Collecting evidence is one of the most challenging things compliance teams are tasked with. Comply prioritizes automating evidence collection so compliance teams can focus on more important problems, however because not all evidence collection can be automated (yet) some evidence still requires old fashioned manual collection.
Manually collecting evidence is hard because it typically requires the compliance team to collaborate with control/asset owners to capture evidence on a regular basis. This process of herding cats usually ends up with compliance teams collecting evidence in a way that resembles this process:
This process typically requires the compliance team to use the following tools:
Comply wanted to simplify this process for compliance teams and control/asset owners. To do this Comply provides a single source of truth with automated workflows for compliance teams, paired with deep integrations with email, Slack, and Jira to “bring the tool to them”.
For the compliance team to simplify control implementation, Comply has a feature called Procedures which are essentially smart tickets that can be triggered manually, or automatically based on a time period or an asset activity.
For example, it’s common for compliance teams to have procedures that run monthly or quarterly to rotate encryption keys and capture evidence of completion. In this example Comply automatically creates a ticket based on the schedule you select in the procedure. Another common use case is to have a set of steps that needs to happen when onboarding a new employee, and in this example the ticket gets created automatically when a new user is recognized in the system.
The tickets created by the procedures include all of the information required to complete the task and are tied to the control so when evidence is captured it’s easy to use in an audit. These automated workflows make it simple for compliance managers to execute on control implementation and store the results all in an easy-to-use way in a single tool.
Bring The Tool To Them
On the other side of these Procedures are the people who are actually onboarding users, rotating encryption keys, and doing other critical security and compliance tasks. For many companies these people receive written instructions, in-person training, emails, calendar invites and more -- and are then expected to capture evidence and correctly place it into a cloud storage system.
With Comply, there is a better way; don’t make your compliance collaborators login to a special tool or cloud storage system, simply bring the tool to them. Comply is deeply integrated with email, Slack, and Jira to:
Like most great solutions it’s relatively simple:
With Comply, control and asset owners don’t need to login into the tool to complete an evidence request, they can use the tools they are already using. Compliance teams no longer need to manage a set of tools to collect evidence with collaborators, they can just use Comply for evidence requests and have all the evidence automatically organized in a single source of truth.
If you’re sick of the manual process of compliance collaboration, there’s a better way. Stop using many tools, and stop requiring control/asset owners to learn a new tool, use an end-to-end compliance platform with intelligent integrations that brings the tool to them. Try Comply today!