Aptible logoUse CasesCustomersLog In
Menu
Chris Gomes
Blog
Chris Gomes
August 20, 2019

New Release: Aptible Comply Workflows manages your security processes

Our Mission here at Aptible is to build trust on the internet. We do this by making it easier for companies to go from having an idea to releasing it to the world safely and securely.

Historically, building trust has meant helping companies design a Security Management program, then perform a great deal of manual activities in order to operate it, and then finally attempt to share the evidence of those activities with customers and regulators.

All these manual processes amount to a lot of keep-track activities. This makes Security Management hard. A well-built Security Management program typically requires:

  1. Policies that are written to meet some security standard

  2. Interpretation of those policies into activities

  3. Delegation, follow up, reminders

  4. Tracking completion and sharing evidence

This system is highly inefficient, requires tons of effort, a ton of docs, issue trackers, and spreadsheets. It leaves internal stakeholders worried that something has been missed.

We built Aptible Comply Workflows to streamline this system. It gives life to your policies and automates the management of your company’s security, keeps track of everything you have to do to maintain compliance and stay secure, and acts as the single source of truth for your company. All so that you can keep your data secure and ultimately build trust with your stakeholders.

Introducing: Aptible Comply Workflows

Aptible Comply Workflows turns your Security Management program into actions and helps you manage those actions with:

  • Pre-built security processes

  • A complete, audit-ready system of record

  • Delegation, collaboration, and automated Follow up

With Workflows, Aptible Comply gives you audit-ready processes created just for you. This brings your policies to life, making it easy to ensure you are following your security and compliance rules.

Instead of searching through long documents and tracking spreadsheets, or trying to maintain compliance reminders on your calendar, Aptible Comply gives you easy-to-understand timelines and triggers that can be automatically delegated to team members. Notifications, delegation, collaboration, and automated follow up are managed for you to make sure your compliance and security work are done on time. Each Workflow provides clear instructions and is fully tracked with visible results--internally, and to stakeholders such as auditors.

Workflows turns Aptible Comply into the single source of truth for not only what should happen in your Security Management program, but also what actually did happen. This means: No more worrying about remembering “Have we done our monthly access control review?” Or, “Do we have a record of our most recent employee onboarding?”

All of your compliance efforts are tracked for you, and you’re automatically notified if something will cause you to be out of compliance. You know that everything is being done to keep your company in compliance at all times. You’re also given a place to point team members, customers, and regulators so that everyone can have visibility into your security process making it easy to get aligned and build trust with stakeholders.

How Aptible Comply Workflows works

Let’s say you’ve cancelled a contract with a vendor, and you’re wondering “What are the compliance-related activities we have to do to make it official?”

  • Navigate to the “Operate” tab in Aptible Comply. You'll find a list of audit-ready Workflows that have been created for you, ready out-of-the-box. In this case, we want to offboard a vendor.elect the “Vendor relationship terminated” event, and enter the name of the vendor.

  • Comply will automatically kick-off a Workflow to offboard the vendor. Rather than searching through documents or spreadsheets, Comply will start the appropriate processes, and ensure that each step is completed. In this case, Comply will send a notification to the team responsible for offboarding this vendor.

  • After Comply notifies the team member, it’s easy for them to take action. They can login and get a list of all Workflow steps that have been assigned to them that are still outstanding. They can process each step using the easy-to-understand instructions. Once they’ve completed the relevant vendor offboarding steps, each activity is tracked generating the necessary papertrail of what did happen in your organization the next time you’re up for an audit.

contentful

But vendor offboarding is just one example. Anything you need to do on an ongoing basis to stay compliant - whether with HIPAA, GDPR, SOC 2, ISO 27001… is now a Workflow. That includes:

  • Employees (onboarding, offboarding, change in duties)

  • Incidents and Disruptions

  • Devices (New device, deprovisioning device)

  • First party assets (reviews, adding / removing what?, etc.)

  • Audit cycle events

  • Regular reviews (Access control reviews, device audits)

  • And more...

You get each of these out-of-the-box with your Aptible Comply subscription, meaning you don’t have to create any of these Workflows from scratch.

Get started with Aptible Comply Workflows

We’re excited to empower more teams to build strong data protection programs and to build trust with their stakeholders using Aptible Comply Workflows.

If you’re an Aptible Comply customer, then Workflows is already included in your subscription. Just contact your customer success manager (or success@aptible.com) to get started.

If you’re not a current Aptible Comply customer, we’d love to help you get started. Sign up now to learn more.

And, if you’d like more detail on how to use Workflows, check out our Workflows-focused webinar: https://www.aptible.com/webinars/workflows