Approval process

A typical requirement for securing any organisation, is the implementation of a formal approval process (eg access requests, new supplier, new software, ...). 

This page describes one of the ways you can do this with 

Start your free trial

As part of any process, you typically want one of the following elements:

1. An easy way for staff/suppliers to make new requests

2. A way for the responsible to be notified about the request

3. (optional) A formal approval by one or more stakeholders

Below we'll show you a typical setup of an Access request process with approvals

Step 1 - Create a new document type with approval workflow

Because everything in Brainframe can have its own document type, we are going to start by creating a custom document type that will be used for any new entry. This document type will be configured with two phases "Approval by Manager" and "Approval by CISO" in which the first phase of any new request can be assigned to different managers, while once it has been approved, the second phase notifies the CISO who then also approves to finalize the request.

Step 2 - Create the form

In this part we're going to create the actual form. For audit purposes you'll want all requests of a certain type to go in their dedicated folder (eg access requests, new supplier requests, ...) , where they will be time stamped and where you (in this case as the CISO) are notified about any new entry. 

In the following walkthrough you'll create a new folder to store all new requests, then upload a request Word template you want to use (you can also use simple text forms without Word files if you prefer), then you'll create the actual "Access request form", and test the approval by notifying the manager who needs to approve the first stage of the request.

Step 3 - Approvals

Below you'll first see the steps the manager needs to go through to approve the document (and how he is setting up his 2FA for the first time). The second part of the walkthrough shows how the CISO will approve the second phase (he already has his 2FA configured)

The whole version and its approval history can be shown on the document by clicking the dropdown: