SBI Compliance - Prestige Display Instructions
Author screens as instructions. Render them deterministically.
Every default officer workspace module has an authored Prestige surface instruction. The existing module body may remain during migration, but new screen work must update this catalog instead of hand-designing another surface.
Closed Component Vocabulary
prestige.summary
span 12
stat tiles - headline numbers
prestige.board
span 6
status grid - cells by state
prestige.table
span 12
record rows with honest x/y
prestige.detail
span 6
the focal record
prestige.feed
span 4
activity stream
learn.lesson
span 6
cited lesson content - never proof state
learn.quiz
span 6
quiz prompts and options - records decision evidence elsewhere
learn.why-line
span 12
teaching line with content authority
Officer Surface Catalog
| Surface | Band | Lens | Components | Data | Question |
|---|---|---|---|---|---|
| Officer Workspace today #today |
WORKSPACE | desk | prestige.summary prestige.table prestige.detail prestige.feed learn.why-line |
/api/v1/officer/dashboard/api/v1/officer/calendar/api/v1/officer/actions |
What do I do first, right now? The desk prioritizes overdue, weak, and decision-ready work before wider posture browsing. |
| Document Intelligence documents #documents |
WORKSPACE | line | prestige.summary prestige.table prestige.detail prestige.feed learn.why-line |
/api/v1/documents/api/v1/document-intelligence/status |
Which documents are usable evidence, expired, weak, or awaiting extraction? Document intelligence stays evidence-led: extracted facts are shown only with source and processing state. |
| Risk Register risk #risk |
RISK & CONTROL | territory | prestige.summary prestige.board prestige.table prestige.detail learn.why-line |
/api/v1/officer/risks |
Where are risks above appetite and who owns the next review? Risk is a territory view because residual exposure must be read against appetite and coverage. |
| Monitoring Program cmp #cmp |
RISK & CONTROL | line | prestige.summary prestige.table prestige.detail prestige.feed learn.why-line |
/api/v1/officer/cmp/checks |
Which monitoring checks are due, overdue, failed, or waiting for evidence? Monitoring is a line view because cadence, status, owner, and evidence must move in sequence. |
| Evidence & Lineage evidence #evidence |
RISK & CONTROL | line | prestige.summary prestige.table prestige.detail prestige.feed learn.why-line |
/api/v1/officer/evidence/verdicts/officer/lineage/:type/:id |
Can this claim be walked from source to signed audit event? Evidence lineage is the proof spine; unknown or insufficient evidence cannot render as verified. |
| Agentic Proposals proposals #proposals |
RISK & CONTROL | desk | prestige.summary prestige.table prestige.detail prestige.feed learn.why-line |
/api/v1/officer/proposed-actions?status=proposed |
Which AI-proposed actions need a human approval or rejection? Agentic work is surfaced as a decision desk; the model proposes and the human disposes. |
| Regulatory Horizon regulatory #regulatory |
RISK & CONTROL | territory | prestige.summary prestige.board prestige.table prestige.detail learn.why-line |
/regulatory-report?format=json |
Which regulatory changes affect the mapped control territory? Regulatory change is a territory view because clauses, controls, impact, and jurisdiction must cross-map. |
| Critical Services services #services |
RISK & CONTROL | territory | prestige.summary prestige.board prestige.table prestige.detail learn.why-line |
/api/v1/officer/dora/register |
Where do critical services depend on ICT, vendors, substitutes, and owners? Critical services are a territory map of dependencies, gaps, and DORA accountability. |
| Assurance assurance #assurance |
RISK & CONTROL | line | prestige.summary prestige.table prestige.detail prestige.feed learn.why-line |
/api/v1/officer/assurance/findings |
Which reviews, findings, responses, and actions are moving or stuck? Assurance is a line view because review, finding, response, and remediation are sequenced work. |
| Controls & SoA controls #controls |
RISK & CONTROL | territory | prestige.summary prestige.board prestige.table prestige.detail learn.why-line |
/api/v1/officer/controls/api/v1/officer/soa/api/v1/officer/frameworks |
Where do controls, frameworks, applicability, implementation, and evidence coverage stand? Controls and SoA are the core territory cross-map across frameworks, controls, status, and evidence. |
| Policies policies #policies |
RISK & CONTROL | line | prestige.summary prestige.table prestige.detail prestige.feed learn.why-line |
/api/v1/officer/policies/api/v1/officer/policy-exceptions |
Which policies are draft, approved, published, overdue, or excepted? Policies are lifecycle evidence: draft, approval, publication, review, exception, and attestation. |
| Training & Attestation training #training |
RISK & CONTROL | line | prestige.summary prestige.table learn.lesson learn.quiz prestige.detail prestige.feed learn.why-line |
