Description

Issues self-service view enables users to build on-demand reports from the Issues register data inside the 6clicks app. It delivers preconfigured and custom views that power a broad range of reporting needs for the Issues module and provides a dashboard with key metrics for quick insight and monitoring.

Key Components

• Self-service report builder for Issues register data
• Predefined views for common reporting scenarios
• Configurable filters, sorting, and grouping
• Export and share options for stakeholder reporting
• Issues dashboard with KPIs and trend visualizations
• Permissions-aware access aligned to user roles

Benefits

• Faster insight generation without needing analyst support
• Consistent, trustworthy reporting across teams
• Clear visibility into issue volume, severity, owners, and SLAs
• Early detection of trends and hotspots to guide action
• Time saved through reusable views and exports

Example Use Case

A compliance lead filters the Issues register to open high-severity items owned by their team, groups by category, and exports a monthly summary with trend charts from the dashboard to share in the governance meeting.

Description: Introduce the ability to consolidate results from multiple assessments into a single aggregated report. Users can select multiple source assessments (QBAs/RBAs), roll up their control requirements into a unified RBA, and generate paginated, pixel-perfect reports that preserve unique fields and references from each source.

Key Components:

• Option to select and merge multiple assessments (QBA/RBA) into one consolidated output
• Automatic aggregation of control requirements into a “roll-up” RBA
• Support for preserving unique fields and referenceability from each source assessment
• Pixel-perfect, paginated reporting format for professional outputs
• Alignment with control inheritance concepts to support layered or multi-source assessments

Benefits:

• Eliminates the need for manual exports and merges across assessments
• Ensures consistency by retaining source-specific custom fields in the roll-up
• Saves time and reduces errors in creating consolidated reports
• Provides a holistic view of compliance and risk posture across multiple assessments

Example Use Case: An assessor selects three separate RBAs that cover different operational domains. Using the merge capability, they generate a consolidated report where all control requirements are rolled up and reported together. The resulting Word report is paginated, pixel-perfect, and retains references back to each source assessment, providing a single comprehensive view.

• Description: Introduce an AI-driven capability that validates uploaded control evidence against control test requirements. The system will analyze the content of evidence submissions to confirm adequacy, flag deficiencies, and recommend improvements. Additionally, it enables second-line teams to efficiently review and monitor the effectiveness and residual risk of controls.
• Key Components:
  • AI-based validation of submitted control evidence against control test criteria.
  • Contextual feedback to evidence submitters on what is missing or insufficient.
  • Integration with control frameworks (e.g., ISO/IEC 27001, NIST) and control test requirements.
  • Flags ineffective, missing, or high-risk controls across control sets for second-line to priortise for remediation.
• Benefits:
  • Reduces human error and subjectivity in evidence reviews.
  • Accelerates control testing workflows by guiding users to submit complete and relevant evidence.
  • Enhances assurance by surfacing controls that are non-functional or poorly implemented.
  • Supports second-line risk and compliance functions with actionable insights and oversight tools.

Description: Introduce a structured QA review workflow within RBA assessments, enabling organizations to enforce quality checks before assessments are finalized. This feature provides a formalized review stage where compliance managers or designated reviewers can validate responses, evidence, and overall completeness, ensuring higher confidence in assessment outputs.

Key Components:

• Configurable review stage within the RBA workflow (e.g., Draft → In progress → Review → Completed)
• Ability to assign reviewers (e.g., compliance managers, QA leads)
• Reviewer tools for:
  • Checking requirement responses and linked evidence
  • Providing comments, requesting clarifications, or rejecting responses
  • Approving or rejecting requirements individually or in bulk
• Notifications and task assignments for smooth handover between assessors and reviewers
• Audit trail of review actions for transparency and accountability

Benefits:

• Ensures completeness and accuracy of assessments before they are finalized
• Improves governance by embedding quality assurance directly into the RBA process
• Reduces risk of errors or omissions in compliance reporting
• Enhances collaboration between assessors and reviewers through structured workflows
• Provides traceability with a clear record of review actions and approvals

• Description: Enable partners to build and deploy custom Hailey AI agents—without writing code—directly within the 6clicks platform. Using Retrieval-Augmented Generation (RAG), agents leverage uploaded partner documentation (e.g. frameworks, guides, methodologies) and dynamically respond based on the user’s in-app context to provide intelligent, tailored support.
• Key Components:
  • No-code configuration of Hailey agents via an intuitive in-app setup flow.
  • Support for uploading custom partner content (e.g. ISO 27001 best practices, AESCSF implementation guides).
  • Retrieval-Augmented Generation (RAG) for grounding responses in uploaded source material.
  • Page-aware agent behavior that adapts answers based on where the user is in the platform (e.g. risk register, assessment, playbook).
  • Specialized agent types, such as risk management bots, that combine platform data with uploaded methodologies.
• Benefits:
  • Allows partners to deliver embedded AI expertise at scale, without development overhead.
  • Enables clients and advisors to receive instant, context-aware guidance grounded in trusted partner content.
  • Reduces support burden and training time through self-service, intelligent assistance.
  • Differentiates partner offerings with branded, value-added AI agents tailored to their methodology.

