AUDITMATION

Auditmation Engagement

Neverfail Auditmation sets the foundation for Continuous Controls delivery. This phase centers on 3 intentional core steps (Discover, Design, Build) that enable compliance automation in any organization, regardless of source system mix.

Completed source system integrations (Bot builds) become part of Neverfail's Connector Library.

Discover

Design

Build

Connector Library

Discover

Identify controls and compliance objectives

IT controls and supporting systems are auto-ingested into the Continuous Controls platform to determine the number of test cases required. Maturation scores are assigned to source systems, based on their ability to be automated.  This ultimately informs cost and design prioritization

  • Ingest controls
  • Map to source systems
  • Required test cases
  • Identify automation reach

Design

Auditmation blueprint development

Once the WIQ and Auditee onboarding has completed, you will need to provide Neverfail with the Github identity (Github profile email address). This will enable your access to the Terraform Files via a Github Repo, which precisely describe the set of virtual assets in AWS and Azure.

Bot Automation Deployment

Evidence collection, testing, and remediation

AWS or Azure test suite functions are made available as binary files in an Artifactory repository Neverfail provisioned. Committing and pushing will trigger Github Actions, which will deploy each function to AWS Lambda or Azure Function App. Deployed functions will perform a callback, notifying Neverfail about it being online, which will trigger CTAC tests to begin. Azure and/or AWS test suites runs will default to a daily frequency.

PowerBI Deployment

POC dashboard and user experience

After the test suites are created and configured to run on a daily schedule, your team lead will be provided access to the test run data via PowerBI dashboards. You can make changes to tested components and see exactly how those changes affect CTAC test results via the BI dashboards. In their AWS or Azure portals, they can also access Secrets, Key Vaults, bot configuration files, function logs, evidence, and evidence chain of custody records in their evidence repository.
TOP