We've introduced a way to define assessment's scope by using assessment description field and data linking. This enhancement ensures risk and compliance teams can capture comprehensive assessment scope with supporting data alignment from the very beginning of their assessment process.
This capability is available in both 'Question based' and 'Requirement based' assessments.
Assessment overview tab simplified and now accessible through a dedicated button
A new Linked data tab to manage all the content linked to an assessment
Linked data tab enables the linkage of relevant datasets including:
Authorities (standards and frameworks)
Assets
Any register item
Template reporting support
New placeholders are available via the template reporting (Reports tab) to induce this data into your reports
Assessment description, and
Assessment linked data
Question based assessment: Knowledge base article
Requirement based assessment: Knowledge base article
Template reporting: Overview data
The Developer API has been expanded with additional endpoints for:
Retrieving user roles
Retrieving risk access members and custom fields
Retrieving custom register item and issue & incident owners
Retrieving Project and Playbook archived status
An updated PowerBI connector supporting these changes will be available later this week.
We've significantly enhanced the response page center grid to give you greater control over your assessment view. This update delivers improved flexibility, performance, and configuration options to streamline your response collection process.
Take full control of your data view by selecting exactly which fields to display:
Requirement details: Choose from Description, and all other provision fields
Assessment fields: Display any assessment-related data columns
Tailor the grid layout to match your needs:
Adjustable column widths: Resize columns to optimize your viewing experience
Column positioning: Arrange columns in your preferred order
Word wrap: Text wrapping is enabled for better readability of longer content
Personal preference: Your grid configuration is automatically saved and preserved for future sessions
Experience smoother, faster navigation:
Enhanced loading: Quicker page transitions when working with requirements
Optimized rendering: Improved grid performance for large datasets
Learn more on responding to a requirement based assessment.
We're continuing to enhance assessment capabilities with more efficiency improvements and streamlined workflows. Stay tuned for additional updates designed to make your compliance work even more productive.
General performance and stability uplift in compliance mapping.
Dramatic speed improvement: Reduced compliance mapping execution time from 2 hours to under 2 minutes (98% reduction)
Optimised data processing algorithms for faster rule evaluation
Implemented parallel processing for concurrent compliance checks
Added intelligent caching for frequently accessed compliance rules
Significantly reduced crashes: Enhanced error handling and memory management
Replaced legacy embeddings system that caused application instability during large mapping operations
Refactored core mapping engine for better resource utilisation
Processing time: 2 hours → < 2 minutes
User experience: Seamless, near real-time compliance mappings
We’ve just launched a major upgrade to the projects & playbooks module that makes creating, scoping, planning, and actioning projects, playbooks, and audits easier than ever:
Fresh new look and faster template creation
Link GRC data—assessments, risks, issues, register items, third parties & more—to tasks
Ideal for structured execution across audits, client projects, compliance initiatives, risk programs, and more
Check out the knowledge base articles here.
Rollout times (UTC):
UAE – 02:00
UK & US – 04:00
AU – 08:00
JP & SG – 10:00
Performance improvements across Assessment module
We've rolled out several enhancements to improve task management, data visibility, and admin control.
Task assignment
Assignee list now filters by linked third-party. Third-party selector is only shown if two or more third-parties are linked to the item.
When removing a linked third-party (with assigned tasks), a confirmation dialog appears explaining the impact.
Upon confirmation, all related tasks and assignees are automatically cleared.
Table grid word wrapping
Long text now wraps up to 3 lines before truncating with a tooltip.
Sorted custom data cards
Cards in Admin > Custom data are now shown in alphanumeric order.
Granular tag permissions
Admins can allow tag creation in Custom data only; users without record-level tag permissions cannot add new tags.
We’ve been busy making improvements across the platform, and we’re excited to share what’s new! Here’s a roundup of the latest updates across different modules.
We've introduced a major upgrade to assessments in 6clicks, now powered by enhanced Hailey AI. With a smarter interface and more flexible response options, it's now easier and faster to complete even document-heavy or repetitive assessments.
