Real-Time Compliance Alerts
Instant Slack and email notifications for compliance events
Why Real-Time Alerts Matter for CCO/CPO
72-Hour GDPR Deadline
Data breaches require notification to authorities within 72 hours. Instant alerts ensure you never miss a deadline.
Control Test Failures
Immediate notification when SOC 2/ISO 27001 control tests fail. Fix issues before auditors find them.
Unusual Activity
Detect abnormal file processing patterns that may indicate insider threats or compromised accounts.
4 Alert Types Available
High-Risk File Processing
high_risk_filesTriggers when files with GPS location data, personal identifiers, or critical-risk metadata are processed
Unusual Processing Activity
unusual_activityTriggers when processing volume exceeds 5x normal hourly average (minimum 50 files)
Compliance Policy Violation
compliance_breachTriggers when data handling policies are violated or retention limits exceeded
Usage Quota Exceeded
quota_exceededTriggers when plan usage limits are exceeded
Setting Up Slack Notifications
Create Slack Webhook
- Go to api.slack.com/apps
- Click "Create New App" → "From scratch"
- Name it "Compliance Alerts" and select your workspace
- Under "Features" → "Incoming Webhooks" → Enable
- Click "Add New Webhook to Workspace"
- Select the channel (e.g., #compliance-alerts)
- Copy the Webhook URL
Configure in Platform
- Navigate to Organization Settings → Integrations
- Find "Slack Integration" section
- Paste your Webhook URL
- Select notification types (alerts, processing events)
- Click "Test Webhook" to verify
- Save your settings
Create Alert Rule with Slack
- Go to Compliance → Alerts
- Click "Create Alert Rule"
- Select trigger type and severity
- Under Notification Channels, check "Slack"
- Add email recipients as backup
- Set cooldown period (recommended: 15-60 minutes)
- Save the rule
Pro Tip: Channel Strategy
Create separate Slack channels for different severities: #compliance-critical (critical only), #compliance-alerts (high + medium), #compliance-notifications (all). Route alerts accordingly.
Setting Up Email Notifications
When Creating an Alert Rule:
- Under "Notification Channels", check "Email"
- Add recipient email addresses (multiple allowed)
- Recipients receive instant email when alert triggers
- Email includes: Alert title, message, severity, dashboard link
Best Practice: Escalation Chain
For CRITICAL alerts, add multiple recipients in order of escalation:analyst@company.com, cpo@company.com, ceo@company.com
Severity-Based Routing Guide
| Severity | Response Time | Recommended Channels | Cooldown |
|---|---|---|---|
| CRITICAL | < 15 minutes | Slack + Email + SMS (webhook) | 5 minutes |
| HIGH | < 1 hour | Slack + Email | 15 minutes |
| MEDIUM | < 4 hours | Email + Dashboard | 60 minutes |
| LOW | Next business day | Dashboard only | 240 minutes |
Troubleshooting Common Issues
Slack notifications not arriving
- Verify webhook URL is correct and active
- Check if Slack app has proper permissions
- Ensure "slack" is in notificationChannels for the alert rule
- Check organization settings for slackWebhookUrl
Too many alerts (alert fatigue)
- Increase cooldown period (recommended: 60+ minutes for non-critical)
- Adjust trigger conditions to be more specific
- Use severity-based routing to reduce noise
- Consider dashboard-only for LOW severity
Alerts not triggering when expected
- Verify alert rule is active (isActive: true)
- Check if cooldown period has passed since last trigger
- Review trigger conditions match the event
- Check user has permission to trigger alerts
Email notifications in spam
- Whitelist noreply@scrubmetadata.com in email client
- Add to contacts list
- Check spam/junk folder
- Verify recipient email is correct