Celestial Background
Back to Academy

Platform Guide

Understand the core concepts of Omnitrex GRC: domains, nodes, hierarchies, cross-domain links, and the Central Command Viewer.

5 min read

Core Concepts

Omnitrex GRC organises your governance, risk, and compliance data into a universal node-based model. Every piece of data — an organisation unit, a risk, a vendor, a policy — is a node in a specific domain.

Domains

A domain is a category of GRC data. Omnitrex ships with 15 domains: | Code | Domain | Purpose | |------|--------|---------| | ORG | Organisation | Legal entities, departments, teams | | PROC | Processes | Business processes and workflows | | ASST | Assets | IT systems, applications, infrastructure | | VNDR | Vendors | Third-party suppliers and partners | | RISK | Risks | Risk register with assessment and scoring | | CTRL | Controls | Control framework with testing schedules | | INCD | Incidents | Security and operational incidents | | AUDT | Audits | Audit programs and findings | | PLCY | Policies | Policies, procedures, and standards | | TRNG | Training | Training programs and completion tracking | | PRTF | Portfolio | Programs, projects, and tasks | | PROD | Products | Product and service catalogue | | CUST | Customers | CRM pipeline and customer records | | DATA | Data | Data asset catalogue and classification | | CNST | Consent | Consent records and cookie management |

Nodes

A node is a single record in a domain. Every node has:
  • Name and description
  • Status: LIVE, PLANNED, PILOT, or INACTIVE
  • Layer: Position in the domain hierarchy (e.g., Entity > Department > Team in ORG)
  • Head: Responsible person
  • Assignee: Person working on it
  • Extensions: Domain-specific metadata (e.g., risk scores for RISK nodes, contract dates for VNDR nodes)

Hierarchies

Each domain defines a hierarchy of layers. For example: Organisation (ORG): Holding > Entity > Department > Team > Role Risks (RISK): Category > Domain > Risk Portfolio (PRTF): Portfolio > Program > Project > Task Child nodes inherit context from their parent, making it easy to drill down from a broad category to a specific record.

Cross-Domain Links

The real power of Omnitrex is linking nodes across domains. Examples:
  • A Risk linked to the Controls that mitigate it
  • A Vendor linked to the Assets they supply
  • A Process linked to the Data it handles
  • An Incident linked to the Risk it materialised from
Links create a connected graph that powers gap analysis, compliance coverage, and the Central Command Viewer.

Central Command Viewer

The CCV is an interactive force-directed graph that visualises all your nodes and their cross-domain relationships. Click any node to see its details, links, and audit trail. Use the CCV to:
  • Spot orphan nodes (risks without controls, vendors without assessments)
  • Trace impact paths (which processes are affected if a vendor fails?)
  • Validate completeness (does every risk have at least one control?)

Working with Nodes

Creating Nodes

Navigate to any domain table and click + New Node. Select the layer, fill in the required fields, and save. The node appears immediately in the table and the CCV.

Linking Nodes

From a node's detail panel, click Add Link and search for the target node by name or ID. Links are bidirectional — both nodes will show the relationship.

Status Management

Nodes progress through statuses:
  • PLANNED — Documented but not yet active
  • PILOT — In trial or testing phase
  • LIVE — Active and in production
  • INACTIVE — Retired or superseded

Extensions

Each domain has a dedicated extension panel for domain-specific fields:
  • RISK: Likelihood, impact, risk score, risk appetite, treatment strategy
  • CTRL: Control type (preventive/detective/corrective), test frequency, last test date, effectiveness
  • VNDR: Contract start/end, tier classification, SLA terms
  • PLCY: Review cycle, approval status, version, effective date

Compliance Frameworks

Omnitrex maps your data against major compliance frameworks:
  • GDPR — Data processing, consent, DPIA support
  • DORA — ICT risk management, incident reporting, third-party oversight
  • NIS2 — Network and information security measures
  • ISO 27001 — Information security management system
  • AI Act — AI system classification, risk assessment, transparency
Use the Compliance Overview dashboard to see coverage percentages per framework and identify gaps.

Risk-Control Matrix

The risk-control matrix shows every risk alongside its linked controls, highlighting:
  • Controlled risks — At least one active control linked
  • Uncontrolled risks — No controls linked (gaps)
  • Coverage percentage — Ratio of controlled to total risks

Reports

Generate reports in XLSX, PPTX, or PDF format:
  • Portfolio Report — Project status, task completion, timeline
  • Risk Report — Risk register with scores, controls, and gaps
  • Compliance Report — Framework coverage and gap analysis
  • Vendor Report — Vendor tiers, contract status, risk assessments
  • Incident Report — Incident timeline, root causes, lessons learned
  • Audit Report — Audit findings, remediation status

Next Steps

  • Integrations — Connect n8n, Microsoft 365, and AI workflows
Contact UsBook a Demo