Track configuration baselines, detect drift, and maintain audit-ready documentation.
The challenge
Configuration drift accumulates silently across servers and applications. Change logs become unreliable. Auditors cannot verify that live systems match approved baselines.
How Fig helps
Document approved configurations for each asset class with version control and change approval workflows. Baselines lock in audit evidence.
Continuous monitoring identifies configuration changes in real-time. Automated alerts trigger for unauthorised or out-of-policy modifications.
Every configuration change records who made it, when, why, and whether it was approved. Impact forecasting shows downstream effects before changes are applied. Full rollback trails maintained.
Configurations mapped to hardening benchmarks (CIS, DISA STIGs). Control compliance scored automatically and refreshed continuously.
Fig detects configuration drift against approved baselines automatically and integrates with MDM platforms such as Intune to verify live device configurations against policy requirements.
Audit-ready workflow
Configuration Management should not be treated as a standalone tool surface. In Fig it is part of a governed workflow: a signal is captured, an owner is assigned, a control or risk is updated, and evidence is retained so the organisation can prove what happened later.
Lifecycle
The Discover phase is where this capability sits in the wider Fig operating model. Configuration drift accumulates silently across servers and applications. Change logs become unreliable. Auditors cannot verify that live systems match approved baselines. Fig turns that problem into a repeatable lifecycle so MSPs, risk teams, and auditors are not relying on static spreadsheets or ad hoc screenshots when a buyer asks for proof.
Evidence captured
For configuration management, useful evidence normally includes the triggering record, the affected asset or supplier, the control requirement, the assigned owner, the decision made, the timestamp, and the outcome. That evidence is mapped back to frameworks such as Cyber Essentials, ISO 27001, NIS2, DORA, GDPR, CMMC, and internal policy requirements where relevant.
Implementation checks
Useful references
The exact evidence required still depends on your scope, risk profile, sector, and framework obligations.
Built for you
Standardised configuration baselines across your entire client base with multi-client change approval workflows and portfolio-wide compliance tracking.
Learn moreConfiguration governance integrated with security operations and change management. All changes traceable to business drivers and compliance obligations.
Learn morePre-built evidence of baseline adherence, change approval chains, and configuration accuracy at every audit point in time.
Learn moreCommon questions
Fig sits alongside change management by adding configuration compliance and audit-ready evidence. It tracks what should be configured and verifies it stays that way.
Drift detection runs continuously for Windows and Linux servers via agents. Cloud resources are scanned every 24 hours. Scan frequency is configurable per asset type.
Fig raises an alert with the specific change, who made it, and which compliance controls are affected. Your team can approve, revert, or escalate. All decisions are documented for audit.
Yes. Each client or environment can have its own baseline configuration. You can also create baseline templates and apply them across similar environments, then override specific settings where needed.
Yes. Fig monitors configuration state for Azure, AWS, and GCP resources via API. Cloud resource configurations are checked against your defined baselines and CIS benchmarks, with drift alerts treated identically to on-premise systems.
Next step
Book a walkthrough tailored to your frameworks and tooling.
We only load non-essential analytics and advertising tags after explicit consent. You can review our cookie register in the cookie policy section and update your choice at any time via “Cookie settings” in the footer.