Skip to main content
Skip table of contents

Using Compliance Tasks

Overview

Compliance Tasks enables organizations to keep track of important security activities, document actions taken, and attach evidence. Users can set due dates for tasks, documents any notes, attach related files or evidence and set email reminders and receive notifications as due dates approach.

What Is a Compliance Task?

A Compliance Task is a security event, administrative task, or review that the organization must complete on a regular interval. These activities are usually connected to at least one or more compliance framework controls.

Here are a few examples of Compliance Tasks: 

Compliance Task

Related Policy

Compliance Requirement

Perform a Risk Assessment

Risk Management Policy

SOC 2

CC3.1 - COSO Principle 6: The entity specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives.

HIPAA

164.308(a)(1)(ii)(B) Risk Management

Review IAM Users and Roles

System Access Policy

SOC 2

CC6.3 - The entity authorizes, modifies, or removes access to data, software, functions, and other protected information assets based on roles

HIPAA

164.312(a)(1) Access Control

164.312(a)(2)(i) Unique User Identification

Review Audit Logs

Auditing Policy

SOC 2

CC7.2 - The entity monitors system components and the operation of those components for anomalies..

HIPAA

164.308(a)(5)(ii)(C) Log-in Monitoring

Test the Incident Response Plan

Incident Response Plan

SOC 2

CC7.4 - The entity responds to identified security incidents by executing a defined incident response program..

HIPAA

164.308(a)(6)(i) Security Incident Procedures

In order for an organization to maintain administrative standards and compliance requirements, security tasks should be tracked and conducted on a regular basis. These security tasks are typically defined as part of your Dash policies or security program. Dash Compliance Tasks enables your team to track these security or compliance activities and document your evidence and results.

Users can use Dash Compliance Tasks to:

  • Adopt Prebuilt Dash Tasksets - To create a set of ongoing tasks designed for meeting requirements and tracking evidence for specific compliance framework (HIPAA, SOC 2, etc)

  • Create Custom Tasks - To track one-time or recurring security and compliance tasks, and

Create A Compliance Taskset

In order to create a Compliance Task, you team can take the following steps

  1. Login to Dash ComplyOps

  2. In the left sidebar → Go to “Compliance Task” page

  3. Click the “Create New Task/Taskset” button

  1. You will be presented with a modal and options for creating a new task or a new task set

  1. Dash ComplyOps provide the following prebuilt tasksets to jumpstart your compliance processes

    1. Baseline Security - Security tasks recommended for ALL users and security programs

    2. HIPAA/HITECH - Specific tasks and administrative requirements for HIPAA/HITECH compliance

    3. SOC 2 - Specific tasks and administrative requirements for SOC 2 Type 1/Type 2 preparation

    4. GDPR - Specific tasks for administrative requirements for GDPR compliance

    5. We recommend enable tasksets as a baseline set of security tasks and then customizing and adding your own tasks to your Dash security program.

  1. Click the “View Suggested Tasks” button to preview tasks for creation.

  1. Check/uncheck all tasks that you would like to create.

    1. The page lists all Compliance Tasks recommended for meeting security objective/compliance standard as well as the priority and frequency of these tasks.

    2. Most of these options can be customized after the task creation

  1. Scroll to the bottom and click the “Create Tasks” button.

    1. You will see all of the new tasks in your Active Tasks list.

    2. Note: If you “Create Tasks” for the same taskset multiple times you will see duplicates of the same tasks. So it is recommended that teams only implement up to 1 of each taskset.

Creating Compliance Tasks

In order to create a Compliance Task, you team can take the following steps

  1. Login to Dash ComplyOps

  2. In the left sidebar → Go to “Compliance Task” page

  3. Click the “Create New Task/Taskset” button

  1. You will be presented with a modal and options for creating a new task or a new task set

    1. Click the “Create Task” button

  1. You will be prompted to define the following options when creating a Task:

    1. Task Name - The name of the Compliance Task to be completed. Your team may consider creating Tasks to perform security tasks, cloud operations or perform administrate tasks.

      • For Example – “Perform security assessment” or “Review role responsible for ABC”, or “Review Logs ABC”

    2. Task Description - A general description of the Compliance Task.

      • For Example - “Review and update all documents related to…..”, “Review all users and roles in AWS IAM…”

    3. Tags - Tags used for better organizing and seeing related issues.

      1. You may consider adding tags related to category such as “Audit Logs”, etc

    4. Priority - The priority related to a specific Task

      1. The task priority can be set as Low, Medium, High or Critical.

    5. Assignment - The Dash User assigned to this Task.

      • A user should be assigned in order to receive email notifications related to this Task.

    6. Due Date - The “Due Date” for the Task you are creating.

    7. Frequency - How frequently this task will occur.

      • Your can set Compliance Tasks to occur one-time or on a recurring basis - repeating Weekly, Monthly, Quarterly, or Annually.

    8. Reminder - The Dash policy related to this Task.

      • Emails Reminders will be sent to the email of the user who is “Assigned” to the Task.

      • If a user is not assigned to the Task, the reminder will be sent to the Task creator.

  1. Once you have entered all relevant information, click “Create Task”

  2. You will see the new task in your Active Tasks list.

Viewing Compliance Tasks

After creating Tasks, teams can view all scheduled tasks and track and document actions taken in the Compliance Tasks view.

You can view all Compliance Tasks by navigating to Policy Center > Compliance Tasks.

  • Active Tasks - View all “Active” Compliance Tasks.

  • Completed Tasks - View all “Complete” Tasks, including tasks marked as complete.

  • Archived Tasks - View all “Archived” or “Removed” tasks

  • Create New Task - New tasks can be created by click on this button.

Tasks are ordered with all the overdue activities at the top, with most overdue first. The upcoming activities are sorted with soonest due Tasks first.

Managing Individual Compliance Tasks

From the Compliance Tasks page, you can click on an individual Tasks to view, edit, document, and complete tasks. Individual Compliance Task Pages will look like this:

Editing and Completing Tasks

The Individual Compliance Tasks page provides options for managing the Task:

  • Archive - Remove the task from the Active Tasks list.

    • The task will be “Archived”, moved to the Completed Tasks list and become un-editable, evidence will be unable to be changed.

  • Edit - Show options for editing Task information such as Assigned User, Description, Frequency (Schedule), Reminders, etc.

  • Mark as Completed - Mark the Task as “Complete.

    • The task will be marked as “Complete”, moved to the Completed Tasks list and become un-editable, evidence will be unable to be changed.

    • If the task is recurring, a new task will show in the Active Tasks list for the next date.

Documentation & Task Timeline

Dash provides options for attaching specific documentation and evidence at the bottom of each individual task. Users have the following options for Task Documentation and Evidence:

Some fields may be more or less applicable to specific Tasks.

  • Note - Any notes related to this Task or processes.

  • Findings - Any security findings found during the task

  • Actions - Actions taken to complete tasks

  • Resolutions - Steps taken to resolve security findings

As documentation is added, it will show on the Task History section:

  • This allows your team to keep a log of communication and keep evidence of actions taken

File Upload & Evidence

Documentation, reviews, and audit files may be uploaded and stored as evidence

Teams may carefully document activities related to tasks and collect evidence in order to be better prepared for security evaluation and audits.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.