Artefacts in MRP

In today’s fast-paced regulatory landscape, managing compliance requirements effectively requires processes and a supporting system that is intuitive and efficient. The new Artefacts module in the Morrisec Risk Platform (MRP) is designed with this exact purpose in mind. By centralising evidence and automating key processes, Artefacts empowers organisations to save time, reduce effort, and confidently prepare for and navigate audits and assessments.

Why Artefacts Are a Game-Changer

Centralised Proof of Compliance

Artefacts provide a central repository for all the evidence you required to demonstrate actual compliance. Certifying and complying to standards isn’t just about creating policies, process and controls. It requires implementation across the business. It requires education so personnel and stakeholders understand their obligations and roles. And controls need to be working and effective. Auditors and assessors will require proof, and the main way to show you have effectively implemented what you said you would, requires proof in the form of evidence, or what we call artefacts. MRP supports three types of artefacts:

• Documented Evidence: This includes files or documents such as vulnerability scan reports, meeting minutes, screenshots or configuration files.
• Interview Records: This captures details of interviews conducted to verify compliance, understand processes, or assess policy awareness among staff.
• Observations: For storing observations made during assessments or audits to provide additional context for compliance requirements.

This centralisation eliminates the chaos of scattered records and manual tracking, ensuring everything is organised and easily accessible when needed.

Like all files accessible through MRP, documents are not stored within the platform but are seamlessly linked to your existing document management system, such as SharePoint, Confluence, or another solution. This approach ensures your document management system remains your single source of truth, avoiding duplication and maintaining consistency.

Streamlined Audit Preparation

With Artefacts, organisations can transform their approach to audits. For any of us that have been on the receiving end of an audit or assessment, you understand the time investment involved. This includes the lead up to the audit, where you must ensure everything is in place ready for the auditor, including the compilation and collection of artefacts and documents ready for review. Then we have the audit itself. This can involve numerous long workshops where the auditors request to see documents and artefacts, walk through processes and discuss implementation details.

Ensuring all compliance tasks have been completed throughout the year has already been addressed in MRP’s Task Management module, where every task needed for all included compliance standards is already available in MRP so you never miss a requirement.

But with the new Artefacts module, you can now use the module as a checklist to ensure all required evidence is up to date. This allows you to:

• Identify and update outdated artefacts in advance.
• Link artefacts directly to controls, tasks and compliance requirements within MRP for a seamless audit trail.

The result? A stress-free audit preparation process that saves days of time and significantly reduces manual effort.

Built for Accountability and Transparency

Every artefact is tracked with:

• Creator details: See who uploaded or updated the artefact.
• Timestamps: Know exactly when the last changes were made.

This not only establishes a clear trail of accountability but also highlights which artefacts need updating before an audit or assessment and identifies the responsible parties. This can be used as a checklist to distribute the workload across teams and users, making compliance tasks more manageable and freeing up time to focus on higher-priority business objectives.

The Assess Once, Comply Many Advantage

One of MRP’s most powerful features is its assess once, comply many philosophy. Managing multiple compliance obligations can be overwhelming for small businesses, diverting teams from their core responsibilities. Artefacts play a critical role in enabling this streamlined approach:

• A Single Artefact, Multiple Standards: Artefacts can be linked to multiple compliance standards, eliminating duplication and reducing double-handling. For example, a vulnerability scan report can simultaneously satisfy requirements for PCI DSS and ISO/IEC 27001.
• Effortless Audit Preparation: When a PCI DSS QSA reviews your compliance, they’ll see the artefact linked to relevant PCI DSS requirements. Similarly, an ISO/IEC 27001 auditor will see the same artefact linked to the relevant ISO standards.
• One Update Only: When an artefact requires updating, you do it once, and the changes are automatically reflected across all linked standards.

This functionality not only saves significant time but also ensures consistency and accuracy across all compliance requirements.

By tying artefacts to MRP’s task management feature, organisations can track progress, ensure evidence is collected throughout the year, and eliminate last-minute scramble during assessments.

How Artefacts Enhance Collaboration with Auditors

Artefacts aren’t just for internal use—they also simplify the assessment process for auditors. One of the most time-consuming aspects of audits is providing documentation and artefacts to the auditor. Auditors request proof, and you need to locate and open the appropriate files.

MRP takes this challenge head-on, streamlining the process and significantly reducing the time investment for both you and your auditor. Here’s how:

• Direct Access to Linked Artefacts: Auditors can now review evidence quickly and efficiently. As you walk through your compliance standards, all artefacts are clearly visible and just one click away. Clicking the artefact opens the relevant file directly from your document management system, eliminating unnecessary back-and-forth.
• Preloaded Testing Procedures: PCI DSS requirements in MRP now include the expected testing procedures your QSA will use during assessments. This valuable information ensures you know exactly what is required, so you can be fully prepared with all artefacts in place. And with the success of this addition to our PCI DSS function in MRP, we are in the process of implementing this for all our standards!

To make the process even more efficient, you can grant auditors access to MRP directly. This enables them to:

• Navigate through your compliance requirements.
• Assess implementation details.
• Review associated artefacts.
• Build a customised list of outstanding questions for a single, streamlined workshop.

To simplify this access, MRP includes predefined roles such as the “External Auditor” role, which provides read-only access to the information they need. These roles are fully customisable, allowing you to limit access further if required.

The result? Faster assessments with less disruption to your business. By streamlining the audit process and reducing the auditor’s time investment, you may even benefit from reduced audit costs, as pricing is generally based on the time required to complete the assessment!”

Seeing is Believing

Artefacts in MRP redefines compliance management, offering a solution that is not only powerful but also practical. By centralising evidence, streamlining workflows, and automating updates, Artefacts allow you to focus on what truly matters: achieving your organisation’s strategic objectives!

Ready to experience the Artefacts module in action? Request a demo today!