Continuous Monitoring Model
Traditional compliance relies on point-in-time checks before audits. DSALTA enables continuous monitoring:
Automated Tests: Run on regular schedules without manual intervention
Immediate Alerts: Notify when controls fail or drift from compliance
Historical Tracking: Show sustained compliance over time
Proactive Remediation: Fix issues as they arise, not months later
This shift from reactive to proactive compliance reduces audit stress and improves actual security.
Test Monitoring Dashboard
Access monitoring overview from Compliance > Tests:
Overall Pass Rate: Percentage of tests currently passing
Tests by Status: Count of passing, failing, and attention-needed tests
Recent Failures: Latest tests that moved from passing to failing
Trending: Controls improving or degrading over time
Test Frequencies
Different controls require different monitoring cadences:
Continuous/Hourly: Critical security controls (encryption, authentication)
Daily: Important operations (logging, backups, monitoring)
Weekly: Regular compliance checks (access permissions, configurations)
Monthly/Quarterly: Periodic reviews (access audits, vendor assessments)
DSALTA automatically schedules tests at appropriate frequencies based on control risk levels.
Alert Configuration
Configure notifications for test-related events:
Critical Failures: Immediate alerts for high-risk control failures
Status Changes: Notify when passing tests start failing
Manual Test Reminders: Alerts when periodic tests are due
Integration Issues: Warnings when connections prevent monitoring
Set alert preferences in account settings or per-test configurations.
Monitoring by Framework
View test status for specific frameworks:
Filter tests by SOC 2, ISO 27001, or other active certifications to see framework-specific compliance status.
This helps prioritize remediation based on upcoming audits or customer requirements.
Test Performance Metrics
Track key metrics for program improvement:
Mean Time to Detect (MTTD): How quickly failures are identified
Mean Time to Remediate (MTTR): How quickly issues are resolved
Test Coverage: Percentage of controls with active tests
Recurring Failures: Tests that fail repeatedly
False Positive Rate: Tests producing incorrect failures
Use these metrics to optimize your compliance program.
Integration Health Monitoring
Automated tests depend on healthy integrations:
Connection Status: Is integration active and authorized?
Last Sync: When did integration last collect data?
Error Rate: Are API calls succeeding?
Data Quality: Is the collected information complete?
Monitor integration health from the
Integrations page. Address connectivity issues immediately to maintain test coverage.
Responding to Test Drift
Controls can drift from compliance due to:
Configuration changes without compliance review
System updates are changing the default settings
Personnel changes affecting access or training
Process evolution without updating procedures
Continuous monitoring catches drift immediately rather than discovering it months later during audits.
Test Coverage Analysis
Ensure comprehensive monitoring:
Controls with Tests: Automated or manual verification in place
Controls without Tests: Gaps requiring attention
Test-to-Control Ratio: How many tests verify each control
Framework Coverage: Test coverage by certification
Identify and address monitoring gaps before audits.
Historical Test Data
DSALTA maintains a complete test history:
Trend Analysis: View pass rates over weeks and months
Pattern Recognition: Identify recurring issues or seasonal variations
Audit Evidence: Demonstrate sustained compliance, not just current status
Improvement Tracking: Show how the program matures over time
Historical data is crucial for Type II audits requiring evidence of continuous monitoring.
Manual Test Tracking
For tests requiring human verification:
Scheduled Tests: Calendar of upcoming manual verifications
Overdue Tests: Tests past their execution date
Completion Rate: Percentage of manual tests completed on time
Owner Performance: Track individual completion rates
Set reminders and monitor completion to ensure manual tests don't fall behind.
Maintaining Audit Readiness
Continuous monitoring enables perpetual audit readiness:
Always Current: Evidence is never more than hours old
No Scrambling: No last-minute evidence collection before audits
Confidence: Real-time visibility into compliance status
Historical Proof: Trend data proves sustained, not temporary, compliance
Test Optimization
Use monitoring data to improve efficiency:
High-Failure Tests: May need better implementation or testing logic
Never-Failing Tests: Consider reducing frequency
Redundant Tests: Multiple tests checking the same thing
Missing Coverage: Controls without adequate testing
Regular optimization maintains effective monitoring without unnecessary overhead.