Skip to main content

About Actions Management

The Actions page is where controls become concrete, trackable work. Each action describes what needs to be done, who owns it, and when it must be completed. Actions are also the key link between compliance requirements and evidence: they define how artifacts are attached, validated, and sometimes even auto-collected from connected systems. The actions dashboard is designed to remove ambiguity by showing each user only the actions that matter to them, while still giving admins visibility across the whole program.

How It Works

Actions management provides a structured approach to compliance work by breaking down framework requirements into specific, assignable tasks. The system automatically generates actions based on your selected compliance frameworks, but you can also create custom actions to address specific organizational needs. The platform uses action descriptions to drive automation, allowing integrations to automatically collect relevant evidence from connected systems. This reduces manual work while ensuring broad coverage of compliance requirements.

Actions Management Capabilities

Action Creation

  • Actions are generated by AI based on the controls of a framework
  • Actions can also be manually added at any time
  • Admins can customize actions or create them manually
  • If controls are imported (via CSV or migration), actions can also be created from those

Description-Driven Automation

  • The action description is more than text: it provides context and rules that guide the platform
  • When an action relates to evidence from a specific system (e.g., SSO configuration or HRIS records), the description informs the platform what artifact to look for and how to pull it
  • This allows integrations to collect the correct artifacts automatically, reducing manual uploads
Example:
  • Control: “All employees must use MFA”
  • Action: “Collect MFA enforcement policy from Identity Provider”
  • Description tells the system which connected source (Okta, Azure AD, etc.) to query for the artifact
Action descriptions are key to successful automation. Make sure they clearly specify which system to query and what type of evidence to collect.

Execution & Collaboration

  • Users review the description, complete the task, and upload or verify artifacts
  • Each action can be assigned to an owner or delegated to another responsible user, ensuring accountability
  • Comments allow collaboration (asking for clarification, tagging teammates, or leaving notes for auditors)
  • An activity log records all changes: assignment updates, artifact uploads, comments, and status changes

Completion & Validation

  • Once artifacts are attached, the system validates their relevance
  • If the action is satisfied, it contributes to marking the associated control as “Ready”