Tasks
Overview
Tasks are actionable work items used to assign, track, and complete compliance and security operations. They help teams turn control requirements and risk outcomes into clear owned work with deadlines.
Task records are typically related to the object that generated the work (for example, a control, risk, or remediation) and the evidence or outcome needed to close that work.
Compliance Significance
- SOC 2: CC5 and CC7 operational execution evidence
- ISO 27001: accountability and follow-through on security actions
Practical Examples
- A readiness project creates a task queue for evidence collection across multiple control owners.
- A security team links remediation tasks to findings and tracks weekly completion status.
- A consulting partner uploads evidence request list and task assignments for collecting the associated evidence
- A badass developer uses Openlane's sick
go-clientto automate evidence collection as a part of their CI/CD pipeline
Examples
- CSV
- GraphQL
- Go Client
- CLI
| Operation | API |
|---|---|
| Create | createBulkCSVTask |
| Update | updateBulkCSVTask |
# Create
Title,Details,Status,Due
Collect quarterly access review evidence,Upload IAM review output for Q1,OPEN,2026-03-31T00:00:00Z
Verify vendor SOC 2 refresh,Confirm latest report and attach evidence,IN_PROGRESS,2026-03-15T00:00:00Z
# Update
ID,Status,Due,AssigneeEmail
TSK01J9TASK11111111111111,IN_REVIEW,2026-03-20T00:00:00Z,owner@acme.io
TSK01J9TASK22222222222222,COMPLETED,2026-03-12T00:00:00Z,reviewer@acme.io
| Operation | Mutation |
|---|---|
| Create | createTask |
| Update | updateTask |
mutation {
createTask(
input: {
title: "Collect quarterly access review evidence"
details: "Upload IAM review output for Q1"
}
) {
task {
id
title
}
}
}
mutation {
updateTask(
id: "TSK01J9TASK11111111111111"
input: {
details: "Evidence package moved to final review"
}
) {
task {
id
details
}
}
}
| Operation | Method |
|---|---|
| Create | client.CreateTask(ctx, input) |
| Update | client.UpdateTask(ctx, id, input) |
ctx := context.Background()
details := "Upload IAM review output for Q1"
_, err := client.CreateTask(ctx, graphclient.CreateTaskInput{
Title: "Collect quarterly access review evidence",
Details: &details,
})
if err != nil {
return err
}
updatedDetails := "Evidence package moved to final review"
_, err = client.UpdateTask(ctx, "TSK01J9TASK11111111111111", graphclient.UpdateTaskInput{
Details: &updatedDetails,
})
if err != nil {
return err
}
| Operation | Command |
|---|---|
| Create | openlane task create |
| Update | openlane task update |
openlane task create \
--title "Collect quarterly access review evidence" \
--details "Upload IAM review output for Q1" \
--due 72h
openlane task update \
--id "TSK01J9TASK11111111111111" \
--details "Evidence package moved to final review"