LogicManager API
LogicManager is governance, risk, and compliance (GRC) software that helps organizations identify and assess risks, map and test controls, manage policies and vendor risk, run audits, and track issues and remediation through configurable workflows. An unofficial API lets you pull risk
What is LogicManager?
LogicManager is a cloud GRC platform that centralizes enterprise risk management, compliance, policy, audit, third-party risk, and incident workflows with a risk-based taxonomy and automated workflows. Teams use LogicManager to maintain a risk and control library, perform risk assessments and tests, manage vendor questionnaires and due diligence, run audits and capture evidence, track issues and remediation plans, manage policies and attestations, and deliver board-ready reports and heatmaps.
Core product areas include:
- Enterprise Risk Management (Risk Register, Risk Taxonomy, Scoring, KRIs)
- Control & Compliance (Control Library, Control Tests, Regulatory Mappings)
- Audit Management (Audit Plans, Workpapers, Findings, Evidence)
- Third-Party Risk (Vendors, Due Diligence, Questionnaires, Risk Tiers)
- Policy & Attestation (Policy Lifecycle, Reviews, Acknowledgments)
- Issues & Remediation (Issues/Findings, CAPAs, Tasks, Workflows)
- Reporting & Analytics (Dashboards, Heatmaps, Benchmarking)
Common data entities:
- Users, Roles/Permissions (GRC Admins, Risk Owners, Control Owners, Auditors)
- Risks (metadata, categories, owners, inherent/residual scores, KRIs)
- Controls (description, test frequency, mappings, effectiveness)
- Assessments & Questionnaires (templates, assignments, responses, status)
- Vendors/Third Parties (risk tier, contacts, assessments, issues)
- Audits (scope, workpapers, tests, findings)
- Issues/Findings (severity, root cause, related risks/controls, status)
- Remediation Plans & Tasks (actions, owners, due dates, progress)
- Policies & Attestations (versions, approvals, acknowledgments)
- Documents/Evidence (attachments, versions, checksums)
The LogicManager Integration Challenge
GRC and audit processes are nuanced, and turning portal-driven workflows into robust APIs is non-trivial:
- Risk taxonomy complexity: Risks, controls, processes, and regulations are interlinked and role-aware
- Scoring and methodology: Likelihood/impact matrices, residual calculations, and KRIs require careful modeling
- Workflow-heavy features: Assessments, approvals, and attestations are optimized for UI flows
- Authentication and SSO: SSO/MFA and rotating cookies complicate headless automation
- Evidence handling: File uploads/downloads, checksums, and retention policies must be respected
- Data spread: Key context spans risk, control, audit, and vendor modules with cross-references
How Supergood Creates LogicManager APIs
Supergood reverse-engineers authenticated browser flows and network interactions to deliver a resilient API endpoint layer for your LogicManager tenant.
- Handles username/password, SSO/OAuth, and MFA (SMS, email, TOTP) securely
- Maintains session continuity with automated refresh and change detection
- Normalizes responses so you can integrate once and rely on consistent objects across modules
- Aligns with customer entitlements and role-based permissions to ensure compliant access
Getting Started
- Schedule Integration Assessment
Book a 30-minute session to confirm your modules, licensing, and authentication model.
- Supergood Builds and Validates Your API
We deliver a hardened LogicManager adapter tailored to your workflows and entitlements.
- Deploy with Monitoring
Go live with continuous monitoring and automatic adjustments as LogicManager evolves.
API Endpoints
Authentication
/sessionsEstablish a session using credentials. Supergood manages MFA (SMS, email, TOTP) and SSO/OAuth when enabled. Returns a short-lived auth token maintained by the platform.
Authentication
/sessions/refreshRefresh an existing token to keep sessions uninterrupted.
Risks
/risksList risks with filters and summary details.
Assessments
/assessmentsLaunch a risk, control, or vendor questionnaire based on a template.
Issues & Findings
/issuesCreate an issue/finding with severity, relationships, and an optional remediation plan.
Remediation Tasks
/remediation-tasks/{taskId}Update task status, due dates, assignees, and progress with audit-friendly comments.
Use Cases
Risk & Control Data Sync
- Mirror risk and control libraries into your analytics or data warehouse - Keep risk scoring, owners, and KRIs current for dashboards and heatmaps - Normalize control mappings to regulations and frameworks for reporting
Vendor Risk & Assessment Automation
- Launch vendor questionnaires from your product and track completion - Ingest responses, flag risks, and create issues automatically - Sync vendor tiers and due dates, and push reminders programmatically
Audit, Issues & Remediation
- Create findings from external scans or test tools and attach evidence - Assign remediation tasks, track SLAs, and close the loop from your app - Export audit results and workpapers to BI or compliance reporting
Policy Attestations & Evidence
- Trigger policy acknowledgments and harvest attestations at scale - Store artifacts with checksums and expiry metadata for audits - Maintain unified audit trails across systems (e.g., Jira, ServiceNow)
Technical Specifications
Authentication
Username/password with MFA (SMS, email, TOTP) and SSO/OAuth where enabled; supports service accounts or customer-managed credentials
Response format
JSON with consistent resource schemas and pagination across modules
Rate limits
Tuned for enterprise throughput while honoring customer entitlements and usage controls
Session management
Automatic reauth and cookie/session rotation with health checks
Data freshness
Near real-time retrieval of risks, controls, assessments, vendors, audits, and issues
Security
Encrypted transport, scoped tokens, and audit logging; respects LogicManager role-based permissions
Webhooks
Optional asynchronous delivery for long-running workflows (e.g., assessment submissions, approval changes)
Latency
Sub-second responses for list/detail queries under normal load
Throughput
Designed for high-volume risk/control data sync and assessment/issue processing
Reliability
Retry logic, backoff, and idempotency keys minimize duplicate actions
Adaptation
Continuous monitoring for UI/API changes with rapid adapter updates
Frequently asked questions
Supergood supports workflows across commonly used modules such as Enterprise Risk (Risk Register, KRIs), Control & Compliance (Control Library, Tests), Third-Party Risk (Vendors, Due Diligence), Audit Management (Audits, Workpapers, Findings), Policy & Attestations, and Issues/Remediation—subject to your licensing and entitlements. We scope coverage during integration assessment.
We support username/password + MFA (SMS, email, TOTP) and can operate behind SSO/OAuth when enabled. Sessions are refreshed automatically with secure challenge handling.
Yes. We can normalize findings from scanners or monitoring tools and create issues with severity, related risks/controls, and evidence attachments. Updates can be synchronized two-way with systems like Jira or ServiceNow.
Yes. We can launch assessments from templates, manage assignees and reminders, retrieve responses, and upload/download supporting evidence via signed uploads with checksum validation and time-limited URLs.