Enhance the Hub Administration experience with new capabilities that streamline advisor and user management across the Hub-and-Spoke environment. This feature empowers Hub admins to centrally manage advisors, assign them to Spokes (even if they don’t yet have access), and gain full visibility of users across all Spokes, improving oversight and operational efficiency.

Key Components:

• Advisor Management at User Level: Assign and manage advisors individually
• Assign Advisors to Orphan Spokes: Set an advisor for a spoke even if they don’t have existing access or relationship with that spoke.
• Cross-Spoke User Visibility: View all users across the Hub and their spoke assignments in one consolidated interface.
• Improved Navigation & Context: Simplified interface for identifying orphan spokes, managing user assignments, and updating advisor access.

Benefits:

• Improves administrative efficiency with centralized user and advisor management.
• Enables proactive management of orphan spokes and advisor coverage gaps.
• Strengthens governance and oversight by making user-spoke relationships transparent.

Description: Introduce a modernized evidence management experience with the ability to view attachments directly in the browser and download multiple files at once. This enhancement streamlines how users interact with evidence across requirements, assessments, and registers, eliminating the need to download individual files and improving efficiency during audits and reviews.

Key Components:

• In-browser evidence viewer supporting common file types (PDF, images, etc.)
• Bulk download option to download all attachments linked to a requirement or record in a single action
• Consistent experience across modules

Benefits:

• Saves significant time by enabling users to download all evidence in one go
• Improves usability with seamless online viewing of attachments
• Enhances audit and review efficiency through faster access to supporting documentation
• Reduces context switching and manual effort during evidence validation or review cycles
• Strengthens collaboration by allowing stakeholders to quickly view and verify documents in-platform

Description: Introduce advanced workflow capabilities across registers, enabling structured escalations, exception handling, and approval flows. This feature brings greater automation and governance by defining how items move through stages, who approves changes, and how exceptions or overdue actions are escalated to the right stakeholders.

Key Components:

• Escalation Rules: Automatically escalate items (e.g., risks, issues etc) based on conditions
• Exception Handling: Capture and manage exceptions that deviate from standard processes
• Approval Flows: Define approval steps before an item transitions between workflow stages
• Configurable Triggers & Notifications: Email or in-app alerts to keep stakeholders informed at each step.
• Workflow Visibility: Clear audit trail of actions, approvals, and escalations for compliance and accountability.

Benefits:

• Strengthens governance by enforcing structured review and approval processes
• Improves accountability with traceable escalation paths and audit history
• Reduces manual oversight by automating exception and overdue item handling
• Enhances operational efficiency and consistency across all registers and assessments
• Provides flexibility to model organization-specific processes and controls

Description: Expand the Risk Forms capability to provide richer field context and improved communication. This enhancement introduces support for placeholder and description text on form fields, enables matrix field display on forms, and allows submitters to include their email address for acknowledgment or follow-up. Together, these improvements enhance the clarity, usability, and traceability of submitted risks.

Key Components:

• Display of field placeholders and descriptions on the form for improved guidance
• Support for matrix fields (e.g., risk rating matrices) to be shown on the form
• New “Submitter Email” field allowing users to optionally provide their contact address
• Email integration for sending confirmation or notifications to the submitter and risk owner
• Consistent design aligned with existing risk form configuration options

Benefits:

• Improves form usability by helping submitters understand what each field represents
• Enables richer data capture with support for complex field types like matrices
• Strengthens communication by allowing acknowledgment or follow-up with submitters
• Reduces confusion and incomplete submissions through better field context
• Enhances overall data quality and governance in external risk capture processes

Example Use Case: An organization publishes a public risk form for employees to report potential security risks. Each field now includes a short description explaining what to enter, and a risk rating matrix helps the submitter assess impact and likelihood. Before submitting, the user provides their email address to receive a confirmation and to enable follow-up from the risk owner.

Restructure the user permissions architecture to provide granular control over risk review access across multiple platform areas. This enhancement introduces dedicated Risk Review permissions under the My Tasks group, decouples Risk Review module access from the general Risk permissions, and converts obsolete risk review permissions into active, granular controls. The update addresses current inconsistencies where obsolete permissions still control access and the Risk Review module incorrectly uses general Risk permissions instead of dedicated review-specific permissions.

