An example of a compliance training and assessment conversation within ZipGRC Microsoft Teams Bot.
Compliance Dashboard login with Azure Active Directory
Compliance Dashboard inbox displays exception requests and incidents that employees report through the ZipGRC Microsoft Teams Bot.
Existing compliance training tools are old and clunky. Employees are often required to log into legacy web-based interfaces to complete basic compliance training. This results in low employee participation for all compliance-related activities within companies.
What it does
ZipGRC is a compliance training and assessment tool for Microsoft Teams. The goal is to increase employee participation for compliance-related activities such as policy training, exception management and incident reporting.
Compliance managers can create policy training sessions using the app's form builder interface (not within Microsoft Teams). When managers save their training session, every employee within the company receives a notification through Microsoft Teams.
Employees can view the training material and complete an assessment quiz (that was previously created using the form builder) all within Microsoft Teams. With existing compliance tools, employees would have had to take the same assessment through a web form that is usually available only on the desktop. Now, employees can quickly complete their assessments anywhere (web or mobile) using the ZipGRC bot for Microsoft Teams.
Employees can also request policy exceptions and report policy violation incidents directly within the same Microsoft Teams bot.
How I built it
I used a number of technologies to build ZipGRC
- Microsoft Graph
- Microsoft Teams
- Microsoft Azure Active Directory
- Microsoft Bot Framework
- botbuilder Node.js libraries
The solution consists of an Compliance Dashboard and the Microsoft Teams bot.
Challenges I ran into
A few challenges that I ran into:
- I was unable to automatically start the ZipGRC bot conversation for all employees in Azure Active Directory unless they had previously interacted with the bot (I needed the interaction to store their conversation meta data in the database)
- Converting a web form into a bot conversation took some effort but was ultimately doable
Accomplishments that I'm proud of
- Converting assessments built using the web-based form-builder into a Microsoft Teams bot dialog
What I learned
- Bots and conversations have a lot more untapped potential than common use cases like travel booking, polls etc. They can be used to solve important business needs if done right.
- It is easier to build bots than to build interfaces for most single-purpose apps
What's next for ZipGRC
- Support for rich training cards including video, images and documents
- Better analytics and reporting within the Compliance Dashboard
- Trials runs at real companies