InfoPol Logoinfopol
Sign In

Automation Overview

Understand how automations work and the business value they provide

Automation Overview

Automations transform manual, repetitive compliance work into reliable, scheduled workflows that run automatically.

What Automations Do

An automation is a scheduled workflow that automatically creates tasks at regular intervals. Think of it as setting a recurring reminder, but much more powerful:

  • Creates tasks automatically based on your schedule
  • Assigns tasks to the right people
  • Tracks completion and health over time
  • Sends reminders when tasks are due
  • Monitors effectiveness with health indicators

Why Use Automations

Save Time

Instead of manually creating "Monthly Control Review" tasks every month, set up one automation and it handles task creation for you automatically. Set it once, benefit for months or years.

Example: A monthly compliance review that takes 10 minutes to set up manually becomes 0 minutes per month with automation - saving 2 hours per year.

Improve Consistency

Automations ensure compliance activities happen on schedule, every time. No more forgetting quarterly reviews or annual assessments.

Example: Your ISO 27001 annual risk assessment automation ensures you never miss this critical compliance requirement.

Reduce Risk

Missing compliance deadlines can lead to audit findings, certification issues, or security gaps. Automations ensure work happens on time.

Example: An automation for quarterly access reviews helps maintain SOC 2 compliance by ensuring reviews happen every 90 days without fail.

Track Health

See at a glance which automations are working well and which need attention. Health indicators show task completion rates and identify potential issues.

Example: If an automation shows "warning" status, you know to investigate why tasks aren't being completed on time.

How Automations Work

1. Schedule Configuration

You define how often tasks should be created:

  • Weekly (e.g., "Every Monday")
  • Monthly (e.g., "First day of each month")
  • Quarterly (e.g., "Every 3 months on the 1st")
  • Custom intervals (e.g., "Every 6 months")

2. Advance Notice

Tasks are created in advance (typically 14 days before due) so your team has time to prepare and complete the work.

Example: For a monthly review due on the 1st, the task is created on the 17th of the previous month.

3. Task Creation

When the schedule triggers, the automation:

  1. Creates a new task
  2. Links it to the target entity (control, registry, risk, etc.)
  3. Assigns it based on your configuration
  4. Sets the due date based on the schedule

4. Health Monitoring

The system tracks:

  • How many tasks have been created
  • How many are completed
  • How many are overdue
  • Overall health status (healthy, warning, failing)

Types of Automation Workflows

Compliance Review Automations

Regular reviews of controls, policies, and procedures to ensure they remain effective and current.

Use when: You need recurring reviews of compliance controls, documentation, or processes.

Risk Assessment Automations

Scheduled reassessment of identified risks to track changes in likelihood, impact, or mitigation effectiveness.

Use when: Your risk management program requires regular risk reviews (typically quarterly or annual).

Asset Registry Updates

Periodic updates to asset inventories to ensure accuracy and completeness.

Use when: You maintain registries of assets, vendors, or other resources that need regular review.

Policy Review Automations

Annual or biennial reviews of policies and procedures to ensure they remain relevant and compliant.

Use when: Your governance framework requires periodic policy reviews.

Incident Follow-Up

Automated workflows for post-incident activities like lessons learned reviews or corrective action verification.

Use when: You need structured follow-up processes after security incidents or audit findings.

Automation vs. Manual Tasks

Use Automation When:

  • The task recurs on a regular schedule
  • The task is similar each time (review, update, check, etc.)
  • You want to ensure it never gets forgotten
  • You need to track completion over time

Use Manual Tasks When:

  • The task is one-time or irregular
  • The task is highly variable or complex
  • The task depends on external triggers
  • You need immediate action on something specific

Example of Automation: "Monthly review of access control lists" Example of Manual Task: "Implement MFA for new application X"

Templates vs. Custom Automations

Templates

Pre-configured automation workflows for common compliance scenarios. Your administrator sets these up with standard schedules and configurations.

Advantages:

  • Quick to implement
  • Based on compliance best practices
  • Consistent across your organization
  • Tested and proven

Use when: A template matches your compliance need

Custom Automations

Automations you configure from scratch with your own schedule, target, and settings.

Advantages:

  • Flexible - configure exactly what you need
  • Unique to your compliance program
  • Can address specific requirements

Use when: No template fits your specific need

Understanding the Business Value

Scenario: Quarterly SOC 2 Compliance Reviews

Without Automation:

  • Compliance manager must remember to create tasks every quarter
  • Risk of forgetting or delaying
  • Inconsistent timing (sometimes early, sometimes late)
  • No historical tracking of completion rates

With Automation:

  • Tasks created automatically every 90 days
  • Never miss a quarterly review
  • Consistent schedule ensures audit readiness
  • Health tracking shows compliance trends over time

Result: Reduced compliance risk, improved audit outcomes, less manual work

Next Steps