Key Components:

• New "Risk Review" permission added under My Tasks permission group (Administration > Users)
• De-obsolete and restructure existing risk review permissions into four granular levels: View, Create, Edit, Delete
• Decouple Risk Review module access from General.Risks permission
• Update My Tasks visibility to use new Risk Review permission
• Add "Risk review" option to My Tasks Type filter
• Update Risk Review module permission checks to use dedicated review permissions
• Backward compatibility and migration path for existing role configurations

Benefits:

• Provides administrators independent control over risk review access without requiring general Risk module permissions
• Aligns permission structure with other My Tasks items (e.g., Risk Treatment Plan permission pattern)
• Enables organizations to assign risk review responsibilities to users who don't need full Risk module access
• Eliminates confusion from obsolete permissions that still control access
• Improves platform security by enforcing proper permission boundaries
• Addresses multiple SLA tickets (#33608, #33723, #33612) related to permission inconsistencies
• Simplifies role management by clarifying permission purpose and scope
• Ensures consistent permission behavior across My Tasks, Risk Review module, and Type filters

Example Use Case: A compliance officer needs to conduct periodic risk reviews and document findings in My Tasks, but shouldn't have access to view all organizational risks or modify risk data. With the new permission structure, the administrator can grant "Risk Review - View/Edit" permission under My Tasks without providing general Risk module access. The user can see assigned risk reviews in My Tasks, access them through the Type filter, complete their review work, while maintaining appropriate access boundaries. Meanwhile, a risk analyst with full Risk module permissions can still be restricted from deleting completed risk reviews by only granting View/Edit permissions for Risk Reviews.

Description

Issues self-service view enables users to build on-demand reports from the Issues register data inside the 6clicks app. It delivers preconfigured and custom views that power a broad range of reporting needs for the Issues module and provides a dashboard with key metrics for quick insight and monitoring.

Key Components

• Self-service report builder for Issues register data
• Predefined views for common reporting scenarios
• Configurable filters, sorting, and grouping
• Export and share options for stakeholder reporting
• Issues dashboard with KPIs and trend visualizations
• Permissions-aware access aligned to user roles

Benefits

• Faster insight generation without needing analyst support
• Consistent, trustworthy reporting across teams
• Clear visibility into issue volume, severity, owners, and SLAs
• Early detection of trends and hotspots to guide action
• Time saved through reusable views and exports

Example Use Case

A compliance lead filters the Issues register to open high-severity items owned by their team, groups by category, and exports a monthly summary with trend charts from the dashboard to share in the governance meeting.

Description: Introduce the ability to consolidate results from multiple assessments into a single aggregated report. Users can select multiple source assessments (QBAs/RBAs), roll up their control requirements into a unified RBA, and generate paginated, pixel-perfect reports that preserve unique fields and references from each source.

Key Components:

• Option to select and merge multiple assessments (QBA/RBA) into one consolidated output
• Automatic aggregation of control requirements into a “roll-up” RBA
• Support for preserving unique fields and referenceability from each source assessment
• Pixel-perfect, paginated reporting format for professional outputs
• Alignment with control inheritance concepts to support layered or multi-source assessments

Benefits:

• Eliminates the need for manual exports and merges across assessments
• Ensures consistency by retaining source-specific custom fields in the roll-up
• Saves time and reduces errors in creating consolidated reports
• Provides a holistic view of compliance and risk posture across multiple assessments

Example Use Case: An assessor selects three separate RBAs that cover different operational domains. Using the merge capability, they generate a consolidated report where all control requirements are rolled up and reported together. The resulting Word report is paginated, pixel-perfect, and retains references back to each source assessment, providing a single comprehensive view.

• Description: Introduce an AI-driven capability that validates uploaded control evidence against control test requirements. The system will analyze the content of evidence submissions to confirm adequacy, flag deficiencies, and recommend improvements. Additionally, it enables second-line teams to efficiently review and monitor the effectiveness and residual risk of controls.
• Key Components:
  • AI-based validation of submitted control evidence against control test criteria.
  • Contextual feedback to evidence submitters on what is missing or insufficient.
  • Integration with control frameworks (e.g., ISO/IEC 27001, NIST) and control test requirements.
  • Flags ineffective, missing, or high-risk controls across control sets for second-line to priortise for remediation.
• Benefits:
  • Reduces human error and subjectivity in evidence reviews.
  • Accelerates control testing workflows by guiding users to submit complete and relevant evidence.
  • Enhances assurance by surfacing controls that are non-functional or poorly implemented.
  • Supports second-line risk and compliance functions with actionable insights and oversight tools.

Description: Introduce a structured QA review workflow within RBA assessments, enabling organizations to enforce quality checks before assessments are finalized. This feature provides a formalized review stage where compliance managers or designated reviewers can validate responses, evidence, and overall completeness, ensuring higher confidence in assessment outputs.

