We’ve introduced a powerful Custom Workflow Builder, giving you full control over how items progress through different stages. This update allows you to define custom workflow stages, transitions, and permissions, ensuring workflows align with your organization's specific processes.

Key capabilities

• Custom workflow stages – Define unique workflow stages tailored to your needs.

• Transition rules & permissions – Control how items move between stages and who can transition them.

• Automated actions – Configure automatic updates and notifications upon stage transitions.

• Visual workflow editor – Easily design and manage workflows with an intuitive interface.

These enhancements bring greater flexibility and governance to workflow management, allowing teams to tailor processes to their unique requirements.

Developer API Improvements

To coincide with the release of the upgraded Custom Registers module and Custom Workflow Builder, we have added new endpoints to the Developer API.

• Risk History is now available. Query across multiple risks at a time, and integrate with Workato to build triggers when data changes.

• New endpoints, accessible under the /registers-api/1.1/ namespace are now available for working with Custom Registers and their Tasks. Please note that Issues and Incidents is now considered part of the Custom Register system and data can be retrieved through the /registers-api/1.1/ endpoints. The older /issues-api/ endpoints will continue to function but will be deprecated in subsequent API versions.

• A number of minor bug fixes and improvements to documentation have been released

We've introduced a significant update to standardize and enhance the functionality of all registers, including default and custom registers. This update ensures a seamless, intuitive experience across all the registers.

Key enhancements:

• Custom columns – Configure and manage columns to tailor register views.

• Sorting, filtering & bulk updates – Easily organize, refine, and update multiple items at once.

• Item linking – Link register items to related records for better traceability.

• Register-level permissions – Define who can access and manage each register.

• Item-level access control – Grant specific users or groups access to individual register items.

• Tasks & notifications – Assign tasks within registers and receive custom notifications.

• Custom workflow stages & transitions – Define workflows that match your organization's processes.

• Custom fields support – Extend item details with custom fields.

• New UI experience – A modern interface for improved user experience.

• Unique IDs per register – Auto-generated unique identifiers for each register item.

• Settings & configuration – Customize item names, colors, icons, and enable/disable features per register.

• Dev API support – Integrate register data seamlessly with external systems.

• Self-service reports – Generate and view reports directly within the platform.

What has changed?

To align with these new features, a few changes have been introduced:

• Issue actions are now called Tasks.

• All custom register items will now have unique IDs for better tracking and organization.

• IDs have been updated for:

  • Issues & Incidents

    • Old Issues & Incidents IDs will be made accessible via a custom field.

    • URLs using the old IDs will still direct to the Issue & Incident.

  • Issue & Incident Tasks (previously Issue Actions).

These enhancements bring greater consistency, control, and flexibility across all registers, ensuring a seamless user experience. We're also working towards bringing the Assets register to full parity with these capabilities and aim to complete this within the quarter. Your feedback is invaluable as we continue to refine and enhance the platform—let us know your thoughts!

Read more about Custom registers here!

We’ve introduced new capabilities that are in continuation of the previously released capabilities for user group assignment in assessments (link), further streamlining respondent assignment and invitation workflows :

• User Group assignment in Assessment templates – You can now assign user groups as respondents to specific questions in QBA assessment templates, streamlining the respondent assignment process.

• Respondent persistence in Draft mode – When an assessment is created from a template with assigned user-groups as respondents, those respondents are now saved and will be invited automatically when the assessment is published.

• Hub & Spoke assessment distribution – Assessment templates with user groups assigned to questions can now be sent to spokes. Users from existing user-groups are automatically invited when assessment is sent and new user-groups are created if they don't exist at spoke level. This ensures consistency and efficiency in assessment template management across your Hub & Spoke environment.

These updates simplify assessment management and ensure a seamless respondent assignment process.

Read more about sending assessments to spokes.

We're thrilled to announce key updates to the Controls module, making it easier to manage your data within 6clicks.

