Learn more about Aptible Comply Workflows!

July 31, 2019 3:00 PM

In this recorded Webinar, Aptible Product Lead Chris Gomes and Product Marketing Manager Rob deJuana-Matthews discussed the release of Aptible Comply Workflows. Workflows helps Aptible Comply customers to keep track of everything they need to do on an ongoing basis to maintain compliance. 

Find out:

  • How Workflows turns Comply into the single source of truth for what should happen and what did happen in your security management program.
  • How Aptible Workflows automates the delegation of security related activities to the appropriate team member.
  • How Workflows notifies you of missed activities or events that might affect your compliance.
  • How you can get started using Workflows today.

Presented by

Rob deJuana-Matthews
Chris Gomes
Product Management


Rob deJuana: 00:07 Thanks for joining the Aptible Comply Workflows webinar. We'll be starting soon, we're going to give everyone a few more minutes to filter in.

Rob deJuana: 01:28 Hi, I'm Rob deJuana Matthews, Aptible's Product Marketer and I'll be your MC for today's webinar. I'd like to welcome you to the Aptible Comply Workflows webinar, the first in our new Comply Product Webinar series. Thanks for taking the time out of your day to join us and learn more about Aptible Comply Workflows. Our mission is to build trust on the internet and we're going to talk today about how we help you do that.

Rob deJuana: 01:55 We believe that Workflows is the next evolution in being able to build trust and do that efficiently. I'm fortunate to be joined by Chris Gomes our Product Management Lead, who has talked a ton with customers about how to improve Security Management programs. We hope that you'll be as excited about this new functionality as we are.

Chris Gomes: 02:17 Sorry I'm so eager I'm like jumping in over Rob . Great to see a bunch of familiar names in here. Thanks everyone for carving time out of your afternoon or morning to join, we're super excited to be sharing about the Workflows functionality that we've been spending the past few months working on and we're very grateful for the input that many of you have provided already, either as part of the beta or just through conversations that we've had for this Workflows functionality.

Rob deJuana: 02:45 Today we're going to try to get you all out of here a bit early. As part of the webinar series we're committed to bring you regular updates on development of Aptible Comply. We aim to have about 30 to 45 minutes of content per webinar, today we're tracking at around 20 to 30 minutes without Q&A so we'll be able to get to most of your questions and still give you back some time in your day. We're going to be going over:

New Speaker: 03:07 The problems we saw in operating a Security Management program, (which is the reason we built Comply Workflows.) How we're seeing companies trying to address that problem today, And how we think it should be solved, which is Aptible Comply Workflows; the way that we really think you should be able to handle a security management program without making your life (sort of) hell.

Rob deJuana: 03:35 We're also going to give you a quick demo of Comply Workflows and then we're going to move into Q&A. If you have any questions throughout the webinar please put them in the Q&A tool so that we can make sure to get to all of them. If we can't get to your question during the actual Q&A period we'll make sure to respond via email after the webinar.

Rob deJuana: 03:55 So the problem is basically that operating a Security Management program is painful. It's just a ton of keep track activities that you need to do in order to maintain Compliance and Security. You have to keep track of all the security-related events that your company has to do and that your team has to do. You have to make sure that you're constantly reviewing your security controls to make sure they're valid, if you add new tool you have to go back and say, "is this still relevant?" You have to go and make sure that you have response plans in place for events that can be anywhere from a security breach to onboarding and offboarding a employee and this is just a lot. It's super painful and it looks kind of like this, you've probably seen this, you probably use this. Chris, you want to speak to how this makes people feel?