Key Components:

• Configurable review stage within the RBA workflow (e.g., Draft → In progress → Review → Completed)
• Ability to assign reviewers (e.g., compliance managers, QA leads)
• Reviewer tools for:
  • Checking requirement responses and linked evidence
  • Providing comments, requesting clarifications, or rejecting responses
  • Approving or rejecting requirements individually or in bulk
• Notifications and task assignments for smooth handover between assessors and reviewers
• Audit trail of review actions for transparency and accountability

Benefits:

• Ensures completeness and accuracy of assessments before they are finalized
• Improves governance by embedding quality assurance directly into the RBA process
• Reduces risk of errors or omissions in compliance reporting
• Enhances collaboration between assessors and reviewers through structured workflows
• Provides traceability with a clear record of review actions and approvals

• Description: Enable partners to build and deploy custom Hailey AI agents—without writing code—directly within the 6clicks platform. Using Retrieval-Augmented Generation (RAG), agents leverage uploaded partner documentation (e.g. frameworks, guides, methodologies) and dynamically respond based on the user’s in-app context to provide intelligent, tailored support.
• Key Components:
  • No-code configuration of Hailey agents via an intuitive in-app setup flow.
  • Support for uploading custom partner content (e.g. ISO 27001 best practices, AESCSF implementation guides).
  • Retrieval-Augmented Generation (RAG) for grounding responses in uploaded source material.
  • Page-aware agent behavior that adapts answers based on where the user is in the platform (e.g. risk register, assessment, playbook).
  • Specialized agent types, such as risk management bots, that combine platform data with uploaded methodologies.
• Benefits:
  • Allows partners to deliver embedded AI expertise at scale, without development overhead.
  • Enables clients and advisors to receive instant, context-aware guidance grounded in trusted partner content.
  • Reduces support burden and training time through self-service, intelligent assistance.
  • Differentiates partner offerings with branded, value-added AI agents tailored to their methodology.

Description

A full integration of Hailey Assistant with Microsoft Teams, enabling users to interact with Hailey directly within the MS Teams environment. This feature will allow users to call Hailey recipes, display data, and access 6clicks functionality without leaving their Teams workspace.

Key Components:

• Hailey chatbot accessible within MS Teams interface
• Ability to execute Hailey recipes directly from Teams chat
• (TBD) Data visualization capabilities to display 6clicks information
• Authentication and token refresh mechanisms for secure access
• Responsive UI optimized for Teams environment
• Context-aware responses based on Teams conversation
• Integration with Teams notifications for alerts and updates
• Support for both individual chats and team channels
• Command syntax for specialized Hailey functions

Benefits:

• Improved workflow efficiency by reducing context switching between applications
• Enhanced collaboration through shared Hailey interactions in team channels
• Increased accessibility to 6clicks data and functionality
• Streamlined user experience within familiar MS Teams environment
• Faster decision-making with immediate access to 6clicks insights
• Reduced training needs by leveraging existing Teams knowledge
• Greater adoption of 6clicks functionality through convenient access
• Time savings through automation of routine tasks via Hailey recipes

Example use case:

A risk management team is discussing potential compliance issues in their MS Teams channel. Instead of switching to the 6clicks platform, the team leader types "@Hailey analyze compliance gaps for Project X" in the Teams chat. Hailey processes the request, runs the appropriate recipe, and returns a visualization of compliance gaps directly in the Teams conversation. Team members can immediately discuss the findings, ask Hailey follow-up questions about specific regulations, and assign tasks to address the identified gaps—all without leaving Microsoft Teams.

Description: Enhanced reporting capabilities for RBA and Audit assessments, ensuring both native 6clicks reports and Power BI dashboards provide turnkey, user-friendly outputs. The reporting framework will seamlessly support different authorities, custom fields, and varied audit requirements without requiring manual adjustments. Engaging visuals and flexible views will make it easier for advisors, auditors, and stakeholders to extract value directly.

Key Components:

• Native reporting enhancements with built-in support for multiple authorities and their unique custom fields
• Power BI reporting templates designed to adapt automatically to different RBAs and audits (turnkey, minimal editing required)
• Support for custom RBA fields and audit-specific scoring logic through configurable report views
• Comprehensive views available across both in-app (native/YF) and Power BI environments
• Default reports with engaging, visualized insights for broad usability
• Option for tailored/custom reports for specialized audit scoring requirements

Benefits:

• Eliminates the need for repetitive report editing per RBA or authority
• Provides turnkey reporting that adapts automatically across authorities and audits
• Enhances decision-making with clear, engaging, and standardized visuals
• Supports both standardized and specialized reporting needs within one framework
• Saves time and reduces complexity for advisors and compliance managers managing multiple RBAs

Description

Enhanced semantic search capability for Hailey Assist that leverages natural language processing to deliver highly relevant search results from the existing data set. The system will understand context and intent behind user queries rather than just matching keywords.

