Skip to content
Fortworx

Correspondence Approval

Overview

Correspondence Approval adds an oversight layer to outbound emails sent from your workspace. When a non-lead team member composes a response to a security researcher on a report that belongs to a scope with a designated Lead, the email is not sent immediately. Instead, it is held for approval by the scope Lead.

This ensures that all external communication on sensitive security reports is reviewed by the person responsible for that area before it reaches the researcher.

How It Works

  1. A team member (non-lead) composes an outbound response on a report.
  2. Fortworx identifies the report’s scope and its designated Lead.
  3. Instead of sending the email immediately, Fortworx holds it and notifies the scope Lead that a response is pending their approval.
  4. The scope Lead reviews the draft and either approves or rejects it.
  5. If approved, the email is sent to the researcher. If rejected, the original author is notified and can revise the response.

When Approval Is Required

Approval is required when all of the following conditions are met:

  • The report has been assigned to a scope that has a designated Lead.
  • The team member sending the response is not the scope Lead.
  • The correspondence is outbound (a reply being sent to the researcher).

Approval is not required when:

  • The sender is the scope Lead for the report’s scope.
  • The sender is an Owner or Admin of the workspace.
  • The report’s scope does not have a designated Lead.

Reviewing Pending Approvals

When a response is pending your approval as a scope Lead, you will be notified via your configured notification channels (in-app inbox, email, or Slack).

To review a pending response:

  1. Open the report from the notification or navigate to it from the dashboard.
  2. You will see the pending outbound email marked with a Pending Approval indicator.
  3. Review the content of the draft response.
  4. Click Approve to send the email, or Reject to decline it.

If you reject a response, the original author will be notified so they can revise and resubmit it.

Audit Trail

All approval and rejection actions are recorded in the report’s audit log. Each entry includes who reviewed the response, when the action was taken, and whether it was approved or rejected.