Automated Tasks are now Automated Checks, making gap assessments of your infosec infrastructure more streamlined. This update improves visibility, control, and issue resolution, giving you a clearer view of what’s being monitored.

For each automated check, you can:

Assign an owner and track the status, category, and compliance controls for each standard.
View detailed descriptions of what’s being checked.
Use remediation guides to resolve any failed checks.
Use test data to see what we data we check for.
See historical data on passing checks
Deactivate resources that you want to put out of scope

Sources of automated checks

Our automated checks come from two main sources: External Checks and Secfix Checks, each with different behaviors and refresh mechanisms.

External Checks

These checks monitor external systems and integrations, such as cloud platforms, identity providers, and ticketing systems. They refresh automatically at set intervals to ensure your integrations comply with security best practices.

Example: A check that verifies if MFA (Multi-Factor Authentication) is enabled in your Google Workspace/Microsoft Office 365.

Secfix Checks

These checks assess internal system configurations, policies, and compliance requirements. Unlike External Checks, they don’t rely on external data sources and refresh automatically when changes are made within the app.

Example: A check that ensures all employees accepted assigned policies.

Active vs. Deactivated Checks

To make management easier, checks are now organized into two tabs:

Active Tab – Lists all running checks.
Deactivated Tab – Stores checks that have been turned off.

This separation provides better visibility into what’s actively being monitored.

Understanding Check Statuses

If a check passes

You’ll see a green status, meaning everything is fine.
Every check shows when it was last refreshed (daily, hourly, or weekly). This helps during audits since you can prove that checks are being updated regularly.
You can assign or edit owners to your checks by clicking on the pencil button.
Each check includes a description explaining what’s being monitored.
The logic and content of the check remains the same—we only notify you when a check fails.

If a check fails (needs attention)

Hover over yellow box with the results to see why the check is failing.
Click “Remediate” to go directly to the remediation guide with step-by-step instructions on how to fix it.
If you find that one or more failing resources should be taken out of scope - you can easily deactivate them using the eye crossed icon:

How to deactivate a check?

There are two tabs for Automated Checks: Active and Deactivated. If you decide a specific check is not applicable for your company, you can just deactivate it:

Find the check you want to deactivate and open it.
In the top right corner, click on the Deactivate button:
You will be prompted to provide a reason for deactivation. From there you can add a file attachment and/or a URL link to your documentation (optional).

All evidence added to a deactivated check will remain stored in the app. This will ensure you have all your compliance records centralized.

⚠️ If you decide to reactivate a deactivated check - all added attachments will be lost.

Refreshing automated checks

Most automated checks run on a daily or hourly basis, ensuring you get more up-to-date compliance insights.

Some cloud-related checks run weekly for performance optimization.
Last refreshed timestamp tells you when a check was last updated.
You can use manual refresh button for refreshing checks in real-time after making changes.

Check out Syncing intervals for more in-depth information.