Key Components:

• Integration with Agno backend for semantic search processing
• Natural language understanding (NLU) capabilities to interpret user intent
• Contextual relevance scoring algorithm to prioritize results
• User feedback mechanism to improve search accuracy over time
• Query reformulation to handle ambiguous or complex searches
• Support for conversational search queries
• Semantic indexing of existing content
• LLM pass over to further enhance semantic search quality

Benefits:

• Significantly improved search accuracy and relevance
• Reduced time spent searching for information
• Ability to find content without knowing exact keywords
• Support for conversational and question-based queries
• Enhanced user experience through more intuitive interactions
• Decreased training requirements for new users
• Improved productivity across the platform

Example use case:

A compliance manager at a financial services firm needs to find specific regulatory information but isn't familiar with the exact terminology. Instead of searching for precise keywords like "GDPR Article 28 processor requirements," they simply ask Hailey: "What are my obligations when sharing customer data with third-party vendors in Europe?" The semantic search understands the intent, recognizes the relationship to GDPR data processor requirements, and returns highly relevant policy documents, controls, and compliance guidance—even though these exact words weren't used in the query.

Description

AI-powered report generation feature that allows users to create customized reports in various file formats directly through Hailey Assist or the Chat Interface. Potentially leveraging Claude's advanced capabilities, users can generate comprehensive, well-structured reports based on their data and requirements without manual formatting.

Key Components:

• Natural language report request interface via Hailey Assist/Chat
• Support for multiple output formats (PDF, DOCX, PPTX, etc.)
• Template-based generation with customizable styles and branding
• Data extraction and integration from existing 6clicks modules
• Dynamic content generation based on user inputs and requirements
• Automated formatting and styling consistent with 6clicks design guidelines
• Export and sharing capabilities for generated reports
• Version tracking and report history

Benefits:

• Significant time savings compared to manual report creation
• Consistency in report structure and formatting across the organization
• Ability to quickly generate custom reports for different stakeholders
• Enhanced data visualization through AI-generated charts and graphs
• Reduced human error in data compilation and presentation
• Improved knowledge sharing and collaboration through standardized reporting
• Flexibility to meet diverse reporting needs without technical expertise
• Seamless integration with existing 6clicks workflows

Example use case:

A compliance manager needs to prepare a quarterly risk assessment report for the executive team. Instead of manually compiling data from various sources, they ask Hailey: "Generate a comprehensive quarterly risk assessment report including all high and critical risks identified since January, with trend analysis and recommended actions." Within minutes, Hailey processes the request, extracts relevant data from the risk register, analyzes trends, and produces a professionally formatted report in PDF format with an executive summary, detailed findings, visual representations of risk distributions, and actionable recommendations. The manager reviews the report, makes minor adjustments through the chat interface, and shares the final version with stakeholders—reducing what would typically be a full day's work to less than 30 minutes.

Description

We are improving the 6clicks login experience for users who belong to multiple tenants. Instead of requiring separate Identity Provider (IdP) apps and multiple logins, users will now authenticate once with their IdP and then simply select which tenant they want to access.

Key Components

• New tenant selection step added after single sign-on (SSO) login
• Automatic filtering so users only see the tenants they are a member of
• Seamless redirect into the selected tenant without needing to log in again

Benefits

• Single login: Users only need to log in once, even if they belong to multiple tenants
• Simpler setup: Customers no longer need to create and manage separate IdP apps for each tenant
• Better user experience: Users can quickly pick their tenant after one login
• Reduced admin effort: Less duplication and ongoing maintenance for IT teams
• Streamlined access: Faster, clearer, and more consistent login flow for end-users

Example Use Case

A consultant who works across three different clients in 6clicks currently needs three separate logins. With this improvement, they’ll log in once with their corporate IdP, choose the tenant from a drop-down, and immediately access it — without needing to sign in multiple times.

It would be good to have the option to cover both target and residual rating in a single assessment using a common matrix likelihood and impact field.

• Description: Implement an AI-based system to recommend controls for Risk Treatment Plans (RTP) by analyzing linked data such as assets, vulnerabilities, threats, and risks.
• Key Components:
  • AI recommendations based on frameworks like ISO/IEC 27001 Annex A.
  • Tailored control suggestions using linked data (assets, vulnerabilities, threats, risks).
  • Integration with existing control sets and frameworks.
• Benefits:
  • Improves the effectiveness of RTPs by providing tailored control recommendations.
  • Reduces the likelihood and impact of risks through precise control implementation.

