The ISMS is a graph already — assets carry risks, controls mitigate risks, documents describe controls, incidents test them, audits sample them. Graph turns that implicit network into something you can navigate.
Open any entity and walk outward. Sixteen node types in scope today: risks, assets, business processes, controls, measures, documents, incidents, tasks, users, org roles, threats, vulnerabilities, processing activities, service providers, audits, and findings. Seven edge families: ownership, impact, mitigation, documentation, hierarchy, workflow, audit.
- Start anywhere. Pick an asset and see the risks it carries, the controls that mitigate them, the documents that describe them, the incidents that involved it.
- Show in graph. Every detail page carries a "Show in graph" button — drop straight from a record into its relationship view.
- Double-click to open. Any node opens its own record; the graph is a navigation surface, not a read-only diagram.
- Persisted exploration. The view remembers what you expanded; the refresh button re-queries the live data.
- Dark-mode aware, keyboard-navigable, and translated into every supported locale.
Listed in the catalogue so the surface is discoverable, but never billed separately — every Cybsis instance carries it. Where most modules add a new workflow, Graph reveals workflows that already existed in the data model. That's the difference between a feature you buy and a feature that emerges from how the product is shaped.