Glossary

Every term used in CompStack and where to find it.

Term Meaning Where it lives
Acknowledgement A user signing that they have read and understood a published document version. acknowledgements table; doc detail Acknowledgements tab.
Approval Chain A reusable ordered list of approvers, assignable to a process, department, or doc type. /approval-chains
Approval (row) One materialized step of a chain on one entity version. Tracks decision (pending/approved/rejected) + comment + decided_at. approvals table
Approver A user expected to sign off on a step. Resolved at materialize-time from chain step config (specific user, dept head, or role). -
Artifact A document or process version, finding, CAPA, control, evidence - anything Copilot can reference or create. varies
Assessment A scoping decision: which clauses of a standard apply to this org. Has an engagement_label. /scoping
Audit A scheduled review against a standard. Has a checklist, runner, conclusions, status (Draft → Completed). /audits
Audit Checklist Item One line of an audit, tied to a single requirement, with a result (conformity / NC / OBS / OFI / pending). audit_checklist_items table
Auto-raise (findings) The sweep that runs on completeAudit: every NC/OBS/OFI checklist item creates a finding row, idempotently. AuditService.completeAudit
Brand color The org-level primary color, set by admins from a 12-swatch grid in the theme menu. Persisted in organizations.theme_primary_color. top bar theme menu
CAPA Corrective + Preventive Action. A tracked response to a problem, with lifecycle Draft → Closed. /capa
Chain Short for Approval Chain. -
Checklist The set of audit items tied to requirements. audit detail Checklist tab
Closure table department_ancestors - every (descendant, ancestor) pair, maintained by trigger. Used for hierarchical queries without recursion. DB
Control An implemented action that satisfies one or more requirements. E.g. "Quarterly access review". /controls
Cross-org guard A check on detail pages that rejects access if the URL's entity belongs to a different org than the active selection. every detail page
Department A node in the org hierarchy. Has code, name, head, members, sub-departments. /departments
Department Head The first-line approver for processes/documents owned by the department. dept overview
Document A controlled artifact (policy, procedure, work instruction, form). /documents
Document Version A specific revision of a document, with file blob + status + approvals. Only one is is_current_published at a time. doc detail Versions tab
DGO DG Office (a sample department in the FCA seed). seed
Engagement label A tag on an Assessment indicating its scope (e.g. "corporate-only"). scoping
Evidence Proof that a control runs - a file, screenshot, or log entry. /evidence
FCA Family Care Authority - a sample organization in our seed data, modeled on a real customer. seed
Finding A nonconformity (NC), observation (OBS), or opportunity for improvement (OFI) raised during an audit. /findings
Gap Analysis The report that maps in-scope requirements to your controls + evidence and surfaces gaps. /gap-analysis
Implemented (treatment) A risk treatment whose linked CAPA is Closed. risks
Inherent Risk The risk score before treatment (likelihood × impact, 1-25). Auto-computed. risks
In Review A document or process version that's been submitted, approval rows materialized, awaiting decisions. -
Materialize (a chain) The action of taking a chain definition + an entity version and creating the per-step approvals rows for that version. materialize_approval_chain SQL fn
Membership A row in memberships linking a user to an organization with a role. Has is_active. -
Module A standard or framework (ISO 9001, ISO 27001, custom KEBS standard, etc.) with clauses + requirements. /library
NC Nonconformity. The most severe finding type. Maps to findings.type='nc'. -
OBS Observation. A minor finding type. Maps to findings.type='obs'. -
OFI Opportunity for Improvement. Suggestion-level finding. Maps to findings.type='ofi'. -
Onboarding seed A JSON document that bulk-creates departments / processes / chains for a new org. /onboarding
Org Organization. The unit of multi-tenancy. -
Polymorphic table A table that references multiple entity types via (entity_type, entity_id). Used for approvals, acknowledgements, risk_links. DB
Process A long-lived business process with a current version and a history of versions. /processes
Process Manual A multi-sheet Excel export of all departments + their processes. /processes Export button
Process Version One snapshot of a process: turtle, steps, owner, KPIs. Has the same approval lifecycle as document versions. process detail Versions tab
Proposal (AI) An AI-suggested write that's queued in ai_action_proposals for human approval. /ai/approvals
Realtime Postgres logical replication + Supabase realtime channel that pushes row changes to subscribed pages. Most detail pages auto-refresh from this. -
Requirement A leaf-level rule inside a clause of a module (e.g. "9001-4.1.1 - Determine external and internal issues"). library
Residual Risk The risk score after treatment. Auto-computed from residual likelihood × impact. risks
Risk An entry in the risk register with score, owner, treatment. /risks
Risk Treatment A planned mitigation linked to a CAPA. risk_treatments
RLS Row-Level Security. Postgres policies enforce per-org and per-user access. DB policies
Role A named permission bundle (Org admin, Manager, Contributor, Viewer). System roles live in roles with is_system=true. roles
Scoping The applicability decision: which clauses of which standards apply to this org. /scoping
Segregation of duties The rule that the owner of a CAPA cannot also be the verifier. Enforced in CAPA detail UI. CAPA
Site A physical location or business unit. Used to scope risks and audits. /sites
Source proposal id A foreign key on artifacts created by AI (controls.source_proposal_id, capa.source_proposal_id) pointing to the originating ai_action_proposals row. Provenance. DB
Standard Another word for Module. -
Stepper The visual approval-chain progress widget. Vertical, with green checks for approved, gray dots for pending, red X for rejected. doc/process detail
Submit (for review) The action that flips a doc/process version from Draft to In Review and materializes its chain. doc/process detail
Treatment Strategy One of Avoid / Reduce / Transfer / Accept on a risk. risks
Verify & Close (CAPA) The final transition where a non-owner user signs off on the CAPA's effectiveness. Status = Closed. CAPA detail
Workspace The personalized "home" page showing your pending approvals and ownership. /workspace
← Back to CompStack