Description

A full integration of Hailey Assistant with Microsoft Teams, enabling users to interact with Hailey directly within the MS Teams environment. This feature will allow users to call Hailey recipes, display data, and access 6clicks functionality without leaving their Teams workspace.

Key Components:

• Hailey chatbot accessible within MS Teams interface
• Ability to execute Hailey recipes directly from Teams chat
• (TBD) Data visualization capabilities to display 6clicks information
• Authentication and token refresh mechanisms for secure access
• Responsive UI optimized for Teams environment
• Context-aware responses based on Teams conversation
• Integration with Teams notifications for alerts and updates
• Support for both individual chats and team channels
• Command syntax for specialized Hailey functions

Benefits:

• Improved workflow efficiency by reducing context switching between applications
• Enhanced collaboration through shared Hailey interactions in team channels
• Increased accessibility to 6clicks data and functionality
• Streamlined user experience within familiar MS Teams environment
• Faster decision-making with immediate access to 6clicks insights
• Reduced training needs by leveraging existing Teams knowledge
• Greater adoption of 6clicks functionality through convenient access
• Time savings through automation of routine tasks via Hailey recipes

Example use case:

A risk management team is discussing potential compliance issues in their MS Teams channel. Instead of switching to the 6clicks platform, the team leader types "@Hailey analyze compliance gaps for Project X" in the Teams chat. Hailey processes the request, runs the appropriate recipe, and returns a visualization of compliance gaps directly in the Teams conversation. Team members can immediately discuss the findings, ask Hailey follow-up questions about specific regulations, and assign tasks to address the identified gaps—all without leaving Microsoft Teams.

Description: Enhanced reporting capabilities for RBA and Audit assessments, ensuring both native 6clicks reports and Power BI dashboards provide turnkey, user-friendly outputs. The reporting framework will seamlessly support different authorities, custom fields, and varied audit requirements without requiring manual adjustments. Engaging visuals and flexible views will make it easier for advisors, auditors, and stakeholders to extract value directly.

Key Components:

• Native reporting enhancements with built-in support for multiple authorities and their unique custom fields
• Power BI reporting templates designed to adapt automatically to different RBAs and audits (turnkey, minimal editing required)
• Support for custom RBA fields and audit-specific scoring logic through configurable report views
• Comprehensive views available across both in-app (native/YF) and Power BI environments
• Default reports with engaging, visualized insights for broad usability
• Option for tailored/custom reports for specialized audit scoring requirements

Benefits:

• Eliminates the need for repetitive report editing per RBA or authority
• Provides turnkey reporting that adapts automatically across authorities and audits
• Enhances decision-making with clear, engaging, and standardized visuals
• Supports both standardized and specialized reporting needs within one framework
• Saves time and reduces complexity for advisors and compliance managers managing multiple RBAs

Description

Enhanced semantic search capability for Hailey Assist that leverages natural language processing to deliver highly relevant search results from the existing data set. The system will understand context and intent behind user queries rather than just matching keywords.

Key Components:

• Integration with Agno backend for semantic search processing
• Natural language understanding (NLU) capabilities to interpret user intent
• Contextual relevance scoring algorithm to prioritize results
• User feedback mechanism to improve search accuracy over time
• Query reformulation to handle ambiguous or complex searches
• Support for conversational search queries
• Semantic indexing of existing content
• LLM pass over to further enhance semantic search quality

Benefits:

• Significantly improved search accuracy and relevance
• Reduced time spent searching for information
• Ability to find content without knowing exact keywords
• Support for conversational and question-based queries
• Enhanced user experience through more intuitive interactions
• Decreased training requirements for new users
• Improved productivity across the platform

Example use case:

A compliance manager at a financial services firm needs to find specific regulatory information but isn't familiar with the exact terminology. Instead of searching for precise keywords like "GDPR Article 28 processor requirements," they simply ask Hailey: "What are my obligations when sharing customer data with third-party vendors in Europe?" The semantic search understands the intent, recognizes the relationship to GDPR data processor requirements, and returns highly relevant policy documents, controls, and compliance guidance—even though these exact words weren't used in the query.

