Cross-module dashboard with live KPI rollups across BIA, BCP, Exercises, Crisis, Risk and Improvement Actions. Branded PDF exports in ISO 22301 shape. SAMA submission pack on the roadmap.
Single page rolling up BIA criticality, BCP coverage, exercise outcomes, crisis events last-365, improvement-action overdue, KRIs. Live data, not cached. Branded for board / committee viewing.
Branded PDF in ISO 22301-shaped sections: §8.4.4 plan content · §8.4.2 IMT · §8.4.3 comms · §8.4.5 phased recovery · §8.5 activation log · related plan references.
Branded PDF: process record, configurable impact matrix, impact-over-time grid, 5-dimension dependencies, RTO/RPO/MTPD calculation with rationale.
Trend charts per module: improvement actions raised vs closed · exercise outcomes by quarter · crisis events by severity · risks by residual score. Cumulative + period comparison.
Dept_head users see rollups for their own department only. Other roles see organisation-wide. Filter applied at the tRPC layer — verified by integration tests.
Exercise AAR · Crisis post-incident report · Risk register snapshot · Quarterly board pack · SAMA submission pack (cover letter + clause-mapped evidence index).
Every dashboard tile is a tRPC query against the live Postgres schema. No batch jobs, no stale numbers, no cache-invalidation bugs.
How it works
/reportingtrpc.reporting.dashboard queries in parallelSET LOCAL search_path + scoped SQLPDF generation
/api/pdf/bcp/[id] resolves tenant + role@react-pdf/renderer assembles ISO-shaped sections| Clause | What it asks for | BCMStack surface |
|---|---|---|
| §9.1.1 | Monitoring + measurement | Cross-module dashboard with live tRPC rollups |
| §9.1.2 | Evaluation of BCMS performance | Trend charts (12-month rolling) per module |
| §7.5.3 | Control of documented information | Branded PDF exports with version + classification |
| §10.2 | Continual improvement | Improvement-action overdue dashboard + NC trend |
| SAMA submissions | Periodic regulatory reporting | SAMA submission pack PDF (roadmap) |
How the Reporting module compares to peer platforms
BIA criticality breakdown · BCP versions approved · BCP coverage of BIA-critical processes · Exercise outcomes (12-month rolling) · Crisis events last-365 · Improvement actions overdue · BCP review-due dashboard · KRI top-N risks. Each rollup is a tRPC query against the live data, not a precomputed cache, so numbers always reflect current state.
BCP PDF: §8.4.4 plan content as discrete sections, §8.4.2 IMT roster + RACI, §8.4.3 stakeholder communications matrix, §8.4.5 phased recovery, §8.5 activation log, related plan references, document attachments index. BIA PDF: process record, configurable impact matrix, impact-over-time grid, dependencies, RTO/RPO/MTPD calculation. Both branded with tenant logo and audit-ready.
Five PDF endpoints planned for the next sprint: Exercise AAR · Crisis post-incident report · Risk register snapshot · Quarterly board pack · SAMA submission pack (cover letter + clause-mapped evidence index pulling from every relevant module). Audit-log every export so auditors can verify what was exported when and by whom.
Yes. The reporting tRPC router uses tenantProcedure end-to-end. Schema-per-tenant means cross-tenant data exposure is impossible by construction. Department-scoped users (dept_head) only see rollups for their own department's records — verified in integration tests.