This week we've released an enhancement to our evidence gathering and presentation capabilities. Previously, during a Requirement-Based Assessment (RBA) on an Authority (compliance framework), we displayed 'Responsibilities' information associated with controls linked to Authority provisions.
With this update, we now also display all assessments conducted on a control. These assessments, particularly question-based ones used for evidence collection, will now be accessible to inform an aggregate picture against compliance requirements in an RBA.
Other changes in this release included -
Ability to filter the questions by one or more user-groups using the 'Assigned to' filter (Assessment task)
Bug fixes
We’re excited to announce the release of configurable dashboards in 6clicks, a powerful new feature providing personalized, data-driven insights of your GRC landscape.
Key capabilities include:
Customizable layouts: Choose from several different layouts, including a full-screen option, to suit your preferences.
Role-based insights: Tailor your dashboards to your specific role, such as compliance managers, risk officers, and executives.
Dynamic widgets: Add and customize widgets, including 6clicks charts, Power BI reports, text content, and Hailey Assist, to create the dashboard that fits your needs.
Real-time filtering: Filter data by statuses (e.g., open risks, completed audits) and time ranges to focus on critical information.
Admin controls: Administrators can create and enforce standardized dashboards across the organization to ensure consistent reporting and alignment.
This update empowers users with flexibility while ensuring enterprises maintain control over data visibility and governance. Start customizing your dashboard today to gain deeper insights into your GRC landscape!
For more details, check out the Dashboard knowledge base article.
We’ve introduced the ability to assign user groups to question-based assessments, enhancing collaboration and efficiency.
User groups can be added from the Respondents tab
Clear prompts handle overlapping invitations, ensuring seamless group or individual assignment.
Additionally, exported responses now include assigned user groups for improved tracking and reporting.
A number of updates and bug fixes have been released for our Developer API and Power BI connector. These changes appear automatically on the existing endpoints and you do not need to update your Power BI connector.
Custom fields are now returned for risks, issues, and third parties.
Bug fix: foreign-key fields marked as nullable in the schema now return null instead of nil-uuids (00000000-0000-0000-0000-000000000000) when a value is not present
In addition to the API improvements, the browser page titles displayed in the web application have now changed to include the full page title in all cases.
We've released a new administration module for customizing system notifications.
This includes the ability to:
Customize email subject and body templates using dynamic templates
Disable/enable emails and in-app notifications
Customize the cadences at which reminder emails are sent, both before and after a due date
Find out more at Custom Notifications.
We’ve updated permissions to improve task management and clarity around Risk Treatment Plan (RTP) access along with introducing a new setting in the Administration area
Permissions
My tasks
Users with this permission can access the "My Tasks" menu for streamlined task management
My tasks > Risk treatment plan
This permission enables users to view and respond to all RTPs assigned to them
Linked data within RTPs (e.g., Risks, Controls) is displayed based on each user’s permissions for greater data security and relevance
New custom email address settings
Admins can now set a custom email address directly within 'Administration > Settings > Customization' tab
At the Hub level, this settings allows the custom email to be set as the default for all spokes. Spokes with their own specified email will override the Hub default.
We are excited to introduce a powerful new update to the Issues module: Issue Workflow. This enhancement brings greater flexibility and control to how you manage and track issues across your organization.
Key Highlights:
Create and define custom workflows: You can now build and tailor workflows to meet your specific issue management needs. Define unique stages and transitions that fit your processes.
Transition issues through stages: Seamlessly move issues through stages such as New, Triage, In Progress, and Completed for enhanced tracking and visibility.
Customizable transitions: Configure how issues transition from one stage to another, ensuring alignment with your organization’s processes and workflows.
Organize workflow stages: Easily organize, edit, and reorder stages, giving you full control over the complexity and order of your issue manageme: If you’ve used our Risk workflows, you’ll find the new Issue Workflow setup familiar and easy to configure.
To learn more, please refer to the following 6clicks knowledge articles:
We’re excited to announce two major enhancements to Hailey AI, designed to further improve risk identification and compliance mapping efficiency.
Risk and issue generation from assessment responses: Hailey AI can now help you identify, draft, and categorize risks and issues from both questionnaire-based and requirement-based assessment responses. This feature links risks, issues and third-parties to assessment responses, offering automatic suggestions and improving efficiency.
Enhanced compliance mapping: The compliance mapping feature has been overhauled for faster and more precise authority-to-control and authority-to-authority mappings. The update also includes an improved user experience with better feedback and visibility during the mapping process.
Plus, automatic deactivation of aged accounts: The Max days of user inactivity before deactivating setting is now available for administrators to automatically deactivate a user who has not logged in for a specified period of time. For full setup information, refer to the Security administration knowledge article.
We are excited to announce the inclusion of Microsoft Defender for Cloud in 6clicks' suite of Continuous Control Monitoring (CCM) integrations. With this powerful addition, users can enhance their cloud security posture by leveraging automated control tests and real-time monitoring.
Key updates include:
Integration with Microsoft Defender for Cloud: Users can now automate control tests with Microsoft Defender for Cloud to continuously monitor cloud-native applications and identify potential security issues.
