During the deployment, WIQ will be used for automated remediation approvals. When a test fails, if an automated remediation bot exists, Continuous Controls will send an approval request to the team’s approval feature, such as a Slack channel. The request will provide details of the failed test and audited component, and enable users to approve or deny an automated remediation.
During the deployment, WIQ will also be used for manual remediation tasks. When a test fails, if no automated remediation bot exists, Continuous Controls will send a manual remediation task to the team’s task feature, such as Jira.
During the deployment, WIQ will be used to store and serve customer data. For example, during test evidence collection, Continuous Controls will call a customer’s collection bot to collect the evidence from the customer’s audited component. Inside the collection bot, WIQ writes the data inside the customer’s evidence repository, which is simply a WIQ team’s configured storage feature on an S3 bucket or Azure blob container. Though zero customer data is stored in the platform, evidence metadata is available in Continuous Controls to enable future requests for customer evidence via WIQ. During the assessment portion of a Control Test, Continuous Controls uses the metadata to identify the location of the evidence, then calls WIQ to securely access it.