We’re excited to release two new features in Comply that simplify compliance management: automated evidence collection and Dashboards. Automated evidence collection removes the need to do tedious evidence collection while Dashboards provides data and insights to help you focus on the most critical needs in your program.
These features are intended to help compliance teams continuously monitor their programs, eliminate menial work, and focus their efforts on what’s truly important so they can do more with less.
Single source of truth
“How is your compliance program doing?” That question should be easy to answer, yet most companies struggle to monitor and measure compliance effectiveness because they are manually managing the process across disparate tools. Comply now has Dashboards, a powerful set of reports that answers the “how are we doing” question and makes it simple to act on the required tasks to ensure the answer is “excellent.”
As the single source of compliance truth, Comply makes it easy to store, connect, and control everything in your compliance program, and Dashboards is a simple way to understand the past, present, and future state of the program. Now, compliance teams have a single screen that provides cross-framework insights that are detailed, contextual, and action oriented.
Dashboards is launching with these important reports:
- The Controls Overview provides a single place to view evidence and controls across an entire program in a single view.
- Each framework (SOC 2, ISO 27001, etc.) has its own dashboard which provides a unified view of controls coverage, mappings, and evidence related to that framework with the ability to drill down into requirements and controls.
- The Risk Overview shows all the risks inputted across your program in a single spot with all the critical data and ability to get more details on each risk.
- The Domains Overview shows all the details categorized by domains with a drilldown report for each domain.
For every overview and detail report the insights are dynamic, making it simple to see how that has changed and trended over time. This is the initial set of dashboards that we are making available with plans to continue to add more.
Automating Evidence Collection
In June we released a new feature, automated evidence collection, that removes manual evidence entry so that you can save time and resources while minimizing errors. We started with Github and beginning on Monday, August 10th our GitLab, Jamf, G Suite, and Okta integrations will be more intelligent as we enable automated evidence collection from them.
- Github automatically checks every pull request for passing CI tests and having required approvals.
- GitLab also automatically checks every merge request for passing CI tests and having required approvals.
- Jamf automatically associates devices to the workforce member that uses it as well as checks that devices have disk encryption and automatic updates enabled.
- G Suite automatically checks that 2FA is enabled.
- Okta automatically checks that MFA is enabled and that users have a secure password policy.
Automated evidence collection and Dashboards work together to simplify evidence collection. Whenever automatically sourced evidence requires action it is surfaced in Dashboards. While you’re doing other work, in the background Comply is collecting evidence, and summarizing that effort into easily understandable metrics.
Released alongside Github automatic evidence collection, the Events API provides the benefit of automatic evidence collection for services we haven’t or can’t integrate with. Using the API you can post an event with tags, metadata, and asset mappings programmatically into Comply and then turn that into an evidence artifact using the same customizable Checks that Aptible integrations use. Evidence sourced through the API that requires action will also show up in Dashboards.
Dashboards, Github automatic evidence collection, and the Events API are all available in Comply now. To start using Dashboards all you need to do is login to Comply; to get maximum value from it connect Github to your account.
If you’ve already connected Github then simply authorize the new Webhook GitHub permission through their website or automated email, evidence will then start streaming in automatically. If you haven’t already, connect Github now to take advantage of this feature. And to learn more about the Events API read the documentation.
We’ve heard from many customers about the pains for collecting evidence manually. Bringing automated evidence collection to more services is a high priority for us; please give us your feedback on what services are the biggest evidence collection pain for you!