From the Users list, ability to select multiple users and delete all at once. Currently, users can only be deleted one-by-one.

Create QBA based on authority/control sets. Option to create question per provision/control or per short text custom field for large authorities (i.e. category)

Suggests controls from any control sets to link

Have the ability to limit the users what they could view in analytics.
For instance, if I don’t want all users to see all the risks and issues if they generate a report, it would be great for users to be able to see only the risks/ issues that they are allowed to see.
Currently, I am denying analytics for all users except administrators. But would highly appreciate to have this functioning as above.

Just as the integration with Jira for action tracking, integrating control responsibilities into Jira would provide similar benefits in terms of efficiency and visibility.

Can we move Custom Fields to sit between default fields, as per customer requirements?

Right now, all custom fields sit below default fields.

Currently it is either long text or dropdown.

Currently, a user needs to select the 'star' against specific risk assessment in the Risk Assessment tab, so its risk rating is reflected/displayed in the risk summary. This is an issue because if another current risk assessment is completed, the risk rating is not showing the updated information. If no star was selected, then it is possible that the target risk rating is displayed since the default setting is on showing the latest risk rating and user will misinterpret the information from the risk summary. It would be better if there is the ability to select the specific type of assessment so it will always show the latest assessment outcome against the assessment type.

Have the ability to apply rules to fields (such as mandatory fields - not empty) that are configured at Spoke level to further enhance field requirements when required.

Currently adding control sets function cannot be turned off/disabled. This is an issue for the risk's information integrity because when a risk is inactive, all risk information should become a record, and no further edits can be made to the record until it is reactivated.

Currently create treatment plan function cannot be turned off/disabled. This is an issue for the risk's information integrity because when a risk is inactive, all risk information should become a record, and no further edits can be made to the record until it is reactivated.

The ability to export User role permissions for "As Built" type documentation would be really handy.

It would also be really handy for a function that would copy a permission set from another role.

e.g. You want a User and a Test user role. It would be handy when creating a test user role to be able to copy all the settings instantly from a user to be able to play. Also, using the above Export function, maybe an import function to be able to use the same permissions sets through different spokes

I like the ability for Hailey to suggest issues based on assessment results but can this be extended to actions as well?

An approval process or permission against task due dates in the system. Meaning, a “normal” user shouldn’t be able to modify due dates. Ideally, they can still edit other fields but can't modify the due date without an approval or the right permissions.

Integrate with Orca Security for CCM capabilities

Attachment requirement on a response-by-response basis. i.e. if response = “No”, require attachment upload

“Download all” option to zip for evidence/attachments for an assessment. Ideally in a domain folder structure with reference to the question ID in the attachment name

Ability to log back and forth on a question-by-question basis during the review cycle. Meaning, reviewer marks a question as needing more information or similar and that comment along with the question gets pushed back to the respondent for revision. This would replace (augment?) the reopen or reassess capability today.

Important that the audit trail is supported on a question by question basis to log the feedback, noting it could be multiple iterations on one question.

Reviewer overriding a response: Along with the above, there is often a need for a reviewer to “override” a response during the review process. The business case is, if the respondent submits a Level 3 maturity, for example, and provides evidence but the reviewer deems that the evidence supports only a Level 1 maturity, customers want to be able to override that response with their reviewer comments.

Is it possible to enable text wrapping for the Risk Register? Currently, I need to click on each risk to view the full text, which is inconvenient during Committee sessions

I want to classify the risks by rating, with the most critical ones always appearing in the first row and staying fixed. However, every time I make a change to a risk, that risk automatically moves to the first row. How can I ensure that only the most critical risks stay in the top row without other risks shifting when edited?

To consider this in the new API dev

Scope:

• When an advisor is added to a spoke, they will no longer be required to click the email link to accept the invite.

Ability to automate the assignment of users to groups through the IdP.

Currently the actions cannot be arranged in case there are multiple steps in the treatment plan as attached.