UX enhancements
Redesigned assessment interface with clearer content hierarchy and streamlined navigation
Upload supporting documents directly into the assessment flow to reduce manual effort
Visual indicators show question type, domain, suggested responses, and attachments at a glance
Choose between using past responses or uploaded documentation
Tags and labels clearly show which answers are AI-generated vs. user-edited
Edit or override Hailey's responses at any time for full control
Accuracy
Hailey AI now analyzes uploaded documents to generate precise, context-aware responses across the full assessment
Reduces repetitive, question-by-question input while maintaining alignment with up-to-date organizational data
Enhances audit and assessment speed without compromising on oversight or accuracy
Blends AI automation with human review for trustworthy, scalable GRC operations
Admins can now define entry requirements for each stage in a risk workflow.
These conditions are validated before entering a workflow stage — ideal for enforcing rules on stage changes.
Complements existing exit requirements, enabling controlled backward movement in workflows.
We’ve updated the name of existing stage requirements to ‘Exit requirements,’ as they are validated before moving out of a workflow stage.
Read more: Risk workflow stage requirements
Admins can now configure a default user/advisor to automatically receive all open tasks when a team member is deleted.
This reassignment user is automatically preselected during the task reassignment flow.
Applies to both users and advisors, and includes all active team members in the selection list.
Read more: Deleting users & bulk reassigning tasks
We've launched the Risk dashboard for Hub teams
Introduced self-service views for the Projects & Playbooks module, which is now available together with corresponding dashboards at both Hub and Spoke levels.
We've made performance improvements to QBA history, resulting in faster load times. Additionally improved the editing process of the risk matrix in the Hub.
Redesigned the risk assessment experience with an improved workflow, enhanced form field inputs, clearer explanations of assessment logic, and expanded page layout for better usability.
We’re excited to share that we've upgraded the Assets register to bring it in line with our Custom registers, and have introduced the new Risk Self-Serve View (SSV).
Assets register upgrade
Assets now have unique item IDs, enabling better traceability and future-proof referencing.
The Assets register has adopted the same UI, functionality, and import/export capabilities already available in our Custom registers.
We’ve performed a data migration behind the scenes to transition the existing assets to the new format.
To align with the new permissions model used in other registers, register-level access members have been removed, while item-level permissions remain unchanged. User access has been preserved.
The 'Type' field is now managed under Assets custom attributes, replacing the previous 'Asset Type' section in Administration > Custom Data
Admins can enable, disable, or delete the field
Individual 'Type' options can also be edited or deleted
New Risk Self-Serve View (SSV)
We’ve introduced a new Risk Self-Serve View (SSV) in 6clicks Analytics module to significantly enhance report performance. This upgrade addresses key user feedback, particularly related to slow report loading times in the old view. The new SSV offers a faster, more reliable reporting experience, and we recommend users transition to this view for optimal performance.
When creating a new report, search for 'Risk Details (Advanced Self-Service View) v2.0'
We’re committed to making this a seamless transition for you. If you have any questions or concerns, our support team is here to help.
We’re excited to share that the Assets register is getting a major upgrade! This update brings it in line with our Custom registers, unlocking more power, flexibility, and consistency across your 6clicks experience.
What’s Changing?
As part of this enhancement:
Assets will now have unique item IDs, enabling better traceability and future-proof referencing.
The Assets register will adopt the same UI, functionality, and import/export capabilities already available in our Custom registers.
We’ll be performing a data migration behind the scenes to transition your existing assets to the new format.
To align with the new permissions model used in other registers, register-level access members will be removed, while item-level permissions remain unchanged. User access will be preserved.
What you might need to do:
Review your data before the migration to ensure everything is up to date.
Back up important records if you’d like to retain a snapshot before the update.
Note we have tested and don't expect any issues with the go-live, but you can back up your data set via an export for added measure if you choose.
After the release, we recommend validating your asset data and settings to confirm everything is working as expected.
We’re committed to making this a seamless transition for you. If you have any questions or concerns, our support team is here to help.
Thanks,
Team 6clicks
We’ve rolled out a set of updates focused on improving data accuracy, assessment review process, and overall user experience. Here’s what’s new:
To prevent confusion and ensure data integrity, users can no longer create or rename a custom field with a name that already exists in the register—either as a default or custom field.
Attempting to create or rename a field with a duplicate or restricted name will now trigger this error: "A field with this name already exists as a custom or default 6clicks field. Please choose a different name."
Impact on imports: If duplicate field names already exist in a register, the import process will now fail due to conflicting header names. Users must resolve these conflicts before re-importing.
