Configuring compliance

Compliance ensures that artifact owners provide the information required for security, privacy, and governance.
Admins define the rules, forms, conditions, and approval logic for each artifact category.

Compliance form builder

Impliancy provides a dynamic form builder where admins can:

• Add fields (text, number, boolean, dropdown, etc.). See Compliance Forms for more details
• Create dependencies and conditional fields
• Customize forms for:
  • Environments
  • Power Apps
  • Cloud flows
  • Desktop flows
  • Bots

Each category can have a different structure.

How to create a form

You can easily create your own form by clicking on Compliance Management in the navigation. Let's create an example form together that contains two, or three questions:

• Business Criticality (a select box with two options)
  • Business Critical
  • Not business critical
• Mitigation Plan (only if Business Criticality is set to Business Critical)
• How many users are using this app?

If the user selects Not business critical, he will be presented with only two questions. Otherwise, three.

Example Form

1. Click on Add form on the top right
2. Add name and a description (optional), then click on Edit form
3. You can group blocks of questions together with the Fields group container. Drag & drop the Fields group container onto the Design panel
4. Click onto the dragged element until a form on the right hand side appears (Selected item).
5. Click inside the key field and set it to businessCriticalityGroup and click on Save changes
6. Drag & drop the Row container inside the existing businessCriticality (Fields group)-container and select it
7. On the right hand side, click inside the Key field and set it to row1 and click on Save changes
8. Now, drag the form input Select inside the row you've added
9. Click inside the Key field and set it to businessCriticalitySelect
10. Click inside the Label field and set it to Business Criticality
11. Click on Add new entry and create two records. Set the first record's Value to businessCritical and the Text to Business Critical. The second record's Value to notBusinessCritical and the Text to Not business critical
12. Under Expressions (Advanced), under Required set the field to Always and click on Save changes
13. Drag & drop a new Row container inside the existing businessCriticality (Fields group)-container and select it
14. On the right hand side, click inside the Key field and set it to row2 and click on Save changes
15. Drag the form input File inside the row you've added and select it
16. On the right hand side, click inside the Key field and set it to mitigationPlan
17. Click inside the Label field and set it to Mitigation Plan
18. Under Expressions (Advanced), under Required set the value Only if, then Add new entry and on the Value left operand set it to the value you've set as key from the business criticality field. However, you need to add the whole path. Since the field is inside a row and the row inside a field group, we would need to add businessCriticalityGroup.row1.businessCriticalitySelect. The operator can be set to Equals and the Value right operand to businessCritical (since this the key of an option we've set in the select field)
19. Repeat step 18, but do the same under Hidden and instead of the Setting being Only if, set it to Only if not and click on Save changes

Almost there, grab a gummy bear. Hint: If you don't have gummy bears, chocolate does the trick as well

21. Repeat steps 3-7, but instead of businessCriticality, set it to sharing and make sure the new fields group is below the first one you've created
22. Drag the form input Input inside the new row you've added and select it
23. Click inside the Key field and set it to sharedUsers
24. Click inside the Label field and set it to How many users are using this app?
25. Click inside the Placeholder field, set it to 10 and click on Save changes
26. Click on Save on the bottom right of the form

Now, if you'd like to activate a manual compliance check by an admin (for example, when Business Criticality is set to Business Critical), then following the next steps, otherwise, jump to step 29

27. Select Add new entry under Conditions
28. Set the Value left operand to the value you've set as key from the business criticality field. Again with the whole path, which is businessCriticalityGroup.businessCriticalityRow.businessCriticality. The operator can be set to Equals and the Value right operand to businessCritical
29. Click on Create form

Congratulations! You've just created your first form. Now, when the user fills out a compliance form and selects 'Business Critical', he needs to upload a mitigation plan as well.

You can download the created example form here, if you like. Or, if you'd like to have a more complex form, here's another example.

Approval types

Auto approval

The system automatically approves a submission if the owner’s answers match predefined criteria.
Useful for low-risk scenarios.

Manual approval

An admin must review and approve the submission.
Required for high-risk or business-critical artifacts.

In the overview table of each artifact, you can easily spot the artifacts which are pending review:

By clicking on the on the eye icon (), then Compliance, you'll see the filled out form by the owner/deputy. After carefully reviewing it, you can approve it by clicking on Manually approve:

Validity period

Approved compliance forms remain valid for 180 days.
After that, the owner must submit a new form.

Impliancy will:

• Notify owners when renewal is needed
• Mark artifacts as non-compliant when the form expires

Compliance lifecycle

1. Admin defines form and approval rules
2. Owner or deputy completes the form
3. Auto or manual approval
4. Artifact remains compliant for 180 days
5. Renewal requested automatically