Charter Workflows

Charter Workflows define the automated approval process that Security Charters follow when submitted for review. They route charters through configurable stages — from initial review through legal and CISO sign-off to final Steering Committee approval — ensuring proper governance at every step.

How charter workflows operate

When a Security Charter is submitted for approval, the system creates a workflow instance based on the configured workflow template. The charter’s status changes from Draft to Under Review, and the workflow begins executing its stages sequentially.

Each stage has designated approvers who receive task assignments. Approvers review the charter, provide feedback or comments, and record their decision (Approve or Reject). Once all stages are completed with approval, the charter status advances to Approved.

If any stage is rejected, the charter returns to Draft status with the reviewer’s feedback, allowing the author to revise and resubmit.

Workflow stages

A typical charter approval workflow includes stages such as:

Initial Review — A preliminary review to verify completeness and alignment with organizational standards. Often assigned to a security program manager or governance lead.

Legal Review — Legal counsel reviews the charter for regulatory compliance, liability implications, and alignment with contractual obligations.

CISO Review — The Chief Information Security Officer reviews the charter for strategic alignment, resource feasibility, and technical accuracy.

Steering Committee Approval — The final approval stage where the Steering Committee formally authorizes the charter. The committee’s decision is recorded as a CharterApproval record.

Stages are fully configurable — you can add, remove, or reorder them to match your organization’s governance requirements.

Workflow configuration

Charter workflows are managed through the workflow template system. Templates define the stages, approvers, and routing logic that a charter follows during the approval process.

Template types

Workflow templates for charters use the CHARTER type. Only active templates of this type appear when configuring charter approval workflows.

Configuration levels

Workflows can be configured at two levels:

Tenant default — A default workflow template applied to all charters in the organization. Configure this under Control Model → Settings → Charter tab (see Settings).

Entity override — A workflow template assigned to a specific charter, overriding the tenant default. Configure this on the individual charter’s detail page.

The entity override takes precedence over the tenant default, allowing you to use a different approval process for high-impact or specialized charters.

Approver assignment

Each workflow stage supports two methods of approver assignment:

Direct user assignment — Specific users are assigned as approvers for the stage.

Role-based mapping — Approvers are determined by their organizational role (e.g., anyone with the security-charter:manage permission or members of a specific team).

Workflow tracking

Once a workflow instance is created, you can track its progress from the charter detail page. The workflow view shows each stage’s status (pending, in progress, completed, or rejected), the assigned approver, decision timestamp, and any comments.

All workflow activity is recorded in the charter’s activity log, providing a complete audit trail of who reviewed and approved each charter.

Building custom workflows

SecureHive includes a visual drag-and-drop workflow builder for creating custom workflow templates. The builder allows you to define stages, set approver rules, configure notifications, and establish conditional routing logic.

To create a new charter workflow template, navigate to the shared Workflows area, create a new template with type CHARTER, and design your stages. Once published, the template becomes available for selection in the charter workflow settings.