We’re expanding automation capabilities in the Custom Workflow Builder with new event triggers and actions — enabling real-time orchestration across your risk workflows and integrations.
Real-time Event Triggers
You can now automate processes instantly when key events happen within the platform. All triggers fire in near real-time when the event occurs.
Available triggers include:
Risk created - Fires when a risk is created.
Risk updated - Triggers whenever any risk field is modified, capturing both previous and new values.
Risk owner changed - Fires on any ownership change — assignment, reassignment, or unassignment.
Risk workflow stage changed -Triggers on all workflow stage transitions.
Risk custom field changed - Available for individual custom fields and supports conditional downstream workflow configurations.
Risk assessment created - Fires within near real-time when a risk assessment is created.
Risk treatment plan created - Fires when a treatment plan is created..
Custom Workflow Builder Actions
You can now configure workflows to perform the following actions automatically:
Create Risk - Create new risks with full support for standard and custom fields.
Assign Risk Owner - Assign or reassign owners in bulk via a single API call.
Add Comment / Attachment - Attach comments or files to an existing risk from external processes.
Change Risk Stage - Move risks across workflow stages with validation enforced.
Update Risk - Partially update risk records, including custom fields, without impacting other data.
Create Risk Assessment - Create assessments linked to existing risks, including custom field support.
Update Risk Assessment - Update assessment data across Spoke tenants.
Custom Field Support for Register Items - Create and update assets, issues, and custom register records with full custom field support.
How to get started
To enable event triggers, contact us at support@6clicks.com and request activation of the Entity Change Event Publisher feature.
Please include:
Tenant name
Instance/environment
For more information, refer to the Custom workflow builder and Event Triggers knowledge base articles.
We have released better support for managing users who unsubscribe from emails.
Users can now unsubscribe and resubscribe to all email correspondence from within the Notification Settings inside the application.
On the user administration screen, administrators can see who is unsubscribed and resubscribe them if necessary
The problem where some mail server filters follow all links in an email and inadvertently cause the address to be unsubscribed has been mitigated.
We are pleased to announce that Arabic (Beta) is now supported within the 6clicks application.
You can enable Arabic in either of the following ways:
Update your browser language preferences (recommended).
Or go to My Settings in 6clicks and select Arabic.
The Knowledge Base also supports Arabic across many pages.
We will continue improving Arabic support, with Arabic translations for emails and Hailey AI coming soon.
Your assessments just got smarter.
With the enhanced Rule Builder, you can now create dynamic, compliance requirement-based assessments (RBAs) that automatically adapt based on context. Rules now actively guide how your fields behave — helping you streamline assessments, improve consistency, and reduce manual effort.
What’s New?
In addition to existing display conditions, you can now:
🔹 Automatically control field values - Use 'set value' Logic to set field values based on defined conditions, ensuring responses stay accurate and aligned.
🔹 Require evidence when it matters - Define exactly when evidence uploads are mandatory.
🔹 Make fields mandatory only when required - With 'Require response for', you can make specific fields compulsory when certain conditions are met.
How rules can be configured
Setting up rules is simple and structured:
Create rules directly in the Rules tab after setting up your custom fields.
Define conditions using requirement attributes or assessment fields.
Apply actions to assessment fields like compliance status or justification.
Need to make changes? Rules can be edited or deleted while in Draft status.
Rules automatically activate when your assessment moves to In Progress.
Viewing summary of rules at a glace under the rules tab
Guide users automatically. Reduce unnecessary work.
Head to the Assessments module to start creating intelligent assessments today!
This release improves the consistency and usability of how attachments are viewed across the application. The update makes it easier and more intuitive to preview, download, and manage attached files.
Consistent attachment preview behaviour
Clicking a supported file opens it in a new browser tab for online viewing
Ctrl+click or right-click → 'Open link in new tab' opens the file in a new tab while keeping the current tab active.
Supported file types for online preview
PDF files
Images (jpg, jpeg, png, gif, svg, webp)
Text files (.txt, .log)
New permission: Preview attachments
A new permission is added to: '[Register name] > Attachments' permission tree.
When granted, users can preview supported file types online.
This permission is enabled by default for users with attachments access.
Other minor updates
Third-party forms: When an item is created using a third-party form, the history log and the details page now clearly shows that the item was created via the form.
Two control responsibilities can have the same name under distinct control sets.
