Workflow Automation in TATER Ops: Orchestrate Multi-Step Compliance Tasks

Compliance work is rarely a single action. When a critical control fails — say, legacy authentication is still enabled — the response involves multiple people, multiple systems, and multiple steps that must happen in the right order. TATER Ops Workflow Automation turns that coordination work into a structured, trackable process.

What Is a Workflow?

A TATER Ops workflow is a reusable template that defines a sequence of task steps. When triggered — manually, from a failing scan, or via the API — the workflow creates a parent task and N child tasks, one per step. Child tasks with dependencies remain in Blocked status until their prerequisite steps close; when all dependencies resolve, the blocked task automatically opens and is ready to work.

This dependency model is the key differentiator from a simple checklist. A step can depend on multiple prior steps. For example: "Deploy Configuration Fix" cannot open until both "Get Change Approval" AND "Notify Affected Users" are closed. TATER enforces this automatically — no spreadsheet discipline required.

The Seven Step Types

• Notification — Send a Teams or email alert to a stakeholder group. Used as a first step to ensure visibility before any work starts.
• Approval — Gate subsequent steps on an explicit sign-off. Integrates with the Change Control module for formal change requests.
• Remediation — Link directly to a TATER remediation script. When this step closes, TATER records the remediation event in the audit log.
• Verification — Assign a team member to verify a control's post-remediation state. Can be linked to a control test or manual verification via MCP.
• Documentation — Capture a configuration state snapshot into TATERpedia or Config Docs. Ensures the "how we fixed it" knowledge is preserved.
• Escalation — Route to a senior resource if the normal assignee cannot complete the step within a deadline. Prevents silent blockers.
• Closure — A structured sign-off step that requires a closure note before the parent workflow is marked complete. Creates an audit record.

Triggering Workflows

Workflows can be triggered in three ways:

1. Manual trigger from the Workflows page — select a template, supply role assignments (who plays the "approver", who plays the "remediator"), click Trigger.
2. From a scan result — any failing control can spawn a workflow via the "Create Workflow" button in the control detail panel. The linked control ID is automatically populated on every step.
3. Via the API / MCP — POST /tasker/workflows/{id}/trigger with a JSON body containing role assignments. Lets Claude, Power Automate, or any agentic client initiate a workflow in response to a compliance event.

"Role assignment placeholders like {{approver}} and {{remediator}} are resolved at trigger time — the same template works for every team structure."

Monitoring Active Runs

The Workflows page in TATER Ops has two tabs: Templates and Runs. The Runs tab shows all active workflow runs with status indicators per step. Clicking a run opens the parent task detail, which shows the full step sequence with current status, assignee, and any completion notes. A supervisor can see at a glance exactly where a multi-day remediation process stands — without chasing status updates.

Audit Trail

Every step transition (Open → In Progress → Closed) creates an audit log entry with the actor, timestamp, and via attribution channel (web for browser actions, mcp for agent-driven actions, api for API calls). The parent workflow run document accumulates a full history. External auditors with read-only access can see the complete chain of custody for any remediation workflow.