Collecting evidence is one of the most challenging things compliance teams are tasked with. Comply prioritizes automating evidence collection so compliance teams can focus on more important problems, however because not all evidence collection can be automated (yet) some evidence still requires old fashioned manual collection.
Manually collecting evidence is hard because it typically requires the compliance team to collaborate with control/asset owners to capture evidence on a regular basis. This process of herding cats usually ends up with compliance teams collecting evidence in a way that resembles this process:
- Identify and assign control / asset owners
- Create some piece of documentation (often slides) to train collaborators of the evidence they need to collect
- Schedule time with the whole team to train them on the process
- Send emails one-by-one or to a group list when evidence is needed
- Follow up before the due date if evidence isn’t submitted
- Collect evidence in a cloud storage solution
- Track evidence submissions in a spreadsheet
- Organize the evidence in a way that can be mapped to an auditors requests
This process typically requires the compliance team to use the following tools:
- Project Management Tool
- Cloud Storage
Comply wanted to simplify this process for compliance teams and control/asset owners. To do this Comply provides a single source of truth with automated workflows for compliance teams, paired with deep integrations with email, Slack, and Jira to “bring the tool to them”.
For the compliance team to simplify control implementation, Comply has a feature called Procedures which are essentially smart tickets that can be triggered manually, or automatically based on a time period or an asset activity.
For example, it’s common for compliance teams to have procedures that run monthly or quarterly to rotate encryption keys and capture evidence of completion. In this example Comply automatically creates a ticket based on the schedule you select in the procedure. Another common use case is to have a set of steps that needs to happen when onboarding a new employee, and in this example the ticket gets created automatically when a new user is recognized in the system.
The tickets created by the procedures include all of the information required to complete the task and are tied to the control so when evidence is captured it’s easy to use in an audit. These automated workflows make it simple for compliance managers to execute on control implementation and store the results all in an easy-to-use way in a single tool.
Bring The Tool To Them
On the other side of these Procedures are the people who are actually onboarding users, rotating encryption keys, and doing other critical security and compliance tasks. For many companies these people receive written instructions, in-person training, emails, calendar invites and more -- and are then expected to capture evidence and correctly place it into a cloud storage system.
With Comply, there is a better way; don’t make your compliance collaborators login to a special tool or cloud storage system, simply bring the tool to them. Comply is deeply integrated with email, Slack, and Jira to:
- Provide notification of a request for evidence, along with all of the details needed to complete the request
- Allow them to upload the evidence of completion right from that notification
Like most great solutions it’s relatively simple:
- For Email: The control/asset owner gets an email when evidence is requested and they reply to the email with whatever notes they want to send as text and evidence as an attachment.
- For Slack: The control/asset owner gets a Slack notification when evidence is requested and they reply in a thread with whatever notes they want to send as text and evidence as an attachment.
- For Jira: The control/asset owner gets a Ticket created when evidence is requested and they complete the ticket with whatever notes they want to send as comments and evidence as an attachment.
With Comply, control and asset owners don’t need to login into the tool to complete an evidence request, they can use the tools they are already using. Compliance teams no longer need to manage a set of tools to collect evidence with collaborators, they can just use Comply for evidence requests and have all the evidence automatically organized in a single source of truth.
If you’re sick of the manual process of compliance collaboration, there’s a better way. Stop using many tools, and stop requiring control/asset owners to learn a new tool, use an end-to-end compliance platform with intelligent integrations that brings the tool to them. Try Comply today!