Changelog
|New

Stakeholders, Objectives and a new Compliance section

Two new core entities and a dedicated section in the main navigation. Plus administrable incident types and plenty of polish.

PlatformPoliciesRisks

A foundational extension of the compliance model: who is accountable (stakeholders) and what you are working towards (objectives) are now standalone, linkable entities in Kopexa.

What stakeholders, objectives and KPIs are about

Before we look at the individual new pieces, a quick word on the model behind them, because the three concepts depend on each other.

Stakeholders are people, roles or parties with an interest in a compliance topic or affected by it, not necessarily the ones doing the work. This explicitly includes more than just employees: large customers whose contracts hang on your ISO certificate, regulatory authorities, contract partners and suppliers, the board or investors on high-risk topics, and in regulated industries even the public. Until now you had no dedicated model for any of this. From now on you can maintain stakeholders as their own entity and link them to risks, incidents, measures, programs, and objectives.

Ownership in Kopexa does not change. Risks, measures and programs keep their owner as the responsible person. Stakeholders are orthogonal to ownership: they provide context (who is affected), reporting targets (who needs to be informed), and escalation perspective (whose interests need to be considered).

Objectives are the strategic targets that operational work aligns to. Classic examples: "be ISO 27001 certified by Q4", "keep data protection incidents below five per year", "100 percent of security training completed by year-end". Measures contribute to objectives. Risks threaten them. Without explicitly maintained objectives you do compliance work without direction and cannot demonstrate afterwards whether you actually moved forward.

KPIs are the quantitative metrics that make an objective measurable and verifiable. An objective without a KPI is wishful thinking. The KPI "% employees with active awareness training" tells you at any cutoff whether you are on track or not. In audits and board reports this is the language that counts.

How they relate:

  • Stakeholders are linked to risks, incidents, measures, programs, and objectives.
  • Owners (internal) remain accountable for execution.
  • Objectives are achieved through measures.
  • KPIs measure how far along the objective is.
  • Risks threaten objectives and affect stakeholders.

If these building blocks are consistently linked, you see on a single page which stakeholders a topic concerns, which measures are working on it, where the KPIs stand, and what risks block the path. That is the moment Kopexa shifts from a document repository to a steering tool.

New entity: Stakeholders

Stakeholders are now their own entity with a list and detail page. You maintain large customers, regulatory authorities, partners, the board, and internal affected parties once and properly, then link them to risks, incidents, or programs. At audits, escalations, or reporting, you immediately see whose interests a topic touches, instead of having that information hidden in email lists or comments.

New entity: Objectives

Same for objectives: list and detail view, each with their own relationships. You can model strategic objectives explicitly and attach them to risks, measures or programs, instead of hiding them in description text.

The risk sidebar shows the relationships to stakeholders and objectives from day one, so on the risk detail page you immediately see who a risk affects and what it ties into.

Compliance section in the main navigation

Programs, Stakeholders and Objectives move into a new Compliance entry in the main navigation. You find the strategic building blocks in one place, instead of clicking through several sub-menus.

Bonus: while we do not have a dashboard yet, Programs is the new landing page (it used to be Frameworks for some users). That page gives most people the best overview of what is currently happening.

Incident types are now administrable

The Incidents module has a new tab where you manage your own incident types. You define categories that match your organization, instead of working with a fixed list.

More improvements

  • New datetime picker with keyboard input: we roll it out gradually. Objectives use it now, other modules will follow.
  • Navbar collapse state is now persisted in the database instead of a cookie. Your layout setup follows you across devices.
  • Default A-Z sorting in numerous lists and selects, where the order used to be arbitrary.
  • Program Create: the form error now appears cleanly when no program was selected.
  • Information asset type: the field now supports multiple selections instead of just one.
  • Information asset retention policies: drawer stacking instead of the previous dialog/drawer mix.
  • Doc Editor: inline images now display correctly in the view mode.
  • Linking the same document twice as evidence is no longer possible.
  • Framework and control RefCodes are now normalized to lowercase consistently in the backend. That prevents input errors from varying spellings.
  • Document search now searches across all folders instead of only the current one.
  • Next/Prev navigation in controls: styling fix for long names.

Related updates

All updates ->
New

New Viewer role and Measures polish

A new Space role for read-only observers, plus improvements across measures, stakeholders and KPIs.

New

Documents: confidentiality levels, archive and version history

Three substantial document management features, plus NISG-2026-AT mapping for Austrian measures.

New

Trust Center is live: trust becomes a product

Your public compliance landing page that takes load off your sales cycle and prepares your audits.