You are here:
IT Compliance Issue Lifecycle
Follow how a compliance issue moves from discovery to closure, showing how issue owners, resolvers, and SLA enforcement work together to track and remediate compliance gaps.
Required Editions
| Available in: Lightning Experience |
| Available in: Enterprise, Performance, and Unlimited Editions with Agentforce IT Service. |
The End-to-End Workflow: A Security Audit Example
Follow the lifecycle of a compliance issue to see how status transitions, SLA enforcement, and role-based ownership work together.
Discovery and Logging
A quarterly audit reveals that production servers are using an outdated encryption protocol that violates PCI-DSS requirements. The security analyst creates a Compliance Issue with High severity, assigns an issue owner, and attaches the audit report. The SLA timer starts as soon as the issue is created with the defined severity.
Planning and Assignment
The issue owner assigns a resolver and creates an action plan with remediation tasks, such as updating server configurations and running validation scans. When work begins, the resolver updates the issue status to Remediation in Progress. For high-severity issues, the resolver typically has 7 days to complete remediation.
Execution and Documentation
The resolver works through each task, updating configurations and uploading supporting files such as configuration files and scan results. When all tasks are complete, the resolver moves the issue to Review status, signaling that remediation is ready for validation.
Validation and Closure
The issue owner reviews the completed tasks and supporting files. If the fix meets compliance requirements, the owner sets the status to Closed. If the supporting files are incomplete, the owner moves the issue back to Remediation in Progress with a comment explaining what additional work is needed.
SLA Enforcement and Escalation
The SLA policy tracks time spent in each milestone. If the issue approaches its resolution deadline, milestone actions trigger based on your configuration—for example, an email is sent or a task is created. This ensures at-risk issues receive attention before they breach.
Audit Trail and Reporting
A closed Compliance Issue retains its full action plan, supporting files, and status history. This creates a complete audit trail showing what was found, who fixed it, what supporting files prove the fix, and when the issue was closed. This traceable workflow satisfies regulatory requirements and simplifies compliance reporting.
