Redesigned the risk assessment experience with an improved workflow, enhanced form field inputs, clearer explanations of assessment logic, and expanded page layout for better usability.

We’re excited to share that we've upgraded the Assets register to bring it in line with our Custom registers, and have introduced the new Risk Self-Serve View (SSV).

Assets register upgrade

• Assets now have unique item IDs, enabling better traceability and future-proof referencing.

• The Assets register has adopted the same UI, functionality, and import/export capabilities already available in our Custom registers.

• We’ve performed a data migration behind the scenes to transition the existing assets to the new format.

• To align with the new permissions model used in other registers, register-level access members have been removed, while item-level permissions remain unchanged. User access has been preserved.

• The 'Type' field is now managed under Assets custom attributes, replacing the previous 'Asset Type' section in Administration > Custom Data

  • Admins can enable, disable, or delete the field

  • Individual 'Type' options can also be edited or deleted

New Risk Self-Serve View (SSV)

We’ve introduced a new Risk Self-Serve View (SSV) in 6clicks Analytics module to significantly enhance report performance. This upgrade addresses key user feedback, particularly related to slow report loading times in the old view. The new SSV offers a faster, more reliable reporting experience, and we recommend users transition to this view for optimal performance.

When creating a new report, search for 'Risk Details (Advanced Self-Service View) v2.0'

We’re committed to making this a seamless transition for you. If you have any questions or concerns, our support team is here to help.

We’re excited to share that the Assets register is getting a major upgrade! This update brings it in line with our Custom registers, unlocking more power, flexibility, and consistency across your 6clicks experience.

What’s Changing?

As part of this enhancement:

• Assets will now have unique item IDs, enabling better traceability and future-proof referencing.

• The Assets register will adopt the same UI, functionality, and import/export capabilities already available in our Custom registers.

• We’ll be performing a data migration behind the scenes to transition your existing assets to the new format.

• To align with the new permissions model used in other registers, register-level access members will be removed, while item-level permissions remain unchanged. User access will be preserved.

What you might need to do:

• Review your data before the migration to ensure everything is up to date.

• Back up important records if you’d like to retain a snapshot before the update.

  • Note we have tested and don't expect any issues with the go-live, but you can back up your data set via an export for added measure if you choose.

• After the release, we recommend validating your asset data and settings to confirm everything is working as expected.

🚀 We are targeting a go-live date of 15-16 May 2025, depending on the time zone.

We’re committed to making this a seamless transition for you. If you have any questions or concerns, our support team is here to help.

Thanks,

Team 6clicks

We’ve rolled out a set of updates focused on improving data accuracy, assessment review process, and overall user experience. Here’s what’s new:

1. Improved validation for custom field names in registers

To prevent confusion and ensure data integrity, users can no longer create or rename a custom field with a name that already exists in the register—either as a default or custom field.

• Attempting to create or rename a field with a duplicate or restricted name will now trigger this error: "A field with this name already exists as a custom or default 6clicks field. Please choose a different name."

• Impact on imports: If duplicate field names already exist in a register, the import process will now fail due to conflicting header names. Users must resolve these conflicts before re-importing.

• Existing duplicate fields are not automatically renamed. However, any rename attempt will be subject to the new uniqueness check.

2. New ‘Partially compliant’ status in QBA assessments

We’ve added a new status option—Partially compliant—to the 'Compliance status' dropdown in QBA Assessments.

• Users can now select, filter by, and report on this new status.

• Indicators for this status appear in the UI when selected.

• Dev API support is included, so you can programmatically access the "Partially compliant" status via integrations.

• Analytics module supports the new compliance status: "Partially compliant" in QBA assessment reports

3. New permission: 'Projects & playbook task'

A new permission is available under General > My Tasks:

• When enabled, users can view and action all project tasks assigned to them.

• Linked data tab visibility depends on having the Projects & playbooks permission.

• Existing users with Projects & playbooks permission are granted this new permission automatically.

4. UI and performance improvements

We’ve made key updates to improve usability and performance:

• Standarized layout for the Risk review side panel and Overview tab.

• Optimized performance for the User Permissions dialog under the Administration area.

We've introduced several usability improvements and important bug fixes across our reporting and analytics capabilities.

Key updates:

• Bug fixes including export to PDF for dashboards

• Bar and column chart customisations - Added an option to configure the maximum bar width percentage or to specify an exact bar width in pixels for column and bar charts.

• Custom icon sets in conditional formatting - Users can now create and use custom icons for conditional formatting.

• Custom file name options on export - Users can choose a custom file name for any type of export, previously this was only available for PDF exports on Dashboards.

• Report style customizations - Objects such as the Visible Series Selection and Date Slider Widgets can now have their appearance customised, thus can be customized to match the branding applied to the system.

• Security improvements especially around login process.

We’ve introduced a new flow to ensure continuity when a user is deleted or deactivated. If the user being removed has items assigned to them, you’ll now be prompted to reassign those items to another active user on the team.

What’s new?