/api/v1/officer/training-campaigns/api/v1/officer/training-assignments/api/v1/risk-lab/scenarios/api/v1/risk-lab/completions |
Which campaigns need a lesson, quiz completion, attestation, or overdue follow-up? Training is not proof by itself: Prestige renders the lesson and quiz, while completion becomes evidence only through a recorded attestation/audit trace. |
| Vendor & Outsourcing Risk vendors #vendors |
RISK & CONTROL | territory | prestige.summary prestige.board prestige.table prestige.detail learn.why-line |
/api/v1/officer/vendors/api/v1/officer/vendor-dependencies |
Where do vendors, DPAs, dependencies, services, and review gaps cluster? Vendor risk is a territory view because third-party proof depends on linked services and dependencies. |
| Incident & Breach Management incidents #incidents |
RISK & CONTROL | line | prestige.summary prestige.table prestige.detail prestige.feed learn.why-line |
/api/v1/officer/incidents |
Which incidents, clocks, notifications, and post-incident reviews are open or blocked? Incident management is a line view because every status transition has gated evidence and clocks. |
| Privacy privacy #privacy |
GOVERNANCE | territory | prestige.summary prestige.board prestige.table prestige.detail learn.why-line |
/api/v1/officer/privacy/activities/api/v1/officer/privacy/assessments |
Where are processing activities, DPIAs, TIAs, transfers, and high-risk privacy gaps? Privacy is a territory map of processing, lawful basis, processors, transfers, and assessments. |
| Access Reviews access #access |
GOVERNANCE | line | prestige.summary prestige.table prestige.detail prestige.feed learn.why-line |
/api/v1/officer/access-reviews |
Which access certification campaigns are in progress, overdue, or complete? Access review is a line view because certification moves campaign by campaign to decision closure. |
| Approvals approvals #approvals |
GOVERNANCE | line | prestige.summary prestige.table prestige.detail prestige.feed learn.why-line |
/api/v1/officer/document-approvals |
Which document versions need sign-off, rejection, or publication? Approvals are a line view because version state changes must stay auditable and ordered. |
| Trust Center trust #trust |
EXTERNAL & BOARD | desk | prestige.summary prestige.table prestige.detail prestige.feed learn.why-line |
/api/v1/officer/trust-center/profile/api/v1/officer/trust-center/resources/api/v1/officer/trust-center/requests/api/v1/officer/trust-center/grants |
What is approved for external sharing and what access needs a decision? Trust Center is a decision desk; only approved resources and access grants may face clients. |
| Board Pack board #board |
EXTERNAL & BOARD | desk | prestige.summary prestige.table prestige.detail prestige.feed learn.why-line |
/board-pack/auditor-pack/dora-pack |
What does the board need to know, and which signed packs prove it? Board view compresses the same live data into executive claims and pack links without new facts. |
| Actions actions #actions |
OPERATIONS | line | prestige.summary prestige.table prestige.detail prestige.feed learn.why-line |
/api/v1/officer/actions |
Which actions need an owner, due date, completion, or escalation? Actions are line work: source, owner, priority, due date, status, and closure evidence. |
| Registers registers #registers |
OPERATIONS | territory | prestige.summary prestige.board prestige.table prestige.detail learn.why-line |
/api/v1/officer/registers |
Where do COI, gifts, complaints, breach log, and other registers need attention? Registers are territory because entries cluster by source register, status, owner, and escalation. |
| Authority Inputs authority-inputs #authority-inputs |
INPUTS | territory | prestige.summary prestige.table prestige.detail prestige.feed learn.why-line |
/api/v1/subscriptions/api/v1/impact-alerts/:id/state |
Which standards, regulators, and framework authorities should agents monitor for control changes? Authority inputs are the upstream source lane: subscribed public sources, standards-search terms, cadence, and reviewed alerts feed the compliance spine before controls, clauses, or dockets change. |
| Authority Library authority-library #authority-library |
INPUTS | territory | prestige.summary prestige.table prestige.detail prestige.feed learn.why-line |
/api/v1/documents/api/v1/documents/search/api/v1/officer/frameworks/api/v1/subscriptions |
Which acquired authority and standard documents can I preview, search, cite, and map to controls? Authority Library is the document-side proof of subscriptions: official/public sources can show originals, while restricted standards show provenance and license state without fabricating public text. |
| Event Intake intake #intake |
OPERATIONS | desk | prestige.summary prestige.table prestige.detail prestige.feed learn.why-line |
/api/v1/officer/intake |
Which unscheduled events must become actions, register entries, or escalations? Event intake is a desk because new signals must be triaged before they enter the compliance spine. |