Automated Change Request Verification

Overview

Validate detected security policy changes against approved change requests to confirm accuracy, prevent unauthorized modifications, and support compliance.

Automated Change Request Verification guides you through using Verifier in SecureChange workflows to validate change requests after implementation.

Verification confirms whether requested access is fully implemented, partially implemented, or not implemented, and generates a visual ad hoc path analysis map that shows real-time routing and policy behavior from source to destination.

Why this matters
  • Ensure approved changes are implemented exactly as intended.

  • Validate post-implementation accuracy to support compliance and governance.

  • Compare deployed configurations against approved workflow intent.

Who this is for
  • Network engineers responsible for executing verification steps and validating rule implementation status.

  • Change managers responsible for overseeing workflow execution and approvals.

  • Security operation managers responsible for reviewing verification accuracy for compliance.
  • Operational specialists driving workflow adoption and standardization across teams.

Key capabilities

Automated Change Request Verification leverages key features in SecureChange:

Prerequisites

Step 1: Understand change request verification

The Change Request Verifier performs automated post-implementation validation for change requests.

The Verifier tool in SecureChange Workflows:

• Checks if access is fully implemented, partially implemented, or not implemented at all.

• Generates a visual ad-hoc path analysis map allowing operators to quickly view real-time routing and policy behaviour from source to destination.

Use SecureChangeWorkflows to implement Verifier.

See Creating custom workflows.

Step 2: Integrate Verifier into Access Request workflow

Integrate Verifier into the relevant workflow step, typically after implementation. Configure it in the step properties.

Set workflow step mode & enable Verifier

Navigate to the correct workflow step where you want to implement verification, set the step mode and then enable the Verifier tool.

The verification flow must match your governance policy.

  1. Set the step mode:

    • Auto: Runs Verifier automatically without user intervention.

    • Manual: Allows the step handler to review verification results before proceeding.

  2. Based on the step mode you selected, enable Verifier and verification options:

    • Auto: Select Run Verifier

    • Manual: In the Access request field properties, select Automatically run Verifier after this step and Do not proceed to next step if not verified

  3. When Verifier runs, the workflow behaves according to the selected mode. Status updates and verification results are visible in the SecureChange ticket and ticket history.

See:

Verifying access requests

Configuring Access request field

Step 3: Define workflow behavior for failed verification

Define how the workflow behaves when verification fails or remains incomplete, and the request still needs to move forward. For example, an object or service referenced in the request may not be supported by Tufin because of platform limitations.

Based on your governance policy, you can:

  • Block workflow progression when verification fails.

  • Allow override handling when the request must continue despite incomplete verification.

Failed verifications are captured in audit logs.