Domain — The governance area it belongs to (e.g., Information Security)
Maturity Level — Foundational, Intermediate, or Advanced
Modality — The obligation level (Must, Should, May)
Version — Tracked automatically with change history

Maturity Levels

Not all organizations need the same level of governance rigor. Dictiva uses three maturity levels:

Level	Who It's For	Example
Foundational	Startups, early-stage programs	"Passwords must be at least 8 characters"
Intermediate	Growing companies, established programs	"Passwords must be at least 12 characters with complexity requirements"
Advanced	Regulated industries, mature programs	"Authentication must use phishing-resistant MFA for all privileged accounts"

Policies & Standards

An assembly is a collection of statements organized into a coherent document. Assemblies are what most organizations call "policies," "standards," or "procedures."

Assembly Types

Policy — Organizational intent and high-level requirements
Standard — Specific technical or operational requirements
Procedure — Step-by-step operational instructions
Guideline — Recommended practices (non-mandatory)

Assembly Lifecycle

Draft — Create an assembly and add statements to it
Review — Share with reviewers for feedback
Publish — Lock the assembly version and make it official
Acknowledge — Send to stakeholders for acknowledgment

Published assemblies are versioned. When you update a statement and republish, the assembly gets a new version — previous versions are preserved for audit trail.

Domains

Governance domains organize your content into thematic areas. Dictiva uses 15 standard domains:

#	Domain	Covers
1	Data Governance	Data quality, lineage, ownership, stewardship
2	Information Security	Access control, encryption, incident response
3	Privacy & Data Protection	Consent, data subject rights, cross-border transfer
4	Risk Management	Assessment, treatment, monitoring, appetite
5	Business Continuity	Backup, disaster recovery, availability
6	IT Operations	Change management, monitoring, capacity planning
7	Human Resources	Hiring, training, acceptable use
8	Legal & Compliance	Contracts, regulatory reporting, records retention
9	Financial Controls	Authorization, reconciliation, audit trails
10	Vendor Management	Due diligence, contracts, ongoing monitoring
11	Environmental & Sustainability	ESG reporting, carbon tracking, waste management
12	Quality Management	Process standards, continuous improvement
13	Ethics & Conduct	Code of conduct, whistleblowing, conflict of interest
14	Physical Security	Facility access, visitor management, asset tracking
15	AI & Emerging Technology	Model governance, bias monitoring, transparency

The Library

The governance library is Dictiva's curated collection of 10,000+ pre-written governance statements. Library statements are:

Professionally authored across all 32 domains
Available at multiple maturity levels
Mapped to 57 regulatory frameworks
Ready to adopt into your workspace

When you adopt a library statement, it creates a copy in your tenant that you can customize. Your adopted version is independent — you can modify it without affecting the library original.

Regulations

Dictiva maps governance statements to specific requirements in 57 regulatory frameworks including SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS, NIST CSF, and more.

These mappings let you:

See which regulations a statement satisfies
Identify compliance gaps in your program
Generate framework-specific reports
Respond quickly when regulations change

Glossary

The glossary provides clear, accessible definitions for governance terminology. Both the library glossary (Dictiva-curated) and your tenant glossary (organization-specific) are searchable from the sidebar.

Use the glossary to ensure your team has a shared understanding of terms like "data controller," "risk appetite," "control objective," and hundreds of other governance concepts.

Frequently Asked Questions

What is a governance statement?: A governance statement is the atomic unit of compliance in Dictiva. It is a single, clear requirement that prescribes, prohibits, or permits a specific behavior — for example, 'All employees must complete security awareness training within 30 days of hire.' Statements are versioned, assigned a maturity level, and can be mapped to regulatory frameworks.
What is an assembly?: An assembly is a collection of governance statements organized into a coherent document. Assemblies represent what most organizations call policies, standards, or procedures. They follow a lifecycle from draft to review to publication, and each published version is preserved for audit trail.
What are governance domains?: Governance domains are thematic areas that organize your compliance content. Dictiva uses 32 standard domains including Data Governance, Information Security, Privacy, Risk Management, and AI & Emerging Technology. Each domain contains statements, glossary terms, and regulatory mappings relevant to that area.
What is the governance library?: The governance library is Dictiva's curated collection of 10,000+ pre-written governance statements across all 32 domains and 57 regulatory frameworks. When you adopt a library statement, it creates an independent copy in your workspace that you can customize without affecting the original.