App integrations
Bramble has chosen to restrict the ability to install apps, and we have a process to approve or restrict certain apps for our workspace. In order to integrate a new app with existing applications in our tech stack such as Slack, you need to create a vendor approval issue.
The process to determine if a review is needed is based on the vendor's inherent risk rating, which is determined by risk factors that we identified subject to Bramble. The steps included in the vendor approval issue are meant to gather the information so that the Risk and Field Security team can complete the scoring.
Weighting
| High-risk | Moderate-risk | Low-risk | |
|---|---|---|---|
| Seats/Licenses | 1000+ == 3 | 101 - 999 == 2 | 1 - 100 == 1 |
| Volume | Over 20,000 records or volume of data == 3 | 5,001 - 19,999 == 2 | Less than 5,000 == 1 |
| Contractor Access / Integration | Corporate user account (Brmbl.io, GCP, etc.) / 10+ systems integrated == 3 | Read/write access to specific data sets (limited push/pull) / 4-9 integrated systems == 2 | Receives a file of sensitive information (no access to Bramble systems) / 1-3 systems == 1 |
| Compliance Frameworks in-scope | Two or more == 3 | One == 2 | Zero == 1 |
| Data Classification | Red == 3 | Orange == 2 | Yellow == 1 Green == 0 |
Scoring
| Risk Score | High | Moderate | Low |
|---|---|---|---|
| 36 + | 9 - 35 | less than 8 |
Adding an app to Slack
Once the vendor approval issue has been approved by all parties, please request approval to add the app to Slack following the steps below:
- Make sure the app hasn't been pre-approved by our team by clicking on Apps in the left sidebar and find Available Apps. To find pre-approved apps in the App Directory, click Pre-Approved below Categories in the left column.
- If the app isn't pre-approved, you can click on Add to Slack.
- Add a custom message with more context about your request and also link the vendor approval issue.
- Click Submit. You'll receive a direct message from Slackbot when your request has been reviewed by the team.
Please note that this is only required for new apps that have not been reviewed or approved. If your request is to add a new process or update an existing process for how an application works in slack, please refer to our Business Technology Change Management process.
Adding an app/plugin to other systems owned by Team Member Enablement/Business Technology
If you need to add an app/plugin that connects with other systems owned by IT (not Slack), please create an issue in the Team Member Enablement Issue tracker and follow the steps outlined there.