Chris Gomes: 04:51 I think it makes them feel very nervous and very consternated basically for what Rob is talking about as soon as you design your Security Management program you specify "here are the promises we're making around information security and privacy", you then have a very large mandate and obligation to do all those things that you said you were going to do, to pass an audit, to build trust with your customers, to answer a vendor security assessment and like Rob said there's a ton of keep track and for many of our customers, this is what that looks like. It looks like spreadsheets, it looks like Trello boards, it looks like setting calendar invites to remind you to do something in six months or to do something every quarter and there's a common pattern here which is, there's some work to be done, we have to keep track of who's doing it, when they have to do it and then we have to log that it got done. That is where you see a lot of these spreadsheets come in and taking the same sort of form and it suffers all the problems of a tool that's not actually built for that purpose which is... a spreadsheet is not going to remind you to do something six months from now, a spreadsheet is not going to tell you if you're inputting the data wrong, a spreadsheet is not going to enforce consistency across all these different workflows.

Chris Gomes: 06:13 This is the pain that Rob was talking about and we know that some of you have experienced it firsthand.

Rob deJuana: 06:19 There's that special kind of world where you have the spreadsheet loaded into an Asana board and then you're trying to remind people to, "hey check the spreadsheet, update it" it's fun. And so that's really how people are addressing it today, you're putting pen to paper. They're building these spreadsheets that have to keep track of not only activities but documents, reports, screenshots, any kind of tools that are there, activity statuses and when you're doing all this and making sure that they are kept up to date and that they're relevant, you also have to follow up with the activities that your team members have to do that are documented and make sure that not only have they done them but that they've put them in and mark them in the spreadsheet and people using comments to do this and saying "hey, could you please make sure this is done? and when it is could you update me either via email or put a comment" but, you know, that doesn't scale, it gets really hard to do.

Rob deJuana: 07:20 It's a necessary, but super painful process and so that's why we built Aptible Comply Workflows and I've seen it. I'm crazy excited about it because it solves this issue. You don't have to do this anymore and I know that you're thinking "you're the product marketing guy, you have to be excited about it." Well, I actually am excited about it because is really cool and so Chris, I'm going to stop bloviating and give it to you.

Chris Gomes: 07:50 I'm just going to keep bloviating so I don't know if that handoff was meaningful, but yeah, Aptible Comply Workflows we built specifically to address this pain and so we're super excited to dive into how it works now and to get your feedback on it when you start engaging with it.

Chris Gomes: 08:06 Basically at a very high level how the Workflows work are represented here and we will get into this by looking at some screenshots and then in the demo it'll be brought to life further. Essentially, the first step in these Workflows is customizing them so that it actually suits your business much in the same way that you customize Policies or Procedures today in Aptible Comply so there's still all that same functionality to make it your own. Then you switch over to the Operate stage which is when... now we're running this thing on an ongoing basis and we need to do all these Workflows. You can trigger the Workflows in one of two ways. The recurring style of Workflows like monthly Access Control reviews, annual Asset Inventory review, annual Risk Assessments, those you basically just schedule the first instance of it and then they will automatically be populated thereafter according to the appropriate cadence, or you can trigger an ad hoc Workflow; those are things like "hey we're onboarding a new workforce member this week, what do we have to do as it relates to Compliance" or "hey we're deprovisioning an asset" or "hey somebody lost their phone." These are all of the sort of ad-hoc workflows that have compliance requirements that you can now trigger inevitable comply.

Chris Gomes: 09:23 Upon triggering them, the appropriate team gets notified and they get reminded on an ongoing basis bringing them into the app to let them know that there's some Compliance work to be done and then the app gives them a tool to actually satisfy the compliance requirement and create a record of that having been done in a single source of truth, so let's jump into what that looks like.

Chris Gomes: 09:48 Here's that first step of basically the Design stage, customizing the Workflow and here's an example of a Workflow whereby a legal team has an obligation to offboard a vendor within seven days of a vendor relationship being terminated and so this used to be just unstructured Procedures in Aptible Comply and so your best bet was to just go and read dead letters on paper. Now this takes the form of a team that is assigned the task and the precipitating event that's going to trigger the Workflow and what you see here then is the specific procedures that you can customize so that when a member of the legal team logs in, they see exactly what they have to do in order to satisfy this environment.

