Work items: Issues
It doesn’t matter what you call them—issues, findings, exceptions, non-conformities, deficiencies, or something else entirely—discovering a problem during your audit is one of the more alarming things that can happen to your organization. To pass the audit, issues need to be remediated. Because remediation can take several steps, progress visibility is vital.
Remediation can range from a quick fix to a multi-quarter project that needs to be tracked. At best, issues mean spending resources to fix a problem. At worst, they jeopardize a company’s entire future—losing a certification can mean not being able to do business at all. Because many organizations don’t discover issues until the audit is in progress, they are oftentimes left scrambling under severe pressure to implement a fix.
Because Hyperproof is a continuous compliance operations platform, issues can be discovered and addressed long before your enters its audit phase.
Working with issues
Issues can be created, tracked, and remediated on all major Hyperproof objects and modules: programs, controls, labels, audit requests, risks, and vendors.
Let’s say you notice an issue with a particular control in your SOC 2 program. As either an administrator or compliance manager, you can create an issue on the control and track the path to remediation. Issues work like other features in Hyperproof—they can be assigned to members of your team, linked to tasks, and linked to proof. An Activity Feed specific to the issue is also available so your team can collaborate without having to leave Hyperproof.
What's the difference between issues and risks?
In the past, some Hyperproof users used the Risk Register to track issues. The important distinction to make is that issues are a one-time event that can be resolved, while risks are meant to track threats to an organization over time. Essentially, risks should be used when there is no way to make a threat or problem go away entirely or when a problem cannot be resolved.