Monitor Phase

Monitor is where governance becomes continuous. You connect operational signals, run tests on schedules, and keep evidence and risk assumptions current as the system changes.

ScopeDefine the system and governance scope

ImplementExecute controls and attach evidence

MonitorKeep governance continuously current

AuditPrepare internal review and exports

Outcome

You leave this phase with:

• sources connected so Modulos can retrieve operational signals
• tests and schedules that continuously evaluate conditions you care about
• a remediation loop that connects results back to governance work

Time to first value: 60–120 minutes
Prerequisites: a project exists and you can configure sources and tests

Path at a glance

1

Connect sources

Add metrics-capable integrations to the project

2

Define tests

Turn metrics into governance signals

3

Run schedules

Evaluate continuously and capture results

4

Remediate and review

Connect failures back to controls, evidence, and risk

Step 1: Connect sources for operational signals

Goal: make signals available to testing and monitoring workflows.

Where in Modulos

• Project → Settings → Sources

Do this

• Add a metrics-capable source (Prometheus, Datadog, or Modulos Client).
• Confirm the source is configured correctly for the project.

You’re done when

• metrics are available to define tests

Step 2: Define tests as governance signals

Goal: translate “we care about this” into an explicit condition.

Where in Modulos

• Project → Testing

Do this

• Create tests tied to the controls or governance questions you care about.
• Associate tests to controls where it helps with traceability.

You’re done when

• tests exist with clear intent and measurable conditions

Step 3: Run tests on schedules and track results

Goal: turn testing into a continuous signal, not a one-time exercise.

Where in Modulos

• Project → Testing → schedules
• Project → Testing → results

Do this

• Set schedules appropriate to the signal (daily/weekly/monthly depending on the risk).
• Review results and treat failures as governance work, not just “red lights”.

You’re done when

• the project produces an ongoing stream of pass/fail/error results you can act on

Step 4: Remediate and keep governance current

Goal: connect monitoring back to real governance actions.

Where in Modulos

• Project → Controls and Project → Evidence for remediation artifacts
• Project → Risks for re-quantification when system context changes

Do this

• When a test fails, attach the remediation evidence to the relevant controls.
• If the system changes materially, re-run risk quantification for the impacted threats.
• Use reviews to keep status changes auditable.

You’re done when

• monitoring creates a continuous feedback loop into evidence and risk

Next

Audit phase

Package the current state for internal audit readiness review

Engineer & Integrations path

A role-based walkthrough for sources, connectors, and API access

Related reference pages

• Sources
• Testing Operating Model
• Tests & Schedules
• Results & Remediation
• Project Risks