Chris Gomes: 10:37 On this slide what you're looking at is, "how do you actually generate an instance of one of these Workflows?" now that you've designed it and you've specified how the legal team sho uld go about offboarding a vendor. Now let's say we have a vendor to offboard and so here's where we're showing you the trigger event functionality.

Chris Gomes: 10:57 Essentially, you'll click a button that brings up an interface whereby you can select the event that has a Workflow which you want to trigger, in this case Vendor Relationship Being T erminated and then you can enter any additional context here that's going to be useful for the assignee and legal team member who logs into the app to do this. Since so here we've entered zero just as an example and that's when you hit trigger event and that will actually create some work to be done.

Chris Gomes: 11:27 What you're seeing here then, is an example of an email notification that would go out and there's essentially two types of these emails. They both take the form of a digest so they go out on a weekly basis. One goes out to any assignee who has some work to be done in Aptible Comply and so that will list any of the Workflows that are assigned to them. It prioritizes it based on the due date, so those Workflows that are due soon, those that are overdue, or those that are coming up later. The second type of digest which we don't have a screenshot of, but it's essentially the overall Security Officer view. As the Security Officer every week, you're getting a 30,000 foot view of what are all the Workflows that people are supposed to be doing that have been delegated out? And are they getting done or not? You can rest assured that those people are being notified and reminded but it gives you that sort of a 30,000 foot view so you know overall for your business, what needs to be taken care of.

Chris Gomes: 12:35 So then, you're going to log into the app if you are a legal team member for example, who had this particular Workflow assigned to you. And what you're looking at here are the step-by-step Procedures that you authored in the Sesign stage so that I as the assignee of this workflow, I know exactly what to do and I can click on any of those (and we'll show this in the demo,) to bring up the specific instructions so I don't have to go to different systems to understand what needs to happen, everything I need is right here. I click on the email, I come right into Aptible Comply and I see the work to be done. You'll see in the upper right hand corner that there's a drop down that's essentially just so that I can mark the workflow as complete, you can cancel the Workflow if it was created accidentally and then you hit save.

Chris Gomes: 13:22 When you hit save, what you're basically building is an audit-ready system of record for all of these Workflows that have now been conducted, in a single place. And so here, for example, we're filtering to those Workflows that have been completed by the Legal Team and so you can see here, we're looking at these different vendors whom we have offboarded; Microsoft Teams, Drift, Xero and so to the question of "How do you do vendor offboarding? show me the example of when you offboarded the vendor in the past." You're building that Audit-ready system of record, just by conducting those Workflows in Aptible Comply.

Rob deJuana: 14:03 Chris, what else can we use Workflows for?

Chris Gomes: 14:07 Great question Rob! Check out this slide right here! The example we went through was Vendor Management but we really want to make clear to everyone that essentially the set of Workflows that we've populated in Aptible Comply for you, are all of those things that you need to do to stay compliant with the protocol that you've subscribed to whether it's HIPAA, whether it's GDPR, whether it's ISO 27001, SOC 2, whatever it may be, we've delineated all of the Workflows that are necessary to stay in compliance on an ongoing basis. Those relate to things like Vendor Management, employee onboarding and offboarding, changes in duties, Incidents and Disruptions. You can now trigger a workflow after you've discovered an Incident or have experienced a Disruption, Devices... let's say you're provisioning a new device for an employee or you're deprovisioning a device, Assets, so your Asset Inventory review, adding and removing ISMS assets, even Audit cycle events.

Chris Gomes: 15:12 You've got an ISO 27001 audit coming up? There's some Workflows that you have to do to prepare for that. All of those Workflows are now in a single source of truth so that essentially you get a big green light that says "am I ready for the next audit or not? Have we been doing all of the things that we've said we're going to be doing per the design of our program?" And so the list goes on and on and essentially we arm you with these out of the gate so you don't have to define these Workflows yourself, you just automatically get them based on whatever protocol you're subscribed to.

