Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Add reminders to Controls for ongoing compliance #94

Open
Jamesw151619 opened this issue Oct 13, 2023 · 5 comments
Open

Feature Request: Add reminders to Controls for ongoing compliance #94

Jamesw151619 opened this issue Oct 13, 2023 · 5 comments
Labels
enhancement New feature or request hard

Comments

@Jamesw151619
Copy link

For our SOC 2, we have some controls that we do that are quarterly and some that are yearly. This is determined via our business policies.

It would be nice for the owner or operator to get a reminder email when they need to upload evidence that the control is still being satisfied.

I would assume that if the evidence is not uploaded, the control would get marked as incomplete so everyone can see it in the dashboard at a glance.
@bmarsh9
Copy link
Owner

bmarsh9 commented Oct 13, 2023

👍 This is a good use case for the background scheduler that is being added to the code. It can periodically check which controls are incomplete (e.g. missing evidence) and send a reminder.

"I would assume that if the evidence is not uploaded, the control would get marked as incomplete so everyone can see it in the dashboard at a glance." - That is correct. A control is not marked as complete until it is 100% implemented and evidence is attached.

@Jamesw151619
Copy link
Author

Unrelated question for you, in a specific project when i associate a policy to a control, is it possible to see this association in the controls tab of the project. specifically when a control is expanded, or viewed directly it would be nice to see. makes it easier to show auditors and microsmanagers who like to go down the list.

For us its also because we may have a policy that references multiple controls, and each of those controls may have a different owner. it would be nice for the owners to be able to see the policy that states how we meet that control. (so they know what document has the instructions/expectations) gives people new to the role an easier time getting acquanted with the expectations of them.

@bmarsh9
Copy link
Owner

bmarsh9 commented Oct 16, 2023

I don't believe you can view the association when looking at a singular control... but that would be very helpful. Would you mind creating another issue for this? @Jamesw151619

@bmarsh9 bmarsh9 added enhancement New feature or request hard labels Oct 16, 2023
@NoChargeForAwesomeness
Copy link

We are currently seeking a solution for our vCISO practice (CIS, NIST, ISO, SOC2, CMMC). This is the most sought-after feature lacking in most GRC platforms... at least the ones SMBs can afford!

@Jamesw151619
Copy link
Author

We are currently seeking a solution for our vCISO practice (CIS, NIST, ISO, SOC2, CMMC). This is the most sought-after feature lacking in most GRC platforms... at least the ones SMBs can afford!

1000% agree we would implement this and be willing to pay a few thousand bucks a year, starting tomorow if it had this and maybe 1 or 2 other features.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request hard
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bmarsh9 @Jamesw151619 @NoChargeForAwesomeness