Skip to main content
The Actions page lists the work that turns each control into something you can assign, track, and prove. Every action states what to do, who owns it, when it is due, and how evidence should attach, including when a Source should fetch it for you. On the left navigation bar, expand Compliance and select Actions. Who can view, create, or change actions is set by role. See Compliance Permissions.
Left navigation: Compliance expanded, Actions selected
Need help with a step? Contact Iru Support.

How It Works

Iru creates actions from your frameworks’ controls (from AI setup, CSV, or migration). You can add or edit actions when something is missing. Action descriptions drive automation. When a description names a system and the type of evidence you need (for example “SSO policy from Okta”), integrations can pull the right artifacts from Sources and reduce manual uploads. If you connect or remove a Source, or publish or retire a policy artifact, Iru AI may recommend new control or action wording so descriptions still match your environment. You approve those edits in Adaptive Compliance; unapproved items stay as they are.

Capabilities

Create and Edit Actions

  • Actions are generated from framework controls.
  • Only Admin and Compliance Admin can manually create an action. Update and delete are available to Admin, Compliance Admin, Standard, Compliance Collaborator, Help Desk, and Secrets Auditor; Auditor, Compliance Auditor, and Iru Support cannot change actions. See the Actions table in Compliance Permissions.

Descriptions and Automation

  • The description tells the product what to collect and, when applicable, which Source to use.
  • Example: control “All employees must use MFA” → action “Collect MFA enforcement policy from identity provider” with a description that points at Okta, Microsoft Entra ID, or another connected system.
Spell out which system and what artifact you need in the description. Vague text makes automation and audits harder.

Assign, Comment, and Track

  • Owners complete the task and upload or confirm artifacts.
  • Assign an owner or delegate so responsibility is clear.
  • Use comments for questions, handoffs, or auditor notes.
  • The activity log records assignments, uploads, comments, and status changes. Compliance action events also appear on the tenant-wide Unified Activity.

Status and Validation

  • Actions move through statuses such as Not Started, In Progress, and Completed as evidence lands and validation passes (labels can vary slightly by screen).
  • When required artifacts are in place and valid, readiness for the related control updates.

Automated Collection

If a Source is on and the action description matches that system and evidence type, the product may attach artifacts without a manual upload. If nothing appears, check that the source is Active, the description is specific, and the integration has the right permissions. See Sources Management.