Control
/api/v1/grc/controlsA control statement attached to a Framework.
listgetcreateupdateSchema
| Field | Type | Notes |
|---|---|---|
| id* | uuid | Server-assigned ULID with type prefix (e.g. per_…). |
| tenant_id* | string | Tenant scope — auto-stamped from the caller's JWT. |
| app_id | string | App scope. Stamped ONLY when the caller's JWT was minted for a specific Application (integration API keys). Absent for human-user sessions. Filters reads when present. |
| created_at* | date-time | Server stamp. |
| updated_at* | date-time | Server stamp; updated on every patch. |
| created_by | uuid | Person id from the caller's JWT (sub). |
| updated_by | uuid | Person id from the last writer's JWT (sub). |
| source | string | Provenance tag — defaults to 'edm'. |
| source_type | enum | frontend | backend | server | system | apiWhere the write originated. Defaults to 'api'. |
| is_deleted | boolean | Soft-delete flag. Excluded from default list queries. |
| deleted_at | date-time | Stamped when soft-deleted; null otherwise. |
| deleted_by | uuid | Person id who soft-deleted; null otherwise. |
| schema_version | number | Document schema version. Bumped on incompatible writes. |
| framework_id | string | ID of the Framework this control belongs to. |
| control_ref | string | Framework-specific control reference number. |
| name | string | Short name of the control. |
| description | string | Full description of the control requirement. |
| category | string | Control category within the framework. |
| objective | string | Control objective statement. |
| implementation_guidance | string | Recommended steps for implementing this control. |
| implementation_maturity | string | Current maturity level of this control's implementation. |
| effectiveness | number | Effectiveness score between 0 and 1. |
| owner_id | string | ID of the Person who owns this control. |
| next_review_date | date-time | Date when this control is next due for review. |
| evidence_ids | json | IDs of Evidence records that support this control. |
| mapped_control_ids | json | IDs of controls in other frameworks that this control maps to. |
| mitigated_risk_ids | json | IDs of Risk records that this control mitigates. |
| related_document_ids | json | IDs of related documents. |
| knowledge_entity_id | string | Bridge to the Knowledge Graph entity for this control. |
| custom_fields | json | Tenant-defined additional fields. |
| tags | json | Free-form tags for filtering. |
API
client.grc.controls.*Loading manifest…