DEPLOYMENT

ENGAGEMENT BLUEPRINT

The Continuous Controls Deployment:
Your Path to Real-Time Compliance

Neverfail Continuous Controls (NFCC) introduces the first Robotic Process Automation (RPA) platform that delivers constant, autonomous IT compliance and risk reduction, by automating evidence collection, control testing, and remediation, through a single integrated toolset.

Deployment
Orientation

Sandbox Deployment

Sandbox Analytics

Commercial Proposal

Production Readiness

Auditmation Prioritization

Auditmation Process

Production Deployment

Auditmation Reviews

Deployment Orientation

Preparing for your deployment

The NFCC Orientation session outlines the end-to-end process covered during the Continuous Controls 90-Day Engagement Blueprint. This kickoff brings together all of the appropriate stakeholders from our team and yours to ensure alignment, set expectations, and agree to the timeline and milestones, and identify any potential blockers.

Orientation Objectives & Deliverables

  • Defined weekly cadence for team interaction

  • Dedicated Slack channel for ongoing, real-time communication and support

  • Agreed timelines

  • Agreed milestones and key success indicators

  • Identification of any project blockers and necessary remediation efforts

  • A confirmed date for Sandbox deployment

Sandbox Deployment (Phase 1)

Standing up the Continuous Controls solution

The Continuous Controls sandbox deployment activates a test environment with a fully deployed virtual infrastructure, Connectors, Control Test Cases, Robotic Process Automation bots, and a Power BI dashboard. This initial deployment phase delivers a deep understanding of how the Continuous Controls platform and deployed bots interact with your infrastructure and creates a standard operating procedure for our work together.

Sandbox Deployment Deliverables

  • Control testing lifecycle and methodology

  • How evidence, testing, and remediation bots work

  • Manual and automated failed test remediation

  • AWS and Azure end-to-end interactive Control Test Suite

  • Evidence assessment and review walkthrough

  • Workflow IQ tasks, approval requests, and storage usage

  • Power BI control testing dashboard and reporting

  • A sandbox system to test each automation and ensure ongoing compliance

Sandbox Analytics

The value of real-time, machine validated data

Key engagement stakeholders convene for a comprehensive post Sandbox deployment review of the critical outcome-based data and associated value, powered by the Continuous Controls BI Dashboard.  This serves as the foundation for setting critical risk management priorities and compliance objectives.

Note:  In order to extract the full value of the deployment, every deployed control test must be completed in full, in order to produce the necessary data required to drive this discussion.

Value Measurements

  • Time and cost savings

  • Real-time compliance posture

  • Time-phased control effectiveness

  • Auditmation progress towards compliance objectives

Commercial Proposal

Formal project scoping and costing exercise

Scoping begins with determining your initial control coverage priorities and desired automation path. This could be anything from automating every IT control or only 20 critical controls, to focusing on FedRAMP or other framework requirements. This could be going "wide" across evidence collection or "deeper" with testing and remediation for a targeted set of controls. Once initial objectives have been agreed, Neverfail will provide a Draft Proposal for discussion and confirmation prior to delivering the Final Proposal for execution.

Scope Dependencies

  • # of Source Systems and Connector Classification

  • # of Frameworks

  • # of Audited Products or Services

  • # Bots

Production Readiness

Transitioning into the production environment

With a successful Sandbox installation in place and Continuous Controls validated in your environment, you are now ready to begin transferring to a live production environment. This phase includes Delivery Prioritization, Auditmation and the enablement of automated Evidence, Testing, and Remediation (where applicable) into production.

Client Success Factors

  • Ingestion of company policies and controls

  • Source system inventory and mapping

  • Auditor IRL (where available)

  • Agreeing to a defined Statement of Work

Auditmation Prioritization

Assigning priority and determining the order of automation

Rome was not built in a day, and fully automating audit and compliance is much the same. In order to align delivery with maximum value to your business, Prioritization becomes a critical activity, early and often. Whether you are working with a 3rdparty advisor, an Enterprise Risk Management platform, or a demanding executive team or board, priority inputs can be accommodated from any number of sources.

Prioritization Deliverables

  • Stakeholder agreed prioritization of critical controls

  • An agreed order of priority for Connector and BOT development and/or deployment

  • Agreement on coverage and frequency

Auditmation Process

Discover, design, and build through the Compliance Bridge

Through our Compliance Bridge, engaged organizations are enabled for the Continuous Controls launch through a series of automation building initiatives.  Required connectors and BOTs are designed, built and prepared for production launch based on client prioritization. Compliance Bridge enables any organization to onboard and connect to Continuous Controls, with or without a supported GRC platform in place.

Enabling Automation in 3 Easy Steps

  • Discover - IT controls and supporting systems are ingested, mapped, and scored to determine automation requirements

  • Design - Prioritized controls are mapped to a template library of established auditor requirements

  • Build - Bot and connectors are built, tested, and pushed to the production environment

Production Deployment

Installing into the production environment

With Connectors and BOTs built, the next step is delivery into a customer GitHUB installation in order to go live with automated Evidence, Testing, and Remediation (where applicable) within the production environment. As the first step of any implementation, Evidence connectors and BOTs are deployed first, prior to any Control Test and Remediation implementation. Initial deployment occurs into the Sandbox environment for client testing, to ensure change management and segregation of duties controls are intact.

Deployment Deliverables

  • Final standup of the sandbox environment to ensure ongoing compliance in delivery

  • Secure, compliant delivery into the client-controlled environment and security protocols

  • Self-implemented Connectors and BOTs, generally within 5 minutes or less

  • Integration into source systems and RPS BOTs deployed for automated compliance

Quarterly Auditmation Reviews (QARs)

Ensuring success against ever-changing compliance demand

The Continuous Controls journey does not end at deployment. Rather, it is only the beginning. With technology and compliance changing at neck-breaking speed, compliance demand grows and changes sometimes daily. Continuous Controls not only automates compliance within your business and supply chain, it ensures your business is protected against ongoing change as well. Our Quarterly Auditmation reviews account for your next phase of Auditmation growth as well as change management to ensure your business is always protected.

Controlling the Chaos

  • Ensure visibility to machine truth for your board, executive team, and customers

  • Stay ahead of the pace of change through ongoing planning and automation delivery

  • Pivot automation requirements and priority as your business requires

  • Drive further into compliance automation at your own pace

TOP