Drift Monitoring

Infrastructure changes after deployment. ComplyForm watches for compliance drift and alerts you before auditors do.

Detection modes

Scheduled

The default drift detection mode (Team+). ComplyForm runs a daily compliance scan, compares scores against the previous baseline, and alerts when the score drops below your threshold.

Configure scheduled drift

# Set up drift monitoring for a dashboard project
complyform drift configure \
  --project=my-gcp-project \
  --frameworks=soc2,hipaa \
  --schedule=daily \
  --threshold=5

The --threshold value is a percentage-point drop that triggers an alert. A threshold of 5 means: alert if the compliance score drops by 5 or more points since the last scan.

Example scheduled scan output

Drift Report — my-gcp-project
  Framework:      SOC 2 Type II
  Previous score: 94.2% (2026-03-22)
  Current score:  89.7% (2026-03-23)
  Delta:          -4.5 points
  Status:         WITHIN THRESHOLD (threshold: 5)

  New failures:
    FAIL  CC6.1.3  google_compute_instance.api_server
      Disk encryption disabled after manual console change

Event-Driven

Near real-time drift detection (opt-in, Team+). Cloud provider events trigger a re-assessment within minutes of an infrastructure change.

Prerequisites

Event-driven mode requires a Terraform module that configures cloud event routing:

# Deploy the event listener module
complyform drift setup --cloud=gcp --project=my-gcp-project

This generates a Terraform module that provisions:

• GCP: Pub/Sub topic + Cloud Function triggered by Cloud Asset Inventory feeds
• AWS: EventBridge rule + Lambda function triggered by CloudTrail events
• Azure: Event Grid subscription + Azure Function triggered by Activity Log

Apply the module

cd complyform-drift-setup/
terraform init
terraform apply

Once deployed, any resource change in the monitored project triggers a targeted re-assessment of the affected resources.

Alert configuration

Configure email and webhook alerts for drift events.

complyform drift alerts \
  --email=platform-team@example.com \
  --webhook=https://hooks.slack.com/services/T00/B00/xxxx \
  --threshold=5

Alerts fire when the compliance score drops below the configured threshold. Each alert includes the affected resources, failed controls, and a link to the dashboard timeline.

Dashboard integration

The ComplyForm dashboard displays a drift timeline and score trend chart for each monitored project. The timeline shows:

• Score snapshots over time (daily or event-driven)
• Drift events with root-cause resource changes
• Remediation actions taken and their impact on the score

Tip

For Azure environments, use the DeployIfNotExists policy effect alongside ComplyForm drift monitoring. Azure Policy auto-remediates certain resource configurations, and ComplyForm tracks those changes as score improvements in your drift timeline.

Drift setup guides

Cloud-specific setup instructions for event-driven mode:

• GCP Drift Setup
• AWS Drift Setup
• Azure Drift Setup

Next steps

• complyform drift — full drift CLI options
• Drift Setup Overview — cloud-specific event listener deployment