Changelog
|Improved

Status system for risks and measures, survey wave, vendor power

Clear status logic with automatic evaluation for risks, measures and controls. Surveys are back on track. Vendors get bulk actions, EU check and quick owner changes.

RisksVendorsPlatform

This release pulls three threads together. Risks, measures and controls get a clear status system. The survey wave clears out a string of annoying bugs and ships a noticeably cleaner UX. And vendor owners get bulk actions plus the long-awaited EU check.

A new status system for risks, measures and controls

Risks, measures and controls now have a consolidated status system. Older statuses are merged into clearer categories, existing entries are migrated automatically. You get a reliable status vocabulary across all three entities.

The most interesting new behavior is the automatic status shift. Measures in status EFFECTIVE additionally move to DEGRADED as soon as a connected issue is more than 30 days past its due date. Without you doing anything.

We also extended the risk status logic. It now factors in the treatment strategy, the connected measures, the category tolerance and the review state. Four signals that together produce an honest status.

In the detail view of every measure, risk and control, you now see a status progress bar on the right. You spot what needs doing at a glance.

Risk management deepened

Each risk category now has a tolerance you can set. All risks of type THREAT in that category respect that value. An excess in the residual risk evaluation shows up in both list and detail view.

The risk list view got a heatmap and new filters, with the existing filters visually adjusted. Plus a quick filter "Assigned to me", because that is the most common view.

Small clarification: in the risk evaluation you now read "Probability" instead of the German abbreviation.

Surveys: stability and a cleaner UX

Surveys got a lot of attention this release, both under the hood and in everyday use.

On the stability side, external surveys, the responses and summary pages, and description editing all run smoothly. The answers display reliably shows the actual value, not the internal label or ID.

Survey templates now work end to end in the UI. You pick them when creating a new survey or assign them to existing ones, as long as they are not published or already have responses.

Survey create now lives in a drawer. No more redirect to a static templates page.

For vendor surveys, the answers are shown as a DataGrid with a search filter bar. Click a row to open the same drawer as in vendor detail, and you land on the same detail page. No two layouts for the same thing anymore.

The error indicator badge now sits on the correct tab, plus a clear description of the issue is shown at the top of that tab.

Vendor power: bulk actions, EU check, quick owner change

Bulk actions for vendors are here. Change owners, review intervals, run reviews, or change criticality for multiple vendors at once.

You can now change owners directly in the list views without going into the detail page. Applies to vendors, measures, controls and risks.

New in the vendor evaluation: an automatic EU check for international data transfers. The flag is set automatically but can be overruled where needed.

Trust Center

Email notifications on access now run reliably. If no documents require authentication, visitors no longer need to log in. Watermarks are generated reliably and are visible, and you can fine-tune watermark settings and regenerate individual documents.

Trust Center now only shows measures with status EFFECTIVE. Long document names render cleanly, in two additional list views as well.

Smaller polish

  • Stakeholder matrix is now available in the list view.
  • Processes can be filtered by category, plus a search filter bar in the overview.
  • User invitation: email validation improved, clear user feedback for special characters, individual users can be removed via the X button in the badge again.
  • Information asset CIA now also shows the stored justification in the detail view.
  • Archived documents no longer appear in linked entities.
  • Aggregated evidence from a control's measures now shows the correct evidence.

Housekeeping under the hood

  • Information asset list now has a single GraphQL endpoint.
  • Badges and chips are unified across all list views. The mishmash of old badges, chips and custom components is gone.
  • The (probably) last legacy tables have been converted to DataGrids: authorities and data subjects.
  • The backend had two nearly identical control implementation list queries, now there is one.
  • Various DataGrid column resizes.
  • On list views with search: if you are not on page 1 and start searching, pagination is removed. Otherwise you would not find the hits from page 1.

Related updates

All updates ->
Improved

Evidence reimagined, filters everywhere, a fresh UI

Evidence gets its own list, URL and placeholder records, and a review process. Plus new filters in almost every list and a complete UI facelift.

Improved

Labels, protection-needs assessment and CIA inheritance

A consistent label system across assets, risks and surveys. Information assets get a protection-needs assessment, CIA inheritance and history.

New

New Viewer role and Measures polish

A new Space role for read-only observers, plus improvements across measures, stakeholders and KPIs.