Much of a GRC platform’s automation work takes place in the form of workflows: preset, customizable processes set up during system implementation. Workflows are where the system is able to automate and perform previously manual tasks—look for the ability to schedule workflows at regular time intervals or by conditional, event-based triggers. Your solution should be able to flag nonconforming evidence for additional review or automatically create a task or workflow for manual followup, allowing you to manage evidence by exception.
The easiest way to enable your collaborators to respond quickly and efficiently to outstanding tasks is to choose a solution that integrates seamlessly with project management tools such as JIRA, Slack, and email. Collaborators can receive alerts and submit evidence directly within the tools they already use, and custom configurations allow for automatic alerts for asset-based or scheduled actions, as well as when evidence issues are detected.
Workflows are also particularly helpful in vendor management, trust management, and auditing. For example, your solution should be able to use workflows to simplify audits by mapping request lists to existing controls and evidence and automatically creating tickets for the rest. Instead of going back and forth with your auditor in a GRC version of “Go Fish,” you are able to know exactly what you still need to provide. Your solution should also enable you to share your security posture with customers based on your evidence, controls, and certifications instead of manually responding to VSAs. As each sequence of events in vendor reviews is often reliant upon previous steps’ criteria being met (an NDA must be completed prior to sharing certain documentation, for example), your platform’s workflows should streamline the review process for prospective clients and introduce proactive activities that shorten the time to close.