Existing duplicate fields are not automatically renamed. However, any rename attempt will be subject to the new uniqueness check.
We’ve added a new status option—Partially compliant—to the 'Compliance status' dropdown in QBA Assessments.
Users can now select, filter by, and report on this new status.
Indicators for this status appear in the UI when selected.
Dev API support is included, so you can programmatically access the "Partially compliant" status via integrations.
Analytics module supports the new compliance status: "Partially compliant" in QBA assessment reports
A new permission is available under General > My Tasks:
When enabled, users can view and action all project tasks assigned to them.
Linked data tab visibility depends on having the Projects & playbooks permission.
Existing users with Projects & playbooks permission are granted this new permission automatically.
We’ve made key updates to improve usability and performance:
Standarized layout for the Risk review side panel and Overview tab.
Optimized performance for the User Permissions dialog under the Administration area.
We've introduced several usability improvements and important bug fixes across our reporting and analytics capabilities.
Key updates:
Bug fixes including export to PDF for dashboards
Bar and column chart customisations - Added an option to configure the maximum bar width percentage or to specify an exact bar width in pixels for column and bar charts.
Custom icon sets in conditional formatting - Users can now create and use custom icons for conditional formatting.
Custom file name options on export - Users can choose a custom file name for any type of export, previously this was only available for PDF exports on Dashboards.
Report style customizations - Objects such as the Visible Series Selection and Date Slider Widgets can now have their appearance customised, thus can be customized to match the branding applied to the system.
Security improvements especially around login process.
We’ve introduced a new flow to ensure continuity when a user is deleted or deactivated. If the user being removed has items assigned to them, you’ll now be prompted to reassign those items to another active user on the team.
When deleting or deactivating a user, a "Delete/Deactivate user & reassign items" dialog will appear only if the user has items assigned to them.
The dialog displays:
The number of items currently assigned to the user
An option to reassign all items to another user
Admins can choose one of the following:
Delete/Deactivate user & reassign items: All items are reassigned to the selected user. An email is sent listing all reassigned items. A separate email is sent just to the Admin user confirming the delete and reassignment.
Only delete/deactivate user:
With delete, the user is removed, and their items are unassigned. An email with the list of updated items is sent to the Admin.
With deactivate, the user is deactivated. Items are still assigned to the deactivated user and can be used to filter content. No email is sent.
Cancel: No action is taken.
When deleting an advisor on a spoke, only items from that spoke are considered for reassignment, and only users/advisors from the same spoke can be selected.
When deleting a respondent (third-party user):
Only users from the same third party (or third parties, if the respondent is linked to multiple) are available for reassignment.
If no valid users are found for reassignment, the UI will display a message indicating this and reassignment option will be unavailable.
In an upcoming release, we will offer further automation of ownership reassignment, in particular to handle user deletion or de-activation that occurs via SCIM Provisioning and bulk operations. New button to reassign all items from one user to another, directly from the Users page.
This change improves governance and auditability by allowing better control over ownership of items when team members are removed. Guidance is available on this KB article.
We’ve launched two powerful updates to supercharge your risk management programs.
When marking Risk Treatment Plans (RTPs) as Completed, you can now automatically transfer controls and provisions from the RTP to the Controls & compliance tab of the associated risk — saving time and reducing manual work. You can also keep track of controls and provisions being transferred via the Risk History tab.
📙 Learn more in the updated knowledge base article
Your reporting just got smarter! The new Risk Dashboard, called Risk Dashboard (New), offers a dynamic, visual snapshot of your risk landscape:
Track trends in risk assessments, treatment plans, and risk ratings
Drill down by risk status, domain, workflow stage, and more
Understand risk posture at a glance with charts like the Risk Rating Radar, Risks by Domain, and Time to Due Date
Use filters across Risk, Assessment, and Treatment views to get the insights you need—fast.
💡 Available now under the Dashboards section in Reporting & Analytics
We are pleased to announce support for the SCIM 2.0 standard, allowing integration with Microsoft Entra ID and automated provisioning of users and groups.
New Developer API endpoints
New endpoints have been added for:
Getting responses to an assessment
Updating third party custom attributes
Combined with the Custom Workflow Builder, these endpoints allow for updating third party information based on their responses to an assessment.