Import controls using Hailey

• Hailey AI can now extract controls directly from policy documents in Word or PDF format, reducing manual effort and streamlining data entry

• Check out our announcement blog for more details including a video demo

Export enhancements

• Export controls in the format that suits your needs:

  • CSV: Customize your export by choosing all fields or selected fields

  • JSON: Includes all fields, including custom fields

• All standard 6clicks control fields and managed (custom) fields are included

These updates make it easier than ever to integrate your controls data with other tools and workflows.

This week we've released an enhancement to our evidence gathering and presentation capabilities. Previously, during a Requirement-Based Assessment (RBA) on an Authority (compliance framework), we displayed 'Responsibilities' information associated with controls linked to Authority provisions.

With this update, we now also display all assessments conducted on a control. These assessments, particularly question-based ones used for evidence collection, will now be accessible to inform an aggregate picture against compliance requirements in an RBA.

Other changes in this release included -

• Ability to filter the questions by one or more user-groups using the 'Assigned to' filter (Assessment task)

• Bug fixes

We’re excited to announce the release of configurable dashboards in 6clicks, a powerful new feature providing personalized, data-driven insights of your GRC landscape.

Key capabilities include:

• Customizable layouts: Choose from several different layouts, including a full-screen option, to suit your preferences.

• Role-based insights: Tailor your dashboards to your specific role, such as compliance managers, risk officers, and executives.

• Dynamic widgets: Add and customize widgets, including 6clicks charts, Power BI reports, text content, and Hailey Assist, to create the dashboard that fits your needs.

• Real-time filtering: Filter data by statuses (e.g., open risks, completed audits) and time ranges to focus on critical information.

• Admin controls: Administrators can create and enforce standardized dashboards across the organization to ensure consistent reporting and alignment.

This update empowers users with flexibility while ensuring enterprises maintain control over data visibility and governance. Start customizing your dashboard today to gain deeper insights into your GRC landscape!

For more details, check out the Dashboard knowledge base article.

We’ve introduced the ability to assign user groups to question-based assessments, enhancing collaboration and efficiency.

• User groups can be added from the Respondents tab

• Clear prompts handle overlapping invitations, ensuring seamless group or individual assignment.

• Additionally, exported responses now include assigned user groups for improved tracking and reporting.

A number of updates and bug fixes have been released for our Developer API and Power BI connector. These changes appear automatically on the existing endpoints and you do not need to update your Power BI connector.

• Custom fields are now returned for risks, issues, and third parties.

• Bug fix: foreign-key fields marked as nullable in the schema now return null instead of nil-uuids (00000000-0000-0000-0000-000000000000) when a value is not present

In addition to the API improvements, the browser page titles displayed in the web application have now changed to include the full page title in all cases.

We've released a new administration module for customizing system notifications.

This includes the ability to:

• Customize email subject and body templates using dynamic templates

• Disable/enable emails and in-app notifications

• Customize the cadences at which reminder emails are sent, both before and after a due date

Find out more at Custom Notifications.

We’ve updated permissions to improve task management and clarity around Risk Treatment Plan (RTP) access along with introducing a new setting in the Administration area

• Permissions

  • My tasks

    • Users with this permission can access the "My Tasks" menu for streamlined task management

  • My tasks > Risk treatment plan

    • This permission enables users to view and respond to all RTPs assigned to them

    • Linked data within RTPs (e.g., Risks, Controls) is displayed based on each user’s permissions for greater data security and relevance

• New custom email address settings

  • Admins can now set a custom email address directly within 'Administration > Settings > Customization' tab

  • At the Hub level, this settings allows the custom email to be set as the default for all spokes. Spokes with their own specified email will override the Hub default.

We are excited to introduce a powerful new update to the Issues module: Issue Workflow. This enhancement brings greater flexibility and control to how you manage and track issues across your organization.

Key Highlights:

• Create and define custom workflows: You can now build and tailor workflows to meet your specific issue management needs. Define unique stages and transitions that fit your processes.

