Which of the following is NOT a primary parent table for GRC applications?

In GRC applications, the content structure is organized around a hierarchy of master tables that store governance artifacts: a top-level container for the overall content, then items that define the specific controls or requirements, and documents that hold policies, procedures, or evidence related to those controls. These three tables form the main parent-child relationships used to manage GRC content. An Asset sits in the Asset Management/CMDB domain, representing hardware, software, or other IT assets. While risks and controls can reference assets, assets do not serve as the parent container for GRC content. They’re linked to risk records or control items rather than organizing the GRC artifacts themselves. So, the asset table is not a primary parent table for GRC applications.