Chris Gomes: 15:48 So what does this actually get to you? First and foremost, you get a single source of truth of not just what should have be done but, what actually is getting done. You can therefore measure the delta, you can see "hey what do we need to take action on? what's overdue?.

Chris Gomes: 16:06 These are the sort of things that are going to come back to bite us when we're up for that next Audit." And so it allows you to correct that delta. The second thing it gives you is some peace of mind, and I know many of you who have dealt with the pain of scheduling Google Calendar reminders for yourself to remember to do things, having a spreadsheet and just logging in and saying "Man, when was last time we did this? when was last time we did an asset inventory review?" This is giving you that peace of mind that this stuff is actually getting done, automatically delegating activities to the teams, notifying the responsible people so that's one last thing that you as the Admin or the Security Officer have to do and then when things aren't getting done and people need a little nudge, you still have that visibility, It doesn't hide that from you.

Rob deJuana: 16:52 It just keeps people from feeling like "Am I doing the right things?"

Chris Gomes: 16:57 Yes.

Rob deJuana: 16:59 So, has this solved that problem?

Chris Gomes: 17:02 Yes! Resoundingly! A single place for anyone to see what are my compliance responsibilities first and foremost. I'm a member of the legal team, I'm a member of the reliability team, I'm a member of the ops team, what do I need to do? Log into that single source of truth to get that and a consistent way to report "Yes I did my work." Sound familiar? This is the problem that people have been addressing to date with spreadsheets, with Trello cards, with tagging people in comments on Google Docs. We're now giving you a single source of truth to maintain all of that and the final output of all of this which we have heard from many of you firsthand is, "help me build a culture of security and compliance as a first class operation in my business." A lot of our Security Heroes, like the people in attendance of this webinar, take on a lot of the responsibility of security and compliance themselves and this is a first step in helping you build that culture beyond just the Security Officer, beyond just the Admin in Aptible Comply but rather getting everybody to help do their part and to be able to delegate still from a single source of truth.

Rob deJuana: 18:10 I think it's probably evident, but as someone who has been on the "having a To-Do" end of this with spreadsheets; for me it's really hard because I've got all these other things I need to do in the course of my day and then trying to actually go in and remember "okay, I've got comments on documents that I'm working on, I've got comments on things that I'm trying to do for planning and then I also have these comments," sometimes I get lost, especially if it's something for security it's something that I really don't want to miss, but I often do because I don't have a place to go and say "okay, where is everything that I need to go ahead and do?" and now I have that and I think that's awesome and so Chris I'd love to ask you can we switch over to a demo now? Because I really want people to see this.

Chris Gomes: 19:01 Yes, let's do it and we decided to do the demo live so everybody please[inaudible 00:19:07] close your eyes and think of Murphy's Law, what can go wrong, will go wrong.-

Rob deJuana: 19:11 Fingers crossed.

Chris Gomes: 19:16 First I'm going to screw up sharing my screen that's the first Murphy's Law problem... Can everyone see my screen here? Rob maybe you can give me a head nod.

Rob deJuana: 19:29 I can see it here.

Chris Gomes: 19:31 Okay, great. I'm going to clear this for a second so we can ground everyone in what you're looking at. What I'm going to walk through in this demo is basically illustrating the steps that I went through and telling an end-to-end story of how you design a Workflow and then operate that Workflow, conduct that Workflow, and then Audit your Security Management system so that you know whether or not you're ready for that next Audit.

Chris Gomes: 19:57 The first thing that you'll see here in this Design tab is the set of domains that we're working with is streamlined. And so for our existing Aptible Comply customers who are familiar with a broader set of domains, they may have a question about how does this affect my... (thank you for the request to zoom.)

Chris Gomes: 20:20 Folks might have a question of how do I get my content in this Workflows format? We'll address that at the end of this webinar, we'll talk about if you're ready to use tasks, what does that mean? What does that look like? How do you get started? But you'll see here we've got a simplified set of domains, and for any one of those domains, let's look at Vendor Management for example, what you're going to see, again, is that we've streamlined and simplified the same elements of the domains such as the owner and the maintainer and the audience.