• When deleting or deactivating a user, a "Delete/Deactivate user & reassign items" dialog will appear only if the user has items assigned to them.

• The dialog displays:

  • The number of items currently assigned to the user

  • An option to reassign all items to another user

• Admins can choose one of the following:

  • Delete/Deactivate user & reassign items: All items are reassigned to the selected user. An email is sent listing all reassigned items. A separate email is sent just to the Admin user confirming the delete and reassignment.

  • Only delete/deactivate user:

    • With delete, the user is removed, and their items are unassigned. An email with the list of updated items is sent to the Admin.

    • With deactivate, the user is deactivated. Items are still assigned to the deactivated user and can be used to filter content. No email is sent.

  • Cancel: No action is taken.

Context-aware reassignment

• When deleting an advisor on a spoke, only items from that spoke are considered for reassignment, and only users/advisors from the same spoke can be selected.

• When deleting a respondent (third-party user):

  • Only users from the same third party (or third parties, if the respondent is linked to multiple) are available for reassignment.

  • If no valid users are found for reassignment, the UI will display a message indicating this and reassignment option will be unavailable.

Upcoming ➡️

In an upcoming release, we will offer further automation of ownership reassignment, in particular to handle user deletion or de-activation that occurs via SCIM Provisioning and bulk operations. New button to reassign all items from one user to another, directly from the Users page.

This change improves governance and auditability by allowing better control over ownership of items when team members are removed. Guidance is available on this KB article.

We’ve launched two powerful updates to supercharge your risk management programs.

Automated RTP workflow

When marking Risk Treatment Plans (RTPs) as Completed, you can now automatically transfer controls and provisions from the RTP to the Controls & compliance tab of the associated risk — saving time and reducing manual work. You can also keep track of controls and provisions being transferred via the Risk History tab.

📙 Learn more in the updated knowledge base article

New risk dashboard

Your reporting just got smarter! The new Risk Dashboard, called Risk Dashboard (New), offers a dynamic, visual snapshot of your risk landscape:

• Track trends in risk assessments, treatment plans, and risk ratings

• Drill down by risk status, domain, workflow stage, and more

• Understand risk posture at a glance with charts like the Risk Rating Radar, Risks by Domain, and Time to Due Date

Use filters across Risk, Assessment, and Treatment views to get the insights you need—fast.

💡 Available now under the Dashboards section in Reporting & Analytics

We are pleased to announce support for the SCIM 2.0 standard, allowing integration with Microsoft Entra ID and automated provisioning of users and groups.

Read more about it here.

New Developer API endpoints

New endpoints have been added for:

1. Getting responses to an assessment

2. Updating third party custom attributes

Combined with the Custom Workflow Builder, these endpoints allow for updating third party information based on their responses to an assessment.

We've merged 'Free text' and 'Rich text' fields types into 'Long text', ensuring consistency across registers while preserving all data.

While creating a new custom field

Viewing the custom field's data in the register's details page

We are dedicated to refining our Reporting and Analytics module with key updates, including REST API improvements, better report formatting and charting, multi-language dashboard support, and critical security updates.

Key updates

• REST API Enhancements: New endpoints for retrieving content, dashboards, presentations and themes. User endpoint updated for easier profile and language preference management. Introduced Integration API utility for accessing user data securely.

• Report Builder upgrades: Drag-and-drop column reordering, calculated totals, and enhanced charting capabilities. Fixed filter issues, report formatting errors, and improved conditional formatting. Optimized file export formatting.

• Dashboard improvements: Multi-language support, improved folder access management and better localization.

• Infrastructure and security enhancements: Updated Apache Commons libraries and Apache Tomcat that has addressed the security vulnerability CVE-2024-50379

We've introduced a streamlined import process for custom registers, making it easier to bulk upload data while ensuring accuracy and consistency.

Import template

• Users can download the import template from the Import dialog.

• The template includes all default and custom fields relevant to the register.

Import process

• The import process is designed to support bulk data entry while ensuring data integrity and validation.

• Fields

  • If an unrecognized field is present in the file, the import fails with an "invalid field" error.

  • Required fields must be provided, and any missing or empty mandatory fields will result in import failure.

  • The system supports flexible column order, allowing data to be added or updated seamlessly across various field types, including text, numbers, dropdowns, and dates.

  • Additionally, system-generated fields, such as user and timestamp details, are automatically assigned to maintain accurate record-keeping.

• Atomic import process: If the import fails for any reason, no changes are made to the system.

These improvements ensure a more intuitive and error-proof import experience for managing custom register data. For detailed information, please visit Knowledge base: Importing register items

Simplified advisor assignment & automation with user groups

We've introduced new capabilities to simplify advisor assignments, improve access management, and enhance the user experience for Hub users. With these updates, assigning and managing advisors for spokes is now more efficient and intuitive.

Instant advisor assignments

• Hub users assigned as advisors to a spoke now gain access instantly.

• In-app and email notifications are sent to inform users when they are assigned as advisors.

• When an advisor is removed from a spoke, their access is revoked immediately.

