When in a project template, it would be useful to be able to link where in the system to complete the activity ie at the moment the workaround is to paste the URL into the description field. I would like to be able to link directly to the task when setting up the plan and delegating tasks to users.
IS18 requires people to submit an excel spreadsheet along with supporting documentation. It would be great if we could use the data from a completed assessment to pull into a pixel perfect excel report through the report generator. Currently this can only be done with a word document.
Risk attributes and workflows can be centrally defined via the HUB. However, the 'Treatment Decision' which is part of risk management is configured for each Spoke/Spoke template. For consistency, move this attribute configuration to the HUB.
Currently when you try to set up dropdown/multi-drop lists you'd need to add everything manually )(i.e. typing or copy/paste). I hope there could be a way to just upload the selection list. Would also help if it can be sorted alphabetically too
In the Asset Register set up, I can add custom data fields but it only displays in the order how you entered them. I hope there's an ability to sort/re-order the fields similar to the risk module
I'd like to be able to define user access based on tags. For example, John can see only items that have been tagged as 'Finance' and 'Legal'. But he is not able to see any other items.
I want to be able to export and import a list of TAGs in the HUB, Spokes and Spoke templates. Just additional option via Custom Data/Tag Management
Currently, the default roles and the default role option are hard-coded into the tool/spoke template and they cannot be removed. I'd like to be able to remove these roles in the HUB, Spokes and spoke template.
Ability to set up an assessment to be automatically sent based on the score of a completed assessment.
Ability to identify and re-subscribe users who have unsubscribed from notifications, since notification are one-size-fits-all.
Upload the actual pentest results/reports to assessments to better leverage or add context to incidents/issues created as a result (not simply attach to trust portal)
During a RBA response, it would be helpful to be able to add an issue that has already been published in an issue library without needing to create the automation process in the assessment template. It only allows you to create a whole new issue or link existing issues that were created already for the client. It would be great to have the feature of searching the libraries and adding issues that are published be included in the response section of an assessment exactly like how the functionality is offered in the automation section.
The ability to assign custom fields to individual types of issues (e.g incidents versus pen test results), not just all types of issues
Currently Issues can only be filtered by Date and/or Workflow. Please can a third option be introduced so that Issues can be filtered by Issue Type e.g., Assessment result, Incident etc.
There is existing content called 'SOA Template ISM to ISO map - September 2022.' This is updated by DEWR every 3 months. Can the updates come through to the public content library? The last update was in March 2023. Screenshot of current content attached.
In the requirements based assessments, we would like to have the ability to set a default value for the drop down list fields, to have a default value when someone is filling the response.
For the Requirements based assessments, to have the possibility of assigning a specific requirement to someone rather than being just one response for all? This capability, this is available in the questionnaire based assessment but not in the requirements based one. We would like to have it for the requirements based too.
Currently only 20 Clients (spokes) are listed on a page. We have 177 companies - soon it will be 200. When we need to login to each of these spokes to make a change, it takes progressively longer after the first 20 as we need to first scroll to the correct page, then select the next relevant spoke, then login, then navigate back & repeat process.
It would be very helpful to have the option to see all spokes listed on a single page view (and for this to be "sticky") i.e. after logging into relevant spoke, and making the changes necessary, when we come back to initial hub-level page, we would again see all spokes listed to select from (not just the standard 20). thanks
Could you add a mandatory check box for an explanation to be provided for a given answer?
There is already a mandatory check box for the questions and also to provide an attachment.
There is currently no way for Admin users to check on the 6Clicks system which users have Unsubscribed from email notifications (whether intentional or accidentally).
That also means we do not know when a user does not receive important email notifications (example: Advisor invites that are time-sensitive).
We have previously submitted a feature request to enable Admin Users to see "Subscribe/ Unsubscribe" status details for all users, so that we can proactively manage this for our userbase.
Would it be possible to include as standard risk fields responsible, accountable, consulted and informed? Could notifications then be sent based off these? Feedback from clients is that splitting accountable, responsible, consulted and informed will be very helpful. Currently, everyone gets emails and notifications which can be irritating.
Most assessments are more than all or nothing. Responses and attachments are made in a cadence as the respondent prepares the artifact for upload. The assessor does not need or want to wait on a final submission.
The call is for a working relationship between the assessor and the respondent. The assessor needs to get alerts to new responses to review the evidence. The respondent wants to know if the artifact/evidence review and acceptance are done and if it demonstrates compliance in near real-time.
An assessment of 200+ controls can result in 400+ questions. The assessment is more of a mini-project (workflow) than a single event.
I add comments with more details on the concept of assessment workflow.
Some reports need to reference linked authority or control, including all fields. One example is PCI DSS V4.0; there is a guidance field but no natural way to use it. Giving Prixel Perfect access to this data allows the report list guidance in the report that add value to the end user.