Chris Gomes: 20:50 The next thing you're going to notice are these Workflows, and so rather than just having these as unstructured Procedures they now take the form of, some team is going to do something in the wake of some events or on some regular basis, like the annual vendor review being due and each one of these Workflows has a set of Procedures associated with it that you can mark as implemented, or that you can mark has not yet implemented, in the same way that we give you a Procedures roadmap today so that you know, how close you are to just having all of these Procedures ready to go and actually running in your business.

Chris Gomes: 21:29 I've gone ahead and marked some of these as implemented to begin with, but for any of these you can see the protocol Controls that this particular Procedure satisfies. You can jump in here and just like our existing app, you can edit the Procedure to your heart's content and so you can see the edit there and just like our existing app, you can always keep track of the most recent edit you made using our diff functionality and so this is basically the Design stage where you're authoring one of these Procedures. So let's specifically look at the Vendor Termination Policy. Here we have a workflow, legal team shall offboard a Vendor, after a Vendor relationship was terminated.

Chris Gomes: 22:13 Now let's talk about "How do you actually use that Workflow in the wild?" Now we're ready to terminate a relationship with the vendor, what do we do? That's when you flip over to this Operate tab and in this Operate tab... (I'm zoomed in here a little bit, let me know if the text is too small I just zoomed out a little bit,) but in this Operate tab, you basically have a panel of any tasks, any Workflows in your inbox and so to generate one of these, we can just jump in and say "All right, we're terminating a relationship with the vendor." Let's say it Salesforce, and so we're going to trigger that event and now the Workflow associated with it is in your inbox right here and so this is assigned to the legal team, because that's what we specified in the Design stage and you can see that the very same procedures that we authored in the Design stage are now visible here.

Chris Gomes: 23:09 The reason is, we want the member of the legal team whose logging in to conduct this Workflow to have everything he or she needs in order to conduct it right here in a single place. That person can then log in, they see that they have some work to be done, they receive an email notification, they can go ahead and mark this as complete.

Chris Gomes: 23:29 Now, in our completed view of the world, we have a record of all of the vendors that we've offboarded and so you're building that source of truth, you're building that single system where you're preparing an audit-ready report of every time you conducted that Workflow.

Chris Gomes: 23:47 The final stage here is basically confirming that you're ready for an upcoming audit so you flip over to the Audit tab. For those of you who have used our Protocol Assessors in Aptible Comply, we've built the functionality to be familiar and to echo that Protocol Assessor so for any particular protocol that you're subscribed to, you can jump in and you can say "okay, how are we doing?"

Chris Gomes: 24:12 Right now we are assessing the design and implementation of an ISO 27001 program, and so what you're seeing here are all of the Controls that are required by ISO 27001 and if you jump into any of the filtered views, what you're basically looking at are... "Here are the controls where we have fully implemented all of the Workflows necessary to satisfy that control." And this is essentially that roadmap that we were talking about before. You can hop to those that are partially implemented and so you can see here that for collection of evidence, here's the ISO control on the right, we can see that it's partially implemented because some of the procedures have been marked as implemented but not all. And so if you scroll through here you can see that down here we have some Procedures that we haven't yet marked as implemented. Essentially, the purpose of this assessor is to just give you the confidence that the design and the implementation of your program satisfies ISO 27001.

Chris Gomes: 25:21 That's the demo at a very high level. Rob, do you want to bring the slides back up?

Rob deJuana: 25:39 Should be good now.

Chris Gomes: 25:40 Great, thank you very much. As I mentioned, there's a step to getting started with workflows and it's not just going to appear in your Aptible Comply environment overnight and that's because, as I mentioned, we basically have done two things that would affect the content of your Security Management program.

