Skip to main content
These workflows show how frameworks, controls, actions, and artifacts connect in Iru Compliance, from choosing a standard through evidence collection and readiness.
Need help with a step? Contact Iru Support.

How It Works

You select frameworks, refine controls and actions, attach evidence (manually or from Sources), and track readiness in framework and action views. Integrations can attach evidence automatically when they are connected and action descriptions name the system and evidence type clearly. As integrations and policy artifacts change, Adaptive Compliance can propose updates to control and action text. You review each recommendation and approve only the changes you want; audit periods and uploaded evidence are not changed by that workflow.

Core Workflow: From Framework to Compliance

Framework Setup

1

Navigate to the Account Menu Button

In the sidebar, click the Account Menu Button (same flow as Recommended setup in Getting Started With Compliance).
2

Open Organization profile

Select Organization to open Organization profile. Iru may also prompt for this during framework setup.
Account menu with Organization option highlighted
3

Enter edit mode

On Organization profile, click Edit at the top right.
4

Complete your company details

Fill in the fields that apply. For example: company logo, company name, business description, industry, business type, company size, company language, whether you have an IT department, and security team size. Keep this information current as your environment changes.
5

Save your changes

Click Save changes.
6

Navigate to Frameworks

On the left navigation bar, expand Compliance and select Frameworks.
Left navigation: Compliance expanded, Frameworks selected
7

Add a framework and starting point

Click Add framework, choose a standard, then complete Select your [framework] starting point (generate, migrate, CSV, or manual). See Frameworks Management.
Frameworks page with Add framework, framework cards, audit period, and controls
8

Refine controls and actions

Review and edit generated or imported controls and actions as needed.

Control Management

1

Review controls

Open each framework and review generated or imported controls.
2

Customize controls

Edit wording, add controls, or remove items so they match how your organization operates. When Sources or policy artifacts change later, check HomeInsights or Review Control Updates on a framework for Iru AI recommendations. See Adaptive Compliance.
3

Map and validate

Confirm each control still maps to the right framework requirement and that owners and evidence expectations are clear.

Action Execution

1

Assign actions

Assign actions to owners and set due dates.
2

Review descriptions

Owners read the action text and confirm what evidence is required.
3

Collect evidence

Upload artifacts or let connected Sources attach them when descriptions and permissions allow.
4

Collaborate

Use comments and delegation when work needs to move between people.
5

Track progress

Watch status and deadlines on the Actions views and framework readiness.

Evidence Management

1

Upload artifacts

Add files from Artifacts or from an action or control when the UI offers an upload.
2

Use sources

Connect Sources so integrations can attach artifacts when action text and permissions align.
3

Validate and link

Let validation run where the product supports it, then confirm artifacts sit on the right actions and controls.
4

Review for audits

Before an audit window, spot-check that required evidence is present and current.

Readiness Assessment

1

Monitor progress

Use framework and action views to see what is still open.
2

Close gaps

Fix missing actions, weak evidence, or failed validation before you report readiness.
3

Report status

Export or summarize status for stakeholders using the reports your tenant provides.

Integration Workflows

Automated Evidence Collection

1

Connect sources

Expand Compliance, select Sources, and turn on the toggle for each integration. See Sources Management for connector guides.
Left navigation: Compliance expanded, Sources selected
2

Write actionable descriptions

In each action, name the system and evidence type so connectors know what to fetch (see Actions Management).
3

Let sources sync

Sources refresh on a schedule; status and last sync appear on each source card. New, updated, or removed connections can prompt control update recommendations within about a day. See Adaptive Compliance.
4

Validate and confirm

Review attached artifacts and validation results on the action or control.

Manual Evidence Upload

1

Choose files

Pick policies, exports, screenshots, or other files that satisfy the action or control.
2

Upload on Artifacts or the action

Add titles and descriptions when prompted, then upload (see Artifacts Management).
3

Confirm validation

Address any failed validation or replace files that are out of date.

Collaboration Workflows

Team Coordination

1

Assign and delegate

Give actions to owners; reassign or delegate when responsibility shifts.
2

Use comments and activity

Use comments for questions and the activity log to see what changed. For a tenant-wide view of compliance activity, see Unified Activity.
3

Watch deadlines

Track due dates and notifications so work does not stall.

Audit Preparation

1

Compile evidence

Confirm each required control has supporting artifacts in Iru.
2

Fix gaps

Upload missing files, fix failed validation, or adjust actions before the audit.
3

Package for reviewers

Export or hand off bundles your auditor expects (reports, folders, or Trust Center links, depending on your process).