Vision Dashboards

GRC

In cybersecurity, GRC stands for Governance, Risk, and Compliance: a way to align security with business objectives, manage risks, and meet requirements/regulations.

ENTERPRISE

ISH Technology

YEAR

2024 - Present

PAPER

UX/UI Designer

PRODUCT

Vision Portal

OVERVIEW

Almost all solutions stemmed from a recurring pain point: customers do not receive clear, automated, and understandable information about their virtual environment within the expected timeframe.

In practice, the operation performed the evaluation using decentralized spreadsheets with many tabs, in meetings with clients. After that, calculations were made and this collected data was presented in a report of more than 200 slides, done manually and taking a very long time.

THEN...

We came to the conclusion that we needed to figure out how to transform a manual and poorly scalable process into a product experience that:

It structures the data at the source.
It automates calculations and consolidation.
and delivers dashboards and reports consistently.

INVESTIGATION

Sales input to understand the impact of the delay on the customer and the delivery cycle.
Mapping the workflow with the GRC operation (end-to-end): interview → registration → calculation → report. This was essential to understanding the user journey , both internal and external.
Process translation into product: collect → calculate → visualize → report.

RESTRICTIONS

Migration without interrupting operations.
Structure based on NIST as the official reference for the method.
Delivery needed to be standardized and comparable across clients and cycles.

TRADE-OFFS

Focus on the "core" (data collection + calculation + reporting) before advanced client customizations.
Guided workflow to reduce ambiguity and increase consistency between assessments.

SOLUTION

A very complex project, but a simple decision: bring GRC into Vision and automate what previously depended on human effort.
Deliveries

GRC questionnaire in Vision (NIST model).
Built-in calculation memory to automatically generate the maturity dashboard.
Report automatically generated from the responses.
A template editor to support NIST and other frameworks without redoing the workflow.

Execution

Alignment with data/dev to ensure the "fastest way" to deliver.
I work in 15-day sprints.
Low-fidelity prototyping > validation > high-fidelity prototyping > testing > iterations > hand-off
Since the components and design system were already in place at this point, we were able to deliver in 1 month (2 sprints).

PROTOTYPES

Click on the images below to enlarge them.

Editor de Modelos (Frameworks GRC)

Tela para criar e manter modelos de avaliação direto no Vision. Estrutura funções, categorias e subcategorias de forma hierárquica e padronizada. Centraliza a lógica do framework na origem, garantindo consistência em cálculos, dashboards e relatórios. Evita retrabalho e facilita expandir para novos frameworks sem recriar o fluxo.

IMPACT - 2 MONTHS

From weeks to minutes: complex reports (which previously required over 200 slides and were created manually) can now be generated in as little as 10 minutes.
Up to 5x more monthly security and compliance deliveries on a single platform.
Almost zero rework: standardization and consistency in critical Vision functionalities.
Nearly 95% less operational time for security teams: more focus on analysis, less on repetitive execution.
Readable governance: data from multiple sources transformed into understandable and actionable dashboards.
Sustainable scalability: more clients and more operations managed without growing the team at the same pace.

LEARNINGS

The real gain came from "structuring at the source." When the data is correct from the start, everything else scales.
Automating reports means efficiency and credibility: it reduces variation and speeds up decision-making.
A template editor avoids "one-off" solutions and prepares the product for new frameworks.