Update compliance mapper with a new LLM based algorithm enabling high fidelity mappings from provision to provisions between different authorities and controls to provisions, with Hailey suggestions and feedback for improvement.

Improve quality of controls imported using Hailey importer from mixed format inputs.

Description: Extend the current Pixel Perfect report builder, which supports tag-based placeholders in MS Word templates, by introducing rule-based placeholders. This enhancement enables users to generate reports that not only populate data but also apply conditions and ordering rules, allowing for highly tailored and meaningful reporting outputs.

Key Components:

• Support for rule-based placeholders in addition to existing tag-based placeholders
• Ability to filter and include only assessment data that meets specific conditions (e.g., non-compliant requirements)
• Configurable ordering rules (e.g., sort by highest risk rating or issue severity)
• Seamless integration into the existing MS Word template-based report generation flow
• Backward compatibility: existing templates with tag placeholders continue to work as-is

Benefits:

• Provides flexible, condition-driven reporting tailored to stakeholder needs
• Saves significant manual effort by automating filtering and sorting in reports
• Enables auditors, risk managers, and compliance teams to highlight the most critical findings first
• Enhances the professionalism and relevance of exported reports for board or regulator reviews

Example Use Case: A compliance officer prepares an audit report and uses rule-based placeholders in their Word template to automatically generate a section listing only requirements assessed as “Non-Compliant.” Another section lists risks sorted by highest rating, followed by issues sorted by severity. The final report is generated in one click, eliminating the need for manual reordering or filtering.

Description: Enable Hub users to seamlessly push updated or new control sets to one or more Spokes, with versioning logic applied automatically. This ensures consistency of control frameworks across Hub-and-Spoke environments while preserving publishing rules.

Key Components:

• Ability for Hub users to push control sets to selected Spokes
• Allows user to choose whether they want to create a new control set or update an existing control set with the same name with a new version
• Full inclusion of changes, including custom fields, in the version transfer

Benefits:

• Ensures control sets remain consistent across the Hub-and-Spoke ecosystem
• Automates version control to prevent conflicts or overwrites
• Improves governance by standardizing updates from Hub to Spokes
• Reduces manual rework for Spokes by carrying over all Hub-defined changes, including custom fields

Description: Introduce a streamlined “focus view” for RBA responses that consolidates all requirement details into a single page. This interface improves efficiency by displaying governing body details, configured notes, linked data, responses, and attachments in one comprehensive view, reducing the need to navigate across multiple sections.

Key Components:

• Unified requirement details page within the RBA module
• Display of governing body–provided requirement details
• Inclusion of configured notes or internal guidance for responders
• Linked data section (e.g., mapped requirements from other standards)
• Integrated response fields and attachments area
• Clean, streamlined layout optimized for efficient data entry and review

Benefits:

• Improves assessor efficiency by reducing clicks and navigation overhead
• Ensures all contextual information is visible while responding to requirements
• Enhances accuracy by keeping guidance, references, and linked data in view
• Provides a better user experience with a modern, focused interface design

Description: Expand our existing Intelligent Workflow capabilities with an intuitive connector and comprehensive automation features for risk workflows. This enhancement allows organizations to build sophisticated risk orchestration across their enterprise systems, triggering automated actions based on risk events and syncing risk data seamlessly across platforms without coding.

Key Components:

• Expanded set of Intelligent Workflow triggers and actions for Risk, Risk Treatment Plans, and Risk Assessments
• Intuitive connector interface for easier integration setup
• Trigger-based automation for risk stage transitions and threshold breaches
• Bi-directional data sync capabilities with external systems
• Pre-built recipe templates for common risk workflows

Benefits:

• Eliminates manual data entry and reduces administrative overhead
• Enables real-time risk response through automated workflows
• Extends 6clicks risk management across enterprise toolchain
• Provides flexibility for custom integration scenarios

Example Use Case: When a risk assessment score exceeds a critical threshold, automatically create a Jira ticket for the risk owner, send Slack notifications to relevant stakeholders, and update the risk register in ServiceNow - all without manual intervention.

Hi team,

It would be great if we could edit the information from the imported vulnerabilities, or to add new information, rather than having to recreate it all in a csv file and re-importing it.

Risk assessment output values has a formula field where the only option is MAX. I would like to be able to create custom formulas with input fields - e.g., a + b, a * b * c.