Domains
Governing responsibility across the organisation
Zebsoft uses Domains to structure governance around real areas of organisational responsibility.
A Domain represents a long-lived area of ownership — not a feature set and not a standalone system. Domains bring together the relevant system capabilities needed to govern a specific focus area, while maintaining shared evidence and a single source of truth.
This page explains what Domains are, why they matter, and how they work within the Zebsoft platform.
What a Domain Is
A Domain is a subject-matter governance layer.
It defines:
- What area of the business is being governed
- Who is accountable
- Which risks, obligations, and evidence apply
Domains answer the question:
“What area of the organisation are we responsible for controlling?”
They are strategic, stable, and aligned to real accountability — not software boundaries.
Why Domains Matter
In many organisations, compliance systems are fragmented by standard, department, or tool. This leads to duplicated effort, inconsistent evidence, and unclear accountability.
Domains solve this by:
- Grouping related responsibility in one place
- Reusing shared capabilities across multiple standards
- Preventing duplication of audits, risks, and documents
- Making accountability visible and traceable
Domains allow organisations to manage complexity without fragmenting control.
How Domains Work in Zebsoft
Domains do not introduce new tools.
Instead, they configure and coordinate existing Capabilities — such as audits, risk, document control, incidents, and training — around a specific governance focus.
Within a Domain, you can:
- Identify applicable risks and obligations
- Run audits and assessments
- Maintain policies, procedures, and records
- Track actions, incidents, and improvements
All evidence remains shared and connected across the platform.
Core Zebsoft Domains
Zebsoft supports multiple Domains, each representing a distinct area of organisational responsibility.
Information Security
Governance of information assets, access control, data protection, and cyber risk.
Supports:
- Risk-based security management
- Policy and control governance
- Incident and breach management
- Alignment with information security standards
Health & Safety
Governance of workplace safety, operational risk, and employee protection.
Supports:
- Hazard and risk management
- Incident reporting and investigation
- Training and competency tracking
- Compliance with health and safety obligations
Environmental & Sustainability
Governance of environmental impact and sustainability obligations.
Supports:
- Environmental aspects and impacts
- Compliance obligations
- Performance monitoring
- Continuous improvement
Supply Chain Integrity
Governance of suppliers, contractors, and external providers.
Supports:
- Supplier approval and monitoring
- Compliance evidence collection
- Risk and performance oversight
- Controlled external interaction
Asset & Infrastructure Integrity
Governance of physical assets, infrastructure, and operational reliability.
Supports:
- Asset registers
- Maintenance and inspection records
- Risk and lifecycle oversight
- Evidence of control and condition
Domains and Shield Levels
The number of active Domains and the depth of control applied to them depends on the Shield Level in use.
- Foundation typically starts with one or two Domains
- Growth expands governance across more areas
- Enterprise governs multiple Domains across internal and external parties
The underlying Domain structure remains the same at every level.