Business Processes

    End-to-end workflows your organisation depends on

    What are Business Processes?

    Business processes represent the high-level workflows that deliver value to your organisation - things like "Order Fulfilment", "Customer Onboarding", "Payroll Processing", or "Incident Response". Each process documents what the workflow does, which departments own it, what infrastructure supports it, and how much it is worth financially.

    CIA Classification

    Each business process can be rated on three dimensions using a 1–5 scale: Confidentiality (how sensitive is the data involved?), Integrity (how critical is it that data remains accurate and unaltered?), and Availability (how disruptive is downtime?). These ratings drive the risk report's Business Impact dashboard.

    The combined CIA score (sum of all three values, max 15) is used to identify your most critical processes, highlight unprotected high-value workflows, and detect single points of failure in your infrastructure. Setting accurate CIA values is essential for meaningful risk prioritisation.

    Financial Value

    Each business process can have a financial value representing the monetary worth of the process. This figure is central to the risk report: when an issue is linked to a control that protects a business process, the process's financial value is used to calculate risk exposure.

    Setting accurate financial values is important for meaningful risk quantification. The value should reflect the revenue, cost of disruption, or strategic importance of the process.

    Connections to Other Areas

    • Entities - a process can be linked to multiple entities, representing which departments or teams own or participate in the process.
    • Configuration items - linked to the assets that support the process, mapping workflows to infrastructure.
    • Applications - linked to the applications that enable the process.
    • Controls - controls can be linked to business processes, connecting compliance measures to the workflows they protect.
    • Tickets - tickets can reference affected business processes.

    Process Modeler

    Each business process has a built-in visual workflow designer called the Process Modeler. The modeler lets you define the process as a series of steps with dependencies and lay them out on a free-form canvas:

    • Steps - each step has a name, optional description, and can be linked to configuration items and applications that support it.
    • Dependencies - drag connectors between steps to declare which steps must complete before others begin, creating a directed workflow graph.
    • Free-form layout - drag steps anywhere on the canvas. Positions are persisted with the process so the layout stays consistent for everyone. Use Auto Layout to reflow everything left-to-right based on dependencies when things get messy.
    • Undo/redo - every edit pushes onto an undo stack, so you can experiment without fear. Cmd/Ctrl+Z and Cmd/Ctrl+Shift+Z work as expected.

    Process Impact View

    From the Process Modeler you can switch to a read-only Impact view of the same diagram, overlaid with live health data:

    • Step health - each step is colour-coded green (healthy), amber (exposed - no controls covering its assets), or red (at risk - failing controls or open issues).
    • Inspect sidebar - click any step to see its description, linked applications, and configuration items with control coverage and open issue counts.
    • Process summary - the toolbar shows CIA classification, control coverage percentage, open issue count, and linked risks for the entire process.
    • Linked applications strip - the bottom of the canvas lists every application supporting any step, with its own health colour.

    The Impact view is the fastest way to see whether a workflow is genuinely protected or just documented.

    Version Management

    The Process Modeler supports version control for your workflow definitions:

    • Draft - when you edit steps in the modeler, changes are saved as a draft version. Only one draft can exist at a time.
    • Published - publishing a draft makes it the active version. The previously published version is automatically archived.
    • Archived - past published versions are preserved as read-only snapshots.
    • Restore - you can restore any archived version, which creates a new draft from that version's snapshot. This lets you roll back to a previous workflow design.

    Each version stores a complete snapshot of all steps and their dependencies, so restoring a version faithfully recreates the workflow as it was at that point in time.