Chris Gomes: 25:59 We've vastly streamlined and simplified the language and we've taken some of those unstructured procedures and turn them into these Workflows. If you're interested in getting started with Workflows, here's the process. Let a Customer Success Manager know, that's either Sarah or Tyler, our great Customer Success Managers or you can also email success@aptible.com and that will ping both of them. Just shoot them an email saying 'hey, I was at the webinar, Chris and Rob are awesome and I'm ready to start using Workflows.

Rob deJuana: 26:31 Especially that second to last part last part.

Chris Gomes: 26:33 Exactly, don't forget that part. The next thing that will happen is basically, we will take care of preparing your content in this new Workflows format. Behind the scenes this won't affect your existing program, you don't have to worry about that. Behind the Scenes will basically move the content of your security program around so that it fits this new Workflows view of the world and then we schedule a kickoff call with you where we say "Hey, here's how it looks, everything is there, it's just been moved around. It's now structured in this workflows, flavor." And you give us thumbs up and as soon as you do that, then we basically make that your default program. Long story short, there's not any work required on your end other than emailing the Customer Success Manager and then we will take care of preparing your content for you.

Rob deJuana: 27:27 Chris, would you like to tell us a bit about what's coming up after Workflows?

Chris Gomes: 27:34 Yes, I would love to. We have two big initiatives coming up after workflows and we invite you all to get pumped up about them. And by that I mean, we are looking for your feedback on these upcoming initiatives. The first is, we want a superpower Workflows and the... what I mean by that is this is the first release of Workflows. There's a lot of places that we're hoping they can take Workflows to make them even more powerful and more accessible like the ability to attach evidence to the specific Workflows like screenshots. So first and foremost, we want to hear from you as you dive into Workflows. Tell us what would make it more useful to you, tell us what would make it more powerful and we are really interested in making those improvements and iterating on Workflows.

Rob deJuana: 28:27 Yeah.

Chris Gomes: 28:27 Second Edition[crosstalk 00:28:29]-

Rob deJuana: 28:28 Sorry. To jump in real quick, one of those... as part of that at the beginning slide of this and you'll get a recording of this, both of our emails are on that first slide. Feel free to email us or to email success@ or if you know your Customer Success Manager's email go ahead and email them, any one of us it will get back to us we'll make sure that we get in touch with you and that we implement that feedback.

Chris Gomes: 28:57 Great, thank you for that. The other initiative that we're looking at following Workflows is Integrations. This is really exciting and we've heard from a lot of you about the power of Integrations and so what we are prioritizing first following Workflows is a way to make the actual assets that live outside of Comply, how to basically make them interact with Aptible Comply in a useful and smart way. This comes down to automating many of these Workflows, automating the creation of Workflows and automating the satisfaction of Workflows through integrations. An example of that would be, integrating with G-Suite and when a new employee is added there, the "Onboard" and the "Addition of a new employee." Workflows are automatically generated in Aptible Comply.

Chris Gomes: 29:55 Another example of that would be the ability to specify a configuration in Aptible Comply. For example, "Hey we have an SDLC policy that specifies how our repos should be configured that handles sensitive or confidential information." And by integrating with GitHub we can confirm those configurations and we can be bringing to your attention, only the things that require action like "hey, something... somebody changed a setting' like branch protection on a repo and it requires attention." And so we automatically generate that Workflow for you. Those are the integrations that we're prioritizing. The other type of integrations that are also coming soon, are basically integrations that allow you to conduct some of the mechanics of Workflows in other native systems, like your issue tracking system of choice, or even to be able to generate/trigger Workflows using slack. Those are basically integrations that make it a bit easier for people to conduct Workflows in their native systems.

Rob deJuana: 30:59 I mean this is really exciting and now you can probably see why both Chris and I are really excited about workflows because it's that first step and with everything to come, why we're just over the moon. It's making people's lives easier and we're the first people who use this so it makes our lives easier and we know from your feedback that's it going to make your lives easier and we're really excited about that. This helps people build trust and it makes it less of a chore and more of something that just is because you want to be secure, you want to be compliant, you want your customers to trust you and you want to trust your vendors. So this is huge for us.

