Role-based permissions
Access is controlled by role, responsibility, module and organisational level so users get the right workspace without unnecessary exposure.
Terema Governance, Risk & Compliance
Security
GRC information is decision support, audit evidence and often business-critical history. Terema GRC is therefore built around permissions, isolation, audit logic and controlled configuration.
Security as part of governance
The security model should make it clear who can view, change, decide and export information. At the same time, history and responsibility must be preserved so the system can be reviewed afterwards.
Tenant isolation
Environments, customers or organisational units can be logically separated so data and permissions stay apart.
Audit log
Changes, status transitions and important decisions can be followed with timestamp, user and context.
Controlled history
History should show development over time, not just the latest version of a register field.
Configuration without hardcoded secrets
Sensitive runtime values should stay outside the repository and be handled through local configuration or environment variables.
Export as readout, not master data
Exports should be used for reporting, audits and analysis. Governed information should remain in the system with its traceability.