This release introduces endpoints and event triggers in the 6clicks Developer API, expanding integration capabilities across risks, assessments, and custom registers. These updates support automation, real-time workflows.
Custom field support for custom register items
Custom register items can be created and updated via the Developer API with support for custom fields. All updates follow existing workflow rules and validation logic.
Custom field change trigger (Create)
A new trigger is available when a specific custom field is created. This enables real-time automations based on data changes.
Risk assessment created trigger
A new trigger is available when a risk assessment is created. This supports automated workflows that respond immediately to assessment creation events.
Update risk assessment via API
Risk assessments can be updated through the Developer API to support automated assessment management. Partial updates are supported and subject to existing workflow and stage restrictions.
Update Risk
Risk records can be updated programmatically via the Developer API to keep data synchronized across systems. Updates respect workflow access rules and validation requirements.
Add comments and attachments
Comments and file attachments can be added to risks through the Developer API. This supports automated documentation and audit trail capture through integrations.
For more information and to learn more, go to Administration → Integrations → Developer API → API documentation.
This release introduces a set of practical enhancements across Control responsibilities, Register - comments, and Risk workflow. These updates focus on improving flexibility, consistency, and day-to-day usability while giving administrators greater control across the platform.
Control responsibilities can have the same name across control sets
Users can now create control responsibilities with the same name in different control sets.
To avoid confusion, we recommend using slight name variations, though this is no longer required.
Comments support for Custom Registers
All custom register items now support comments via a dedicated Comments tab.
Comment access is governed by permissions, giving admins control over visibility and usage.
Risk custom fields can be managed even when used in workflows
Risk admins can now edit custom fields even if they are used as entry or exit requirements in risk workflows.
The system automatically handles any cascading changes, removing the need to first remove fields from workflow requirements.
Improved history and status visibility for issues created via Issue forms
Issues created through forms now display consistent created by details and history log entries, aligned with risk forms.
This release includes a set of targeted improvements across notifications, assessments, Hub & Spoke visibility, and custom registers. These updates focus on improving configurability, governance, and usability while giving admins more control and flexibility across the platform.
Responsibility due date reminder notifications now include additional configurable variables, allowing admins to tailor email content with the information they need.
Configure it in : Administration > Notifications > 'Responsibility - Due date reminder'
Assessment-only (AO) spokes now support archiving and deleting Authority from Compliance module.
Hub: Spoke history tracking has been enhanced to record advisor changes:
An entry is now added to the history tab when an advisor is added to or removed from a spoke.
Assessments now support an option to make looped questions as mandatory in question-based assessments (QBA).
User-type custom field for custom registers allows admins to reference users and user groups directly in register items:
Can be shown as a column on the register page.
Supports filtering and bulk updates.
Available across import/export, DevAPI, and Analytics.
For more information, head to KB Article
The following additional data is now available for use in PowerBI via the PowerBI connector:
Assessments:
Template
Control Sets
Authority
Risks
Project Tasks
Custom Register Items
Respondent
Third Parties:
Assets
Risks
Issues
Assessments
RiskTreatmentPlans:
User Assignees
Group Assignees
Custom Registers:
Description
Entity Type
Register Record Label
Register Record Label Plural
We’ve introduced new permissions to give admins finer control over attachments and comments, along with an improved forms experience across the risks, issues, and third-party modules.
Forms: Cleaner display and improved usability
The form URL can now be copied on the clipboard by clicking the copy button
A new open in new tab option is available to quickly launch the form in a new browser tab
These enhancements apply to forms in: Risks, Issues and Third-Party.
Risks: Separate permissions for 'Comments' and 'Attachments'
A new permission tree Risks > Comments allows users to view comments
If not granted, the comments tab is hidden.
A new sub-permission Add comments allows posting new comments.
For existing users, this permission is granted by default to users with Edit risks to maintain existing access.
Import behaviour: if the user lacks the required comments permission, the import fails with an error.
A new permission tree Risks > attachments allows users to view attached files
When not granted, the attachments tab is hidden.
New granular permissions include:
Download attachments
Upload attachments
Delete attachments
For existing users, this permission is granted by default to users with Edit risks to maintain existing access.
Risk treatments: new permission for 'Comments'
A new permission tree Risk treatments > Comments allows users to view comments on risk treatments
When not granted, the comments tab is hidden
A new sub-permission Risk treatments > Comments > Add comments allows users to add comments.
For existing users, this permission is granted by default to users with Risk treatments to maintain existing access.
