Examples
ISO quarterly review
A turnkey process flow for quarterly ISMS review — Vanta status, decisions log, findings, action items.
The ISO quarterly review process flow models a quarterly ISMS review cycle. Once installed, it gives your compliance team a structured workspace where every quarter's review produces the artefacts auditors expect.
What it provides
| Artefact | Purpose |
|---|---|
| Vanta status snapshot | A point-in-time export of your Vanta posture. |
| Quarterly review report | The narrative review document. |
| Decisions log | Decisions made during the quarter with rationale. |
| Findings + action items | Issues identified and the actions to address them. |
Setup
- Install the ISO quarterly review process flow from the marketplace.
- Create a workflow instance for the current quarter (e.g.
2026-Q1). - Connect your Vanta integration (so the status snapshot pulls from live data).
- Assign reviewers to each stage.
The flow
Q1 starts
│
▼
[Snapshot Vanta] → [Draft quarterly review] → [Review decisions log]
│
▼
[Identify findings]
│
▼
[Assign action items]
│
▼
[Generate audit pack]Each stage produces a document. The workspace tracks completion against the quarterly deadline.
Sample data
The example ships with sample assets for inspection:
01-vanta-status-snapshot.md— example posture snapshot.02-quarterly-review-report.md— example review document.03-decisions-log.md— example decisions log.04-findings-and-action-items.md— example findings.
These are illustrative, not directives — your organisation's review will produce its own content.
Compliance mapping
This example produces artefacts mapped to:
- ISO 27001 clause 9.3 (management review).
- ISO 42001 clause 9.3 (AI management-system review).
- SOC 2 CC4 (monitoring activities).
Related
- Compliance → AI governance — where the review fits in the lifecycle.
- ISO yearly review — the annual counterpart.
- SDKs → Authoring → Process Flows — author your own process flows.