Configuration
Configuration
Section titled “Configuration”The SCF Controls Platform is a fully-managed SaaS application. Configuration is handled through the platform’s web interface rather than environment files or server settings.
Platform Settings
Section titled “Platform Settings”Organisation Settings
Section titled “Organisation Settings”Organisation administrators can configure:
| Setting | Description | Access |
|---|---|---|
| Organisation Name | Display name for your organisation | Admin only |
| Primary Framework | Default compliance framework for dashboard metrics | Admin only |
| User Roles | Assign roles to team members | Admin only |
User Preferences
Section titled “User Preferences”Individual users can configure:
| Setting | Description |
|---|---|
| Notification Preferences | Email notification settings |
| Display Preferences | UI preferences (if available) |
Authentication
Section titled “Authentication”The platform uses Google Sign-In for secure authentication. No configuration is required on your part.
Supported Account Types
Section titled “Supported Account Types”| Account Type | Example | Notes |
|---|---|---|
| Google Workspace | you@company.com | Recommended for organisations |
| Personal Gmail | you@gmail.com | Works for individuals and small teams |
| Google Cloud Identity | you@domain.com | For organisations without full Workspace |
Authentication Flow
Section titled “Authentication Flow”- User clicks “Sign in with Google”
- Google authenticates the user
- Platform receives user identity (email, name, profile picture)
- User is granted access based on their organisation membership
Email Notifications
Section titled “Email Notifications”The platform sends email notifications for:
| Notification Type | Trigger |
|---|---|
| User Invitations | When invited to join an organisation |
| Task Assignment | When assigned to a control or task |
| Due Reminders | Before task due dates |
| Overdue Alerts | When tasks pass their due date |
| @Mentions | When mentioned in comments |
Data Storage
Section titled “Data Storage”Where Your Data Lives
Section titled “Where Your Data Lives”- All data is stored securely in the cloud
- Data is encrypted at rest and in transit
- Regular automated backups are performed
- Multi-region redundancy for high availability
Data Retention
Section titled “Data Retention”- Active data is retained as long as your subscription is active
- Backups are retained according to our data retention policy
- You can export your data at any time via the backup feature
Security Configuration
Section titled “Security Configuration”Access Control
Section titled “Access Control”| Feature | Description |
|---|---|
| Google OAuth | Secure authentication via Google |
| Role-Based Access | Admin, Editor, Viewer roles (enforcement coming soon) |
| Organisation Isolation | Each organisation’s data is completely separate |
Security Features
Section titled “Security Features”- HTTPS Only — All connections are encrypted
- OAuth 2.0 — Industry-standard authentication
- Session Management — Automatic session timeout for security
- Audit Logging — All actions are logged for compliance
Integration Settings
Section titled “Integration Settings”Current Integrations
Section titled “Current Integrations”The platform currently supports:
| Integration | Purpose |
|---|---|
| Google Sign-In | User authentication |
| Email (Resend) | Notification delivery |
Future Integrations
Section titled “Future Integrations”Additional integrations are planned for future releases:
- SIEM/SOAR integration
- Ticketing system integration (Jira, ServiceNow)
- Single Sign-On (SSO) providers
- API access for automation
Backup Configuration
Section titled “Backup Configuration”Backup Features
Section titled “Backup Features”Access via the Database button in the header:
| Feature | Description |
|---|---|
| Download Backup | Export all your data as a JSON file |
| Restore from Backup | Upload a previous backup to restore data |
Backup Contents
Section titled “Backup Contents”Backups include:
- All scoped controls and their status
- Evidence tracking configurations
- Users and organisation settings
- Assignments, comments, and tasks
- Notification history
What’s Not Included
Section titled “What’s Not Included”- SCF catalog data (this is reference data provided by the platform)
- System configuration (managed by the platform)
Version Information
Section titled “Version Information”Checking Your Version
Section titled “Checking Your Version”The platform version is displayed:
- In the footer of each page
- In the Database Health & Statistics popup
Version Components
Section titled “Version Components”| Component | Description |
|---|---|
| Platform Version | Application version number |
| API Version | Backend API version |
| Catalog Version | SCF Controls Catalog version |
Support Configuration
Section titled “Support Configuration”Getting Help
Section titled “Getting Help”| Resource | Purpose |
|---|---|
| This Documentation | Self-service help and guides |
| In-App Support | Contact support from within the platform |
| Email Support | support@scfcontrolsplatform.com |
Reporting Issues
Section titled “Reporting Issues”When reporting issues, include:
- Browser type and version
- Steps to reproduce the problem
- Any error messages shown
- Screenshots if applicable
Related Guides
Section titled “Related Guides”- Authentication — Sign-in and account management
- User Management — Managing users and roles
- Backup & Restore — Data backup procedures