• Transition issues through stages: Seamlessly move issues through stages such as New, Triage, In Progress, and Completed for enhanced tracking and visibility.

• Customizable transitions: Configure how issues transition from one stage to another, ensuring alignment with your organization’s processes and workflows.

• Organize workflow stages: Easily organize, edit, and reorder stages, giving you full control over the complexity and order of your issue manageme: If you’ve used our Risk workflows, you’ll find the new Issue Workflow setup familiar and easy to configure.

To learn more, please refer to the following 6clicks knowledge articles:

• Issue Workflow in the Hub

• Configuring issue workflow stages

We’re excited to announce two major enhancements to Hailey AI, designed to further improve risk identification and compliance mapping efficiency.

• Risk and issue generation from assessment responses: Hailey AI can now help you identify, draft, and categorize risks and issues from both questionnaire-based and requirement-based assessment responses. This feature links risks, issues and third-parties to assessment responses, offering automatic suggestions and improving efficiency.

• Enhanced compliance mapping: The compliance mapping feature has been overhauled for faster and more precise authority-to-control and authority-to-authority mappings. The update also includes an improved user experience with better feedback and visibility during the mapping process.

• Plus, automatic deactivation of aged accounts: The Max days of user inactivity before deactivating setting is now available for administrators to automatically deactivate a user who has not logged in for a specified period of time. For full setup information, refer to the Security administration knowledge article.

We are excited to announce the inclusion of Microsoft Defender for Cloud in 6clicks' suite of Continuous Control Monitoring (CCM) integrations. With this powerful addition, users can enhance their cloud security posture by leveraging automated control tests and real-time monitoring.

Key updates include:

• Integration with Microsoft Defender for Cloud: Users can now automate control tests with Microsoft Defender for Cloud to continuously monitor cloud-native applications and identify potential security issues.

• Automated recommendations: Gain instant, actionable recommendations from Microsoft Defender for Cloud to remediate control test failures and strengthen security compliance.

• Streamlined evidence collection: Automatically log test results and remedial actions, simplifying compliance documentation and issue tracking.

• Enhanced visibility: Access comprehensive insights into your security posture with 6clicks’ reporting, including detailed test results and Microsoft Defender for Cloud’s recommendations.

• Automatic test polling: Trigger polling of test results for all auto-monitored controls and receive notifications when new results are logged.

To learn more, please see our announcement blog for a full feature overview, and our knowledge base article for setup instructions.

We’re pleased to announce several new updates, including the release of risk relationships, along with additional enhancements to Hailey Assist and Issue registers. 

Risk relationships 

Risk relationships enable you to define and visualize how individual risks relate to each other, providing enhanced visibility into your risk environment to improve decision-making and strategic planning. Key capabilities include: 

• A newly designed linked data side panel in risk details, creating a more friendly and streamlined user experience when linking data to risks. 

• The ability to link risks to one another, including a new link risk modal that visually depicts the relationship as you’re linking. 

• Three types of relationships between risks: parent, child, and related. The risk register includes three corresponding columns for these linked risks. 

• Reporting on risk relationships within 6clicks' native reporting module and via Power BI. 

• Access to risk relationships through the Developer API. 

To learn more about risk relationships, check out the blog here and the knowledge base article here. 

Additional enhancements 

• Hailey Assist search: Additional search results have been added along with the main response, helping you find other relevant information quickly and efficiently. 

• Issue register bulk updates: Users can now select multiple issues and update fields such as Description, Due Date, Issue Owner, and custom fields in one streamlined action. 

Our latest update has just been released, including a layout refresh for Risk overview page, and a host of improvements to our Developer API:

• Added support for custom attributes.

• Removal of redundant fields in the Issues API.

• Improved consistency between the UI and API behaviour.

• Introduction of a new API for associating risk treatment plans.

• Improved CCM test and responsibility linkages via the API.

These updates ensure a more reliable and consistent experiences for developers and users working with 6clicks.