Description

AI-powered report generation feature that allows users to create customized reports in various file formats directly through Hailey Assist or the Chat Interface. Potentially leveraging Claude's advanced capabilities, users can generate comprehensive, well-structured reports based on their data and requirements without manual formatting.

Key Components:

• Natural language report request interface via Hailey Assist/Chat
• Support for multiple output formats (PDF, DOCX, PPTX, etc.)
• Template-based generation with customizable styles and branding
• Data extraction and integration from existing 6clicks modules
• Dynamic content generation based on user inputs and requirements
• Automated formatting and styling consistent with 6clicks design guidelines
• Export and sharing capabilities for generated reports
• Version tracking and report history

Benefits:

• Significant time savings compared to manual report creation
• Consistency in report structure and formatting across the organization
• Ability to quickly generate custom reports for different stakeholders
• Enhanced data visualization through AI-generated charts and graphs
• Reduced human error in data compilation and presentation
• Improved knowledge sharing and collaboration through standardized reporting
• Flexibility to meet diverse reporting needs without technical expertise
• Seamless integration with existing 6clicks workflows

Example use case:

A compliance manager needs to prepare a quarterly risk assessment report for the executive team. Instead of manually compiling data from various sources, they ask Hailey: "Generate a comprehensive quarterly risk assessment report including all high and critical risks identified since January, with trend analysis and recommended actions." Within minutes, Hailey processes the request, extracts relevant data from the risk register, analyzes trends, and produces a professionally formatted report in PDF format with an executive summary, detailed findings, visual representations of risk distributions, and actionable recommendations. The manager reviews the report, makes minor adjustments through the chat interface, and shares the final version with stakeholders—reducing what would typically be a full day's work to less than 30 minutes.

Description

We are improving the 6clicks login experience for users who belong to multiple tenants. Instead of requiring separate Identity Provider (IdP) apps and multiple logins, users will now authenticate once with their IdP and then simply select which tenant they want to access.

Key Components

• New tenant selection step added after single sign-on (SSO) login
• Automatic filtering so users only see the tenants they are a member of
• Seamless redirect into the selected tenant without needing to log in again

Benefits

• Single login: Users only need to log in once, even if they belong to multiple tenants
• Simpler setup: Customers no longer need to create and manage separate IdP apps for each tenant
• Better user experience: Users can quickly pick their tenant after one login
• Reduced admin effort: Less duplication and ongoing maintenance for IT teams
• Streamlined access: Faster, clearer, and more consistent login flow for end-users

Example Use Case

A consultant who works across three different clients in 6clicks currently needs three separate logins. With this improvement, they’ll log in once with their corporate IdP, choose the tenant from a drop-down, and immediately access it — without needing to sign in multiple times.

It would be good to have the option to cover both target and residual rating in a single assessment using a common matrix likelihood and impact field.

• Description: Implement an AI-based system to recommend controls for Risk Treatment Plans (RTP) by analyzing linked data such as assets, vulnerabilities, threats, and risks.
• Key Components:
  • AI recommendations based on frameworks like ISO/IEC 27001 Annex A.
  • Tailored control suggestions using linked data (assets, vulnerabilities, threats, risks).
  • Integration with existing control sets and frameworks.
• Benefits:
  • Improves the effectiveness of RTPs by providing tailored control recommendations.
  • Reduces the likelihood and impact of risks through precise control implementation.

Update compliance mapper with a new LLM based algorithm enabling high fidelity mappings from provision to provisions between different authorities and controls to provisions, with Hailey suggestions and feedback for improvement.

Improve quality of controls imported using Hailey importer from mixed format inputs.

Description: Extend the current Pixel Perfect report builder, which supports tag-based placeholders in MS Word templates, by introducing rule-based placeholders. This enhancement enables users to generate reports that not only populate data but also apply conditions and ordering rules, allowing for highly tailored and meaningful reporting outputs.