Efficient group-based advisor assignments

• Assign spokes (one or more) to user groups

  • This would automatically grant all group members advisor access for assigned spokes.

• When users are added or removed from a group, their advisor access to the assigned spokes is updated accordingly.

Refreshed UI for managing groups

• A redesigned interface makes it easier to create, manage, and assign groups within the platform.

Check out our knowledge base for more in-depth information

• User groups

• Providing advisor access for spokes

Groups synchronization during just-in-time provisioning

For customers using SSO and taking advantage of just-in-time (JIT) provisioning, you can now synchronize your IdP's groups with 6clicks groups. The capability works in a similar manner to IdP group to 6clicks role synchronization, with the ability to use a convention-based mapping or an explicit mapping.

We are currently putting the finishing touches on our new SCIM provisioning support, with a view to releasing it by the end of March 2025. In tandem with the new JIT capability, this will great simplify user management for complex organizations. Read more here.

Improvements to MFA

We have made two changes to the email-based multi-factor authentication, following advice from our penetration tests. Both changes allow for an improved user experience without compromising security.

• Firstly, we have extended the timeout for entering an emailed PIN to 5 minutes.

• Secondly, for customers who have email-based MFA enabled for both "Seeing a list of teams associated with an account" and "Logging in after submitting a password", only the first PIN is required, removing the need to double-enter PINs.

Note that these changes do not affect users with SSO or two-factor authentication apps (such as Google Authenticator) enabled. We are continuing to work towards improving the experience for these users.

The export capability for registers has been enhanced, allowing users to quickly extract and analyze register data. This update enables exporting register items, including standard and custom fields, in an Excel (.xlsx) format.

What's new?

• A new Export option is now available under the More menu.

• Users can choose between:

  • Export (Selected fields) – Export only selected fields on the registers page.

  • Export (All fields) – Export all standard and custom fields.

• Upon selection, users will be prompted to save the .xlsx file.

Known issues

• Exporting after bulk-updating stage fields using stage tabs may result in incorrect data.

We’re continuously improving this functionality and will address the known issue in a future update. Let us know your feedback as we refine the import experience in a couple of weeks! 🚀

We’ve introduced a powerful Custom Workflow Builder, giving you full control over how items progress through different stages. This update allows you to define custom workflow stages, transitions, and permissions, ensuring workflows align with your organization's specific processes.

Key capabilities

• Custom workflow stages – Define unique workflow stages tailored to your needs.

• Transition rules & permissions – Control how items move between stages and who can transition them.

• Automated actions – Configure automatic updates and notifications upon stage transitions.

• Visual workflow editor – Easily design and manage workflows with an intuitive interface.

These enhancements bring greater flexibility and governance to workflow management, allowing teams to tailor processes to their unique requirements.

Developer API Improvements

To coincide with the release of the upgraded Custom Registers module and Custom Workflow Builder, we have added new endpoints to the Developer API.

• Risk History is now available. Query across multiple risks at a time, and integrate with Workato to build triggers when data changes.

• New endpoints, accessible under the /registers-api/1.1/ namespace are now available for working with Custom Registers and their Tasks. Please note that Issues and Incidents is now considered part of the Custom Register system and data can be retrieved through the /registers-api/1.1/ endpoints. The older /issues-api/ endpoints will continue to function but will be deprecated in subsequent API versions.

• A number of minor bug fixes and improvements to documentation have been released

We've introduced a significant update to standardize and enhance the functionality of all registers, including default and custom registers. This update ensures a seamless, intuitive experience across all the registers.

Key enhancements:

• Custom columns – Configure and manage columns to tailor register views.

• Sorting, filtering & bulk updates – Easily organize, refine, and update multiple items at once.

• Item linking – Link register items to related records for better traceability.

• Register-level permissions – Define who can access and manage each register.

• Item-level access control – Grant specific users or groups access to individual register items.

• Tasks & notifications – Assign tasks within registers and receive custom notifications.

• Custom workflow stages & transitions – Define workflows that match your organization's processes.

• Custom fields support – Extend item details with custom fields.

• New UI experience – A modern interface for improved user experience.

• Unique IDs per register – Auto-generated unique identifiers for each register item.

• Settings & configuration – Customize item names, colors, icons, and enable/disable features per register.

• Dev API support – Integrate register data seamlessly with external systems.

• Self-service reports – Generate and view reports directly within the platform.

What has changed?

To align with these new features, a few changes have been introduced:

• Issue actions are now called Tasks.

• All custom register items will now have unique IDs for better tracking and organization.

• IDs have been updated for:

  • Issues & Incidents

    • Old Issues & Incidents IDs will be made accessible via a custom field.

    • URLs using the old IDs will still direct to the Issue & Incident.

  • Issue & Incident Tasks (previously Issue Actions).

These enhancements bring greater consistency, control, and flexibility across all registers, ensuring a seamless user experience. We're also working towards bringing the Assets register to full parity with these capabilities and aim to complete this within the quarter. Your feedback is invaluable as we continue to refine and enhance the platform—let us know your thoughts!

Read more about Custom registers here!