Step 9 of 10

Rule Engine

Automate risk identification and workflows with conditional rules.

What is the Rule Engine?

The Rule Engine allows you to automate actions based on assessment responses. Define conditions (IF) and actions (THEN) to streamline your DPIA workflow.

Rule Engine interface showing options to use template or add custom rules

Screenshot placeholder

Rule Engine interface showing options to use template or add custom rules
Rule Engine - Configure automated rules for risk identification and workflows

Accessing the Rule Engine

To configure rules for a template:

1Go to Templates and click Edit on your template
2Select the Rule Engine tab
3Click + Add Rule to create a new rule, or Use Template to start from a preset

Rule Components

Conditions (IF)

Define when the rule should trigger based on question responses or risk scores

Examples:

IF Question 5 = 'No'

IF Risk Score > 60

IF Section score >= High

Actions (THEN)

Specify what happens when conditions are met

Examples:

Flag for manual review

Send notification

Add risk tag

Require additional documentation

Common Rule Patterns

High Risk Alert

IF:IF total risk score > 80
THEN:Send alert to DPO and flag for immediate review
Use:Ensure critical risks get immediate attention

Missing Encryption

IF:IF 'Data encrypted at rest?' = No
THEN:Add 'Security Gap' tag and increase risk score by 30
Use:Flag specific compliance gaps

Third-Party Transfer

IF:IF 'Transfer data to third parties?' = Yes
THEN:Require DPA documentation upload
Use:Ensure proper documentation for data transfers

Auto-Approve Low Risk

IF:IF risk score < 20 AND all required questions answered
THEN:Auto-approve assessment
Use:Speed up processing of low-risk vendors

Rule Templates

Click "Use Template" to start with pre-configured rule patterns:

GDPR Compliance

Coming Soon

Rules for GDPR-specific requirements

5 pre-configured rules

Vendor Risk

Standard vendor risk assessment rules

8 pre-configured rules

Security Assessment

Security-focused evaluation rules

6 pre-configured rules

Data Processing

Data handling and processing rules

4 pre-configured rules

Available Actions

Send Notification

Email specific team members when conditions are met

Modify Risk Score

Add or subtract points from the total risk score

Add Tag

Apply labels for categorization and filtering

Require Follow-up

Mark assessment for additional review or documentation

Best Practices

Start Simple

Begin with a few essential rules and expand gradually

Test Rules

Use sample assessments to verify rule behavior before production

Document Purpose

Name rules clearly and document why each rule exists

Review Regularly

Periodically review and update rules as requirements change

Previous
Review & Approval
Next
Best Practices