Key Components:

• Support for rule-based placeholders in addition to existing tag-based placeholders
• Ability to filter and include only assessment data that meets specific conditions (e.g., non-compliant requirements)
• Configurable ordering rules (e.g., sort by highest risk rating or issue severity)
• Seamless integration into the existing MS Word template-based report generation flow
• Backward compatibility: existing templates with tag placeholders continue to work as-is

Benefits:

• Provides flexible, condition-driven reporting tailored to stakeholder needs
• Saves significant manual effort by automating filtering and sorting in reports
• Enables auditors, risk managers, and compliance teams to highlight the most critical findings first
• Enhances the professionalism and relevance of exported reports for board or regulator reviews

Example Use Case: A compliance officer prepares an audit report and uses rule-based placeholders in their Word template to automatically generate a section listing only requirements assessed as “Non-Compliant.” Another section lists risks sorted by highest rating, followed by issues sorted by severity. The final report is generated in one click, eliminating the need for manual reordering or filtering.

Description: Enable Hub users to seamlessly push updated or new control sets to one or more Spokes, with versioning logic applied automatically. This ensures consistency of control frameworks across Hub-and-Spoke environments while preserving publishing rules.

Key Components:

• Ability for Hub users to push control sets to selected Spokes
• Allows user to choose whether they want to create a new control set or update an existing control set with the same name with a new version
• Full inclusion of changes, including custom fields, in the version transfer

Benefits:

• Ensures control sets remain consistent across the Hub-and-Spoke ecosystem
• Automates version control to prevent conflicts or overwrites
• Improves governance by standardizing updates from Hub to Spokes
• Reduces manual rework for Spokes by carrying over all Hub-defined changes, including custom fields

Description: Introduce a streamlined “focus view” for RBA responses that consolidates all requirement details into a single page. This interface improves efficiency by displaying governing body details, configured notes, linked data, responses, and attachments in one comprehensive view, reducing the need to navigate across multiple sections.

Key Components:

• Unified requirement details page within the RBA module
• Display of governing body–provided requirement details
• Inclusion of configured notes or internal guidance for responders
• Linked data section (e.g., mapped requirements from other standards)
• Integrated response fields and attachments area
• Clean, streamlined layout optimized for efficient data entry and review

Benefits:

• Improves assessor efficiency by reducing clicks and navigation overhead
• Ensures all contextual information is visible while responding to requirements
• Enhances accuracy by keeping guidance, references, and linked data in view
• Provides a better user experience with a modern, focused interface design

Description: Expand our existing Intelligent Workflow capabilities with an intuitive connector and comprehensive automation features for risk workflows. This enhancement allows organizations to build sophisticated risk orchestration across their enterprise systems, triggering automated actions based on risk events and syncing risk data seamlessly across platforms without coding.

Key Components:

• Expanded set of Intelligent Workflow triggers and actions for Risk, Risk Treatment Plans, and Risk Assessments
• Intuitive connector interface for easier integration setup
• Trigger-based automation for risk stage transitions and threshold breaches
• Bi-directional data sync capabilities with external systems
• Pre-built recipe templates for common risk workflows

Benefits:

• Eliminates manual data entry and reduces administrative overhead
• Enables real-time risk response through automated workflows
• Extends 6clicks risk management across enterprise toolchain
• Provides flexibility for custom integration scenarios

Example Use Case: When a risk assessment score exceeds a critical threshold, automatically create a Jira ticket for the risk owner, send Slack notifications to relevant stakeholders, and update the risk register in ServiceNow - all without manual intervention.

Hi team,

It would be great if we could edit the information from the imported vulnerabilities, or to add new information, rather than having to recreate it all in a csv file and re-importing it.

Risk assessment output values has a formula field where the only option is MAX. I would like to be able to create custom formulas with input fields - e.g., a + b, a * b * c.

Please can the list of Event filters be extended to enable a report of users who have used 'My settings' to configure Multi-Factor Authentication i.e., if set this is defined as 'Two factor authentication enabled' in the user details

Is it possible to display the Residual Risks Rating on the ribbon as opposed to the Risks Rating, and update the Icon in the Residual Risk rating in the Risks assessment to have the same icon as the Risks rating.?

Implement in the self-service report the possibility of creating a report with assessment data and risk data and their treatments in a single table. see picture.

If I can create a risk and link both registers, I need a way to report and show this.

Nowadays, I need to export both reports to Excel and manually create a merge with this information, and I dislike doing it because we can have misinformation.

To better track the timely completion of issues and incidents, it would be helpful to include an additional column in the overview table that displays the 'Updated' date. This would allow users to quickly identify which items have been recently modified and monitor progress more effectively.

Tags that have already been entered reappear in the list of available tags for selection. This leads to confusion when managing tags. Ideally, once a tag is added, it should be removed from the suggestion list to prevent re-selection.