In YICE you can define separate levels for riskmanagement and compliance. In small organisations there might be one level, but you can easily distinguish between multiple levels, e.g. in case of a holding with several subsidiaries.
Assets are anything with value for your organisation. You can think of people, business processes, information, an office building, critical applications and IT-hardware. In YICE you can define an unlimited number of assets.
Assets are subject to risks. In YICE you identify, analyse and evaluate every risk (and opportunity) related to your assets.
Risks are managed by controls. In YICE, controls are grouped by control framework and category. You can define all the necessary controls to manage your risks. Per control, you can define an evaluation frequency (2nd line), assessment frequency (3rd line), control maturity, effectiveness and much more details. Per control, you can add an unlimited number of evaluations and assessments.
In YICE you can assign actions to yourself or to another YICE user. An action can stand on its own, can be directly related to a specific control or might be needed to realise an objective