Chris Gomes: 31:41 The other thing I'll say is we invited 10 customers to date. This is... we're not talking about the beta customers some of them are here and whose participation we absolutely appreciate and value but we've invited 10 customers to date in their production environments, to start using Workflows and they've already basically gone through and started using it and we're seeing really great traction with it already. We're excited, we've been circling up with everybody who did participate in the beta to basically revisit and get you started using Workflows in your production environment. We're already seeing great traction already and we invite everyone here who is interested to email success@aptible.com, let us know you're interested and then we'll get you started ASAP.

Rob deJuana: 32:30 Yeah, so we've talked about what's next and we're going to show you what's next in the next webinar. We're looking forward to showing you the progress that we've made towards that and what we've accomplished on August 29 at 1pm Eastern time. Just as a reminder as we move into the Q&A portion, anyone who's registered for this webinar will receive a recording of the webinar. You'll get a link in an email that will take you to the recording and it will also be available on our website so you don't have to worry about that you will be able to rewatch this or send it to wherever you need to.

Rob deJuana: 33:05 We've been getting some questions coming in. As a reminder, if you have any questions please go ahead and put them in the Q&A tool and we'll go ahead and answer them but I've got a few to start with here Chris. The first is, "Will I have to re-author my ISMS in order to use workflows?"

Chris Gomes: 33:29 Great question. You will not need to... the specific answer is you will not need to re-author content to use Workflows. The process is basically just ping your Customer Success Manager and we will handle taking your content and essentially reformatting it so that it fits this Workflows, flavor of the world and then we'll show it to you and we'll say "Hey, does this look good? Are you able to find all of your content? Does it make sense to you?" As soon as you give us a thumbs up, then and only then, will we swap it in for your existing security program. There's no additional work required on your part at all.

Rob deJuana: 34:13 Okay, thank you. The next question is, "How do notifications work in Comply? If I delegate a to do to a team member, how are they notified?"

Chris Gomes: 34:26 Right now the way that it works is the email digests that go out, and so at the beginning of every week there's an email that goes out to any assignee who has an open Workflow assigned to his or her team. If you're a member of the legal team you'll see the legal team Workflows that are open. If you're a member of the human resources team, you'll see any of those and so that's how today people are being notified. It's via email and then the Security Officer works the same way. There's just a weekly digest of "Hey, here are the things that are open and here are the things that breaks it out by overdue, do soon, or just upcoming."

Rob deJuana: 35:07 Okay. I have a question here, "Can multiple Comply users get that 30,000 foot view email? In our case, it would be useful for that to go to both Security and Privacy Officers?"

Chris Gomes: 35:25 That is a great question. Thank you, David. The short answer is you can, and basically the way you can do that is by having multiple... you can have that by having basically the email go to your security team as opposed to the Security Officer and then you can have as many people as you want on that security team. Specifically sending that email to the Privacy Officer instead of the Security Officer or the security team, that's something that we'll have to look into, if we can support that. It shouldn't be that difficult, so I'll follow up with you David about that particular question. But the short answer is, you can always shoot the email... you can have the email go to your security team as opposed to your Security Officer in which case multiple people will get it.

Rob deJuana: 36:15 Okay.

Rob deJuana: 36:16 I have a question here that says, "Will Comply workflows integrations work with security tools like JAMF or for Okta?"

Chris Gomes: 36:28 Those two tools are very high on our list of integrations and so essentially JAMF for devices, Okta for managing access and third party Information Systems. We're also looking at G-Suite for people, and we're looking at GitHub as basically a foothold to understand what are your proprietary information systems? So long story short, yes for JAMF and Okta.

Chris Gomes: 36:52 Those are high on our list. Essentially, like we said, the way that these would work is the... any kind of event that takes place in one of those systems that may necessitate compliance, action, whether something's created or updated or destroyed, like a new asset is added or a device goes away in JAMF, that would trigger a workflow in Aptible Comply. Similarly, if anything changes, like a configuration that you really care about, we would automatically look for that and we would notify you if there's action to be taken there.

