In-app audit finding tracker
Amir El Sayed
Tracking audit findings in an Excel sheet feels disconnected - I would like to be able to do this directly within Secfix.
Created by Lucas Backes
Max Vogt
Similar feedback from Katrien De Wolf - It would be great to have a centralized Non-Conformities Tracker directly in Secfix, instead of managing findings across Jira, Google Drive, and Confluence. This would let us track audit findings, assign responsibilities, attach evidence, and monitor remediation progress all in one place. It would make audit preparation much easier and keep everything related to compliance consolidated within the platform.
Max Vogt
Similar feedback from Sander A. - Having a NC tracker within the platform would be a very useful feature rather than documenting this on an Excel Sheet or creating a separate space in a task Management tool to track these findings.
A
Alper
That's great idea Amir!
This should not only be for external audit, I think it should also be for the findings of internal audit or pentest.
Grigory Emelianov
hey everyone, thanks for your feedback! I think it's a great idea to track the findings on Secfix and to be able to show their resolution during surveillance audits!
@Julian Handl Paulo So. Martin Trachsel Alper Martin Amir
2 quick questions for you:
- Where are you saving your findings at the moment?
- On which page would you expect to see such a tracker on Secfix?
Julian Handl
Grigory Emelianov Good idea! We are currently doing that in the Risk Register (using comment section for Root Cause Analysis and Treatment Tasks of course) as well as in our own MS Planner to keep everyone up2date. I think that would be important enough to have it's own page instead of being part of a different section, but just my opinion :)
Grigory Emelianov
Awesome! thanks for the prompt feedback! We are planning a new quarter and could review this.
Usually, auditors expect auditees to add their findings as risks, you are doing it well! But I also understand it would give you some closure to close them individually ;)
At the moment there is no audit-related page on Secfix, but maybe it could become a part of something bigger for all-things audit :)
A
Alper
Grigory Emelianov
I think this would be a great enhancement for all parties using the Secfix platform.
Users can have a trackin module where they can make root cause analysis, correction and corrective action definitions of nonconformities that arise as a result of the audit. (CAP - Corrective Action Process)
NCN closure evidence should also be added to this field.
This way, auditors can also verify audit findings before the audit each year.
Martin Trachsel
@Alper: Sounds good for me as well!
Amir El Sayed
Grigory Emelianov Nothing to add to Alpers suggestion. Currently we are tracking our findings in Notion, which allows everyone to see what happened and link treatment tasks and responsibilities.