Custom registers: new permission set 'Attachments'
A new permission tree Attachments is now available under each custom register
When not granted, users cannot view the attachments tab for that custom register
When only the main permission is granted, users can view uploaded files and their details.
New granular permissions include:
Download attachments – allows downloading files.
Upload attachments – allows uploading new files.
Delete attachments – allows deleting existing files.
For existing users, this permission is granted by default to users with <register name> → Edit permission to maintain existing access.
Administrators can grant these permissions to any user or role.
We have released some improvements and additional configuration options for the 6clicks login experience.
When accessing 6clicks via a notification email, the login experienced has been streamlined. Most users should now have their email address and team prepopulated.
For those customers using SSO, you can now map multiple spokes to the same IdP application. From a security and flexibility perspective, we still recommend separate applications for each spoke, however in some circumstances the usability of a single application may be preferable. Please read more about this option on our Knowledge Base.
We’ve introduced new permissions to give admins finer control over workflow transitions and task visibility across risks and custom registers.
Workflow stage transition (new permission)
A new permission called “Workflow stage transition” is now available Risks & all other registers under:
Risk / Edit risks
<register-name> / Edit
When granted:
Users can view and change the workflow stage of any item in the register.
Users can bulk-update workflow stages.
When not granted:
Users can view the workflow stage of an item.
Users cannot update workflow stages.
Bulk updates of workflow stages are not allowed.
Tasks (new permission tree)
Each custom register now includes a “Tasks” permission tree under <custom register name>.
Granting Tasks allows users to view all tasks linked to an item but not create, edit or delete them.
Additional permissions under Tasks:
Create – allows creating new tasks; when not granted, the create button and Hailey button are hidden.
Edit – allows editing tasks; when not granted, users cannot edit any task.
Delete – allows deleting tasks; when not granted, the delete option is hidden.
We’re excited to announce that the latest PCI DSS 4.0.1 content is now available in the 6clicks Content Library, bringing a more streamlined and ready-to-use experience for your compliance assessments.
What this means for you
Pre-configured Content: The PCI DSS 4.0.1 release includes the Authority and a complete Assessment template setup.
Ready-to-Use Assessments: Assessment templates come with pre-set fields, rules, and the RoC (Report on Compliance) template, so you can start right away.
Simplified Compliance Workflow: Quickly respond to assessments and generate reports with minimal setup.
Time efficiency: Generate the entire ‘Findings and Observations section’ in seconds and not in days, accelerating your reporting process.
This update makes it easier than ever to manage PCI DSS compliance—consistent, efficient, and ready to go. Head to the Content library to explore the PCI DSS 4.0.1 content
We’ve introduced new capabilities to make it easier for Hub users to distribute and maintain Control Sets across spokes in your Hub & Spoke environment.
What’s new?
Smarter update handling: When pushing control sets to multiple spokes, the system now automatically determines whether each spoke should receive a new control set or an update to an existing one.
‘Update existing’ option:
Existing control sets in spokes can now be updated instead of always being recreated
Linkages (e.g., to risks or tasks) are retained, ensuring continuity of related data
If a spoke doesn’t already have the control set, it’s created there automatically
Safe update logic:
If a Control ID changes → the old control is deleted, and a new one is created (linkages not retained).
If a Responsibility name changes → the old responsibility and its tasks are deleted and recreated (linkages not retained).
This enhancement reduces duplication and data loss when maintaining shared control sets across spokes — making Hub-driven updates more reliable and efficient. Read more here - KB Article.
Key Improvements
We’re updating the Risk Details (Advanced Self-Service View) to improve performance, scalability, and data accessibility across the Analytics module.
The new version will enable users to:
✅ Experience faster query and load times
✅ Build more dynamic and accurate self-service reports
Once deployed, customers will be able to create new reports using the updated SSV, while the old SSV will be decommissioned.
Reports previously built on the old SSV will continue to work but will no longer be editable.
What You Might Need to Do
Review any existing Risk Details reports that rely on the old SSV.
If you need to make edits or build new versions, plan to recreate them using the new SSV after deployment.
Otherwise, no immediate action is required — your current reports will remain accessible and functional.
Deployment Schedule
📅 Target Deployment Date: November 18, 2025
This update is part of our ongoing improvements to the Analytics module to enhance speed, reliability, and data depth.Stay tuned for further updates as we continue optimizing the reporting experience across modules.