This release lands three threads at once. A label system that runs across assets, risks and surveys. A proper protection-needs assessment for information assets with CIA inheritance along the asset chain. And a stack of concrete UX moves that make daily work noticeably lighter.
Labels for assets, risks and surveys
Labels are now a first-class concept across assets, risks and surveys. You set them in the detail view, filter by them in the list views and see them everywhere they matter.
They are managed centrally under Settings → Labels. A new admin page where you create, rename and clean up labels without jumping through detail views.
Protection-needs assessment for information assets
Information assets get their own protection-needs assessment. You walk through the protection goals in a structured way and come out with a traceable result.
The assessment can now be cancelled cleanly if you realize mid-way that you need to do some prep work first. And the result can be manually overruled when your business context calls for a different rating than the schema suggests.
We also tidied up the UI and added keyboard support along the way.
CIA with inheritance and history
This is the biggest move in this release. Information assets and assets now share a consistent CIA logic with inheritance in both directions.
Assets inherit CIA values from the information assets they carry. And they pass the highest applicable value up to parent assets. Manually undershooting the inherited values is no longer possible. The chain cannot accidentally dilute anymore.
CIA(A) can now be set individually for information assets and assets, and must be justified individually. The old combined justification is therefore deprecated. It is still shown, together with a hint that you should transfer or remove it.
Changes to protection needs are now traceable through history. You see when things moved.
And when inheritance raises protection needs somewhere along the chain, email notifications go out to the relevant owners and deputies. You no longer need to check in actively to catch the relevant changes.
Direct ownership from the list
Information assets and processes get direct assignment for owners and deputies in the list view. No more jumping to the detail page just to set a person.
Together with risks, measures, controls and vendors from the last release, this is now consistent across the board.
Smaller polish
- Assets and surveys now have a SearchFilterBar in the list view.
- Doc Editor: marked text reliably shows in the toolbar what it is again. If you mark an H3, the toolbar shows H3.
- Information assets open in the preview drawer where they are referenced as a relation. No more forced jump to the detail page.
- CIA(A) and the protection-needs assessment have been removed from processes. They now sit cleanly on information assets and assets, where they methodically belong.