The GRC Software Buyer's Guide:

Workflows

Much of a GRC platform’s automation work takes place in the form of workflows: preset, customizable processes set up during system implementation. Workflows are where the system is able to automate and perform previously manual tasks—look for the ability to schedule workflows at regular time intervals or by conditional, event-based triggers. Your solution should be able to flag nonconforming evidence for additional review or automatically create a task or workflow for manual followup, allowing you to manage evidence by exception.

The easiest way to enable your collaborators to respond quickly and efficiently to outstanding tasks is to choose a solution that integrates seamlessly with project management tools such as JIRA, Slack, and email. Collaborators can receive alerts and submit evidence directly within the tools they already use, and custom configurations allow for automatic alerts for asset-based or scheduled actions, as well as when evidence issues are detected.

Collaborate effectively
60% of companies struggle to effectively collaborate internally to manage compliance efforts.

Workflows are also particularly helpful in vendor management, trust management, and auditing. For example, your solution should be able to use workflows to simplify audits by mapping request lists to existing controls and evidence and automatically creating tickets for the rest. Instead of going back and forth with your auditor in a GRC version of “Go Fish,” you are able to know exactly what you still need to provide. Your solution should also enable you to share your security posture with customers based on your evidence, controls, and certifications instead of manually responding to VSAs. As each sequence of events in vendor reviews is often reliant upon previous steps’ criteria being met (an NDA must be completed prior to sharing certain documentation, for example), your platform’s workflows should streamline the review process for prospective clients and introduce proactive activities that shorten the time to close.


5 Questions to Ask about Workflows

  • Does your solution provide workflow capability for automatically creating and assigning tickets? 
  • Do workflow automations and approval processes execute immediately, or can workflows be time based, event based, or both?
  • How easy is it for users to create and modify workflows? Does it require assistance from professional services?
  • Does your solution provide workflows specifically in trust management and vendor management to expedite reviews and sales processes?
  • Does your solution automate the resolution of issues?
Next Section