Automated recommendations: Gain instant, actionable recommendations from Microsoft Defender for Cloud to remediate control test failures and strengthen security compliance.
Streamlined evidence collection: Automatically log test results and remedial actions, simplifying compliance documentation and issue tracking.
Enhanced visibility: Access comprehensive insights into your security posture with 6clicks’ reporting, including detailed test results and Microsoft Defender for Cloud’s recommendations.
Automatic test polling: Trigger polling of test results for all auto-monitored controls and receive notifications when new results are logged.
To learn more, please see our announcement blog for a full feature overview, and our knowledge base article for setup instructions.
We’re pleased to announce several new updates, including the release of risk relationships, along with additional enhancements to Hailey Assist and Issue registers.
Risk relationships
Risk relationships enable you to define and visualize how individual risks relate to each other, providing enhanced visibility into your risk environment to improve decision-making and strategic planning. Key capabilities include:
A newly designed linked data side panel in risk details, creating a more friendly and streamlined user experience when linking data to risks.
The ability to link risks to one another, including a new link risk modal that visually depicts the relationship as you’re linking.
Three types of relationships between risks: parent, child, and related. The risk register includes three corresponding columns for these linked risks.
Reporting on risk relationships within 6clicks' native reporting module and via Power BI.
Access to risk relationships through the Developer API.
To learn more about risk relationships, check out the blog here and the knowledge base article here.
Additional enhancements
Hailey Assist search: Additional search results have been added along with the main response, helping you find other relevant information quickly and efficiently.
Issue register bulk updates: Users can now select multiple issues and update fields such as Description, Due Date, Issue Owner, and custom fields in one streamlined action.
Our latest update has just been released, including a layout refresh for Risk overview page, and a host of improvements to our Developer API:
Added support for custom attributes.
Removal of redundant fields in the Issues API.
Improved consistency between the UI and API behaviour.
Introduction of a new API for associating risk treatment plans.
Improved CCM test and responsibility linkages via the API.
These updates ensure a more reliable and consistent experiences for developers and users working with 6clicks.
We’ve made the following improvements to the 6clicks platform:
Added filters, custom fields, and values to the "Performance distribution (control tests)" report for better customization.
Removed inactive tenants from the Team Name dropdown at login.
Removed the rate limit on the login OTP endpoint when no SMS is sent.
Enabled sharing of reports via email in the Analytics module. Learn more via this article.
These changes aim to improve your user experience and streamline platform functionality.
We've enhanced the management of linkages between external compliance requirements and controls in 6clicks. Now, when a new version of a framework, standard, or regulation is downloaded, your existing controls are automatically linked.
Key improvements include:
Automatic updates: Control linkages are updated to reflect new versions of your external compliance requirements.
Enhanced visibility: Linkages are shown in control linked-data sections and within RBA assessment tabs.
Background processing: New versions of your external compliance requirements are processed in the background when downloaded, with user notifications upon completion.
Deletion handling: Deleting a linked framework, standard, or regulation removes associated linkages, maintaining data integrity.
These improvements ensure continuous, up-to-date compliance without any disruptions to your control mappings.
We are proud to announce our new control testing feature, designed to enhance your ability to monitor and document the performance of your controls. This capability simplifies the process of ensuring that your controls are functioning correctly, allowing you to quickly identify and address any issues.
Key features:
Create and manage control tests: Easily set up tests to check if your controls are working as intended. These tests will help maintain oversight of control effectiveness.
Link tests across controls: Avoid duplication by linking a single test to multiple controls where applicable, streamlining your testing process.
Record pass/fail results: Log the outcomes of your tests, with each result automatically recorded and displayed in your control set, providing a clear view of control performance.
Access past test results: Review and manage historical test outcomes, ensuring you have a comprehensive log of control effectiveness over time.
Link responsibilities to tests: Associate specific responsibilities and tasks with tests to provide a nuanced view of control effectiveness, even when tasks are completed but controls fail.
Insights tab: Visualize test coverage and success rates, offering a clear, graphical summary of control performance.
New linked data view: Access linked data in published mode via intuitive icon tiles, improving navigation and usability.
Control testing reports: Three new control testing reports are now available in our Analytics module, providing advanced insights into test results and trends.
Developer API: New API endpoints are available to integrate control testing functionality with your existing systems and workflows.
For detailed instructions on utilizing these features, please refer to the 6clicks knowledge base.
Here's a summary of the latest update to 6clicks, including our new login experience and updates to the Developer API:
Enhancements:
Improved login experience with a cleaner, refereshed design and streamlined workflow.
MFA and SSO admin configuration enhancements.
Developer API changes:
Creation functionality has been extended to all modules.
Full Tag support is now available across all modules.
Requirement-based Assessment support has been introduced.
Users can now create assessments directly from templates.
Detailed control responsibilities information.
The full API catalog is accessible under the Integrations > Developer API menu.
Fixes:
API calls now follow application validation logic, ensuring items are not created or updated into invalid states.