Rob deJuana: 37:29 Cool. "Can someone check off items in a workflow as they are completed?"

Chris Gomes: 37:36 That's also a great question. On that operate view... let me just share my screen real quick. On that view like this... are you guys looking at sand dunes right now?

Rob deJuana: 37:52 No, we were seeing.

Chris Gomes: 37:54 Okay, cool. So basically these items over here, we are basically working on a feature that allows you to check off and see the progress of a Workflow so that for some of these bigger Workflows, somebody's likely not going to sit down and do all these things at once. To that question, you cannot do it yet with this initial release, but we're adding basically just checkboxes so that you can save the progress and save an intermediate state so you can say that it's still open and save it even before it's fully satisfied.

Rob deJuana: 38:29 Cool. We've got another one here, "Seems powerful. Is there an additional costs to the workflows functionality?"

Chris Gomes: 38:37 The cost is exactly zero American dollars. There's no additional costs for Comply Workflows. We see this as massively valuable and a core must have to really solving the problem of Security Management. Aptible Comply today does a great job of saying what should be, and this is the second piece of the puzzle of what is and what's going on and giving you a system to actually be able to conduct the workflows in the app and measure the Delta so that you know what requires actions. That's a core part of the value prop.

Rob deJuana: 39:11 Cool. "Can I add my own events and Workflows?"

Chris Gomes: 39:17 In the first iteration of Workflows we're basically pre populating all the Workflows that you need to care about. Depending on whatever protocol you subscribe to, those Workflows, for example, GDPR has a set of Workflows associated with basically data processing and so depending on whatever protocol you subscribe to, we give you all of the compliance related Workflows. I Like this next question that just came in. We give you all the compliance related Workflows that you need to care about.

Chris Gomes: 39:48 That said, if you're saying to yourself "Hey, there's a Workflow that I would love to have represented here." Let us know and we can talk to you about that and we can potentially add custom Workflows, but there's no way today to add those custom Workflows because basically we're giving you everything that you need to do for compliance and so you can rest assured that those are the Workflows that matter.

Rob deJuana: 40:11 I'm actually going to go for the one that just came in, "Can we pay you extra money for workflows if you want to?"

Chris Gomes: 40:21 You want to take that Rob or should I take it?

Rob deJuana: 40:24 I'll let you go on this one.

Chris Gomes: 40:29 I'm going to say yes, if you really want to. Although we're going to take that money and we're going to invest it in building just like an even better product. That's our bias.

Rob deJuana: 40:42 In all reality no, thank you. It's a value that we think is necessary. It's something that we think that everyone should have.

Rob deJuana: 40:53 So I've got another one for you Chris and then I think we're gonna have to wrap up because we're a little over our promised time already. "Can we store evidence? for example screenshots."

Chris Gomes: 41:09 Great question. Today, the Workflows don't allow you to attach evidence or point to evidence but that is something that we're highly interested in. As folks start digging in and using Workflows, we want to hear from you about what kind of evidence you're looking to capture, or if you're doing this in a different system where you had basically Jerry rigged some way of capturing evidence, we want to hear about that because we're highly interested in making that and basically allowing you to attach evidence whether it's a screenshot or at least add a comment that points out to some screenshot or some system external to Aptible Comply. We want to hear from you about that, today it's not supported.

Rob deJuana: 41:52 All right. So I know that we're getting... actually, we're past the time that we promised, we're about quarter to the hour. I want to thank you all for taking time out of your day to join us. We hope that you're as excited about Workflows as we are. Anyone, once again, who registered will get a link to the recorded webinar and a follow up email. If you'd like to get started on Workflows, please contact your Customer Success Manager or success@aptible.com and if you have any feedback or other questions or anything, you can either send it to Success or to Chris or myself, we'll make sure to get back to you. Once again, thank you. We hope to see you on our next webinar. Have a great day.

Chris Gomes: 42:41 Thanks everyone!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form. Please try again.