Neverfail Auditmation sets the foundation for Continuous Controls delivery. This phase centers on 3 intentional core steps (Discover, Design, Build) that enable compliance automation in any organization, regardless of source system mix.
Completed source system integrations (Bot builds) become part of Neverfail's Connector Library.
Identify controls and compliance objectives
IT controls and supporting systems are auto-ingested into the Continuous Controls platform to determine the number of test cases required. Maturation scores are assigned to source systems, based on their ability to be automated. This ultimately informs cost and design prioritization
Once the WIQ and Auditee onboarding has completed, you will need to provide Neverfail with the Github identity (Github profile email address). This will enable your access to the Terraform Files via a Github Repo, which precisely describe the set of virtual assets in AWS and Azure.
Bot Automation Deployment
Evidence collection, testing, and remediation
AWS or Azure test suite functions are made available as binary files in an Artifactory repository Neverfail provisioned. Committing and pushing will trigger Github Actions, which will deploy each function to AWS Lambda or Azure Function App. Deployed functions will perform a callback, notifying Neverfail about it being online, which will trigger CTAC tests to begin. Azure and/or AWS test suites runs will default to a daily frequency.
POC dashboard and user experience
After the test suites are created and configured to run on a daily schedule, your team lead will be provided access to the test run data via PowerBI dashboards. You can make changes to tested components and see exactly how those changes affect CTAC test results via the BI dashboards. In their AWS or Azure portals, they can also access Secrets, Key Vaults, bot configuration files, function logs, evidence, and evidence chain of custody records in their evidence repository.