From risk decision to completed action – without leaving the platform
The tasks and Kanban module links every action straight to the risk, control or vendor assessment it's there to resolve. Drag-and-drop with two-way sync. Three views per board. No separate Jira to keep current.
An action engine that knows what every task is about
Actions from the risk analysis land in Excel. Vendor follow-ups in Jira. The GDPR incident in Outlook. The year wheel in a shared calendar. Someone asks "is the action for R-2024-17 done?" and four systems have to be checked. In Securapilot, every task knows which risk or control it belongs to, so the action history becomes audit evidence with no extra work.
The result: action history that becomes audit evidence without an extra step.
Who it is for
Seven roles have their own views – from personal boards to cross-module reports.
Information Security Coordinator (CISO/CSO)
Overview of all actions per module, prioritisation and deadline tracking.
Risk Coordinator
Mitigation tasks straight from the risk register and progress tracking per treatment plan.
Vendor Manager
Follow-up on vendor assessments, questionnaire deadlines and certificate renewals.
Data Protection Officer (DPO)
GDPR incidents, data subject requests and periodic reviews.
Internal Auditor
Traceability – every action has a linked source and a timestamped activity log.
Module Owner
Module-specific boards for Risk, GAP and GDPR with the right columns from the start.
End User
"My tasks" – all assigned tasks across all boards in one view.
All action work in one module
Eight areas cover the full workflow – from personal board to GRC module integration.
Three board types
Personal boards per user, shared team boards with role-based access, and auto-generated module boards for Risk, GDPR, GAP and more.
Configurable columns
Default: To do, In progress, Review, Done. Module-specific columns are loaded on board creation. WIP limits per column for lean Kanban.
Drag-and-drop that works
Move cards between columns to change status, reorder within a column for priority, or move columns horizontally. Roll-back on backend errors.
Rich task metadata
Primary owner plus contributors, dates, priority, progress 0–100 %, subtasks, time estimate, control reference (e.g. A.5.1) and labels.
Comments and activity log
Markdown comments from users. Activity log captured on status changes, assignments and attachments – timestamped per event.
Attachments on the card
Same engine as the document library. Inline preview for images and PDF, mime detection and cleanup on delete.
Filtering and search
Filter by owner, priority, module and free text. "My tasks" aggregates across all boards in the whole tenant.
Deadline status calculation
Computed status: overdue, critical (3 days), soon (7 days), today/tomorrow, on track, done. Drives colour coding and reporting.
Features that deliver traceability
Eight capabilities that make actions audit-ready from the first click.
Polymorphic linking
Every card has a link back to its source – risk, SOA control, vendor, YearWheel activity or GDPR incident. Shown in the card detail view.
Mirror tasks
A primary action on a module board can be mirrored to several personal boards without duplicating data. Each owner sees it in their own flow.
Two-way synchronisation
Close a mitigation action in the risk module and the Kanban card moves automatically. Move the card and the risk updates. No double work.
Multiple assignment
A primary owner plus several contributors. Everyone is added automatically as members on the board.
Board sharing and roles
Invite users to team boards with the roles viewer, editor or admin. Soft deletes on both boards and tasks with the option to restore.
Board duplication
Duplicate an existing board with its column setup to spin up a new one for a project or team quickly.
Seven languages
Full localisation: Swedish, English, Danish, Norwegian, Dutch (Belgium), French (Belgium) – including the activity log system messages.
REST API
Full API for boards, tasks, columns and members – for integration with the rest of your tool stack.
Concrete use cases
Six situations where polymorphic linking saves hours every week.
"The risk analysis identified eight actions. Who does what?"
Create mitigation actions in the risk register – each one becomes a Kanban task on the risk board automatically. Assign owners and set deadlines. When someone moves the card to "Done", the risk is marked as treated.
"The GAP analysis showed 23 missing controls."
Create an action plan for each SOA control – a task is generated with the control reference (A.5.1, A.8.16 and so on). The status in the GAP module follows the Kanban card position.
"The vendor's new assessment needs review before Friday."
The assessment creates an item assigned to a reviewer with a deadline. Criticality (high/medium/low) maps to priority. The reviewer sees it on both the vendor board and in "My tasks".
"The year wheel says the password policy should be reviewed every quarter."
The YearWheel activity creates a quarterly task with start and end dates. Completing it updates the year wheel automatically and the next instance is created on schedule.
"The security manager wants to see all their tasks in one view."
"My tasks" aggregates every assigned task regardless of source board. Filter by deadline, priority or module type.
"We want our own board for IT operations security work."
Create a team board, invite the IT ops team and pick your own columns. Personal tasks can be pulled in from other boards via mirror tasks.
Not a separate project tool
Securapilot's task management is an action engine that lives inside the GRC platform and knows what every task is about.
Not Trello, Asana, Monday or ClickUp
Cards are polymorphically linked to risks, controls, vendors and year wheels – not just standalone entries on a board.
Not Jira or Linear
No separate installation, no bolt-on integration, no extra licence. And no "parent issues" between epics and tasks.
Not Excel
Audit trail, permission control and automatic synchronisation with GRC data – without anyone having to remember to update the spreadsheet.
Built into the flow
Close a risk mitigation and the Kanban card moves automatically. Move the Kanban card and the risk updates. No double work.
Common questions about tasks & Kanban
Is this a replacement for Jira, Asana or Trello?
For GRC work – yes. For complex software development with epics, sprint planning and burndowns – no. In that case Securapilot works best as a complement where actions from risk, vendor and audit are synced with your development tool via API.
Can we customise the columns?
Yes, for personal boards and team boards. Module boards have locked columns that match the module's status model – that is where the value sits, because synchronisation happens automatically.
Can several people own the same task?
Yes. A primary owner plus several contributors. Everyone is added automatically as members on the board.
What happens to tasks when the source is removed?
Cascade delete – if the risk action is removed, the linked task is removed too. Soft deletes leave the option to restore.
Do you support recurring tasks?
Recurring activities are handled via the YearWheel module, which generates tasks on schedule (monthly, quarterly, yearly).
Are there notifications?
Activity log and comments are recorded on every task. Email notifications for assignment and deadlines are configured per customer.
How does real-time updating work?
Inertia.js serves fresh data on every navigation and drag-drop update. WebSocket-based live updates are planned for a future release.
Make every action tie back to the decision
Book a demo and we'll show how a risk action moves from the register to a Kanban board in 30 seconds – with traceability, permission control and automatic synchronisation.