An approval process or permission against task due dates in the system. Meaning, a “normal” user shouldn’t be able to modify due dates. Ideally, they can still edit other fields but can't modify the due date without an approval or the right permissions.

Integrate with Orca Security for CCM capabilities

Attachment requirement on a response-by-response basis. i.e. if response = “No”, require attachment upload

“Download all” option to zip for evidence/attachments for an assessment. Ideally in a domain folder structure with reference to the question ID in the attachment name

Ability to log back and forth on a question-by-question basis during the review cycle. Meaning, reviewer marks a question as needing more information or similar and that comment along with the question gets pushed back to the respondent for revision. This would replace (augment?) the reopen or reassess capability today.

Important that the audit trail is supported on a question by question basis to log the feedback, noting it could be multiple iterations on one question.

Reviewer overriding a response: Along with the above, there is often a need for a reviewer to “override” a response during the review process. The business case is, if the respondent submits a Level 3 maturity, for example, and provides evidence but the reviewer deems that the evidence supports only a Level 1 maturity, customers want to be able to override that response with their reviewer comments.

To consider this in the new API dev

Scope:

• When an advisor is added to a spoke, they will no longer be required to click the email link to accept the invite.

Ability to automate the assignment of users to groups through the IdP.

Currently the actions cannot be arranged in case there are multiple steps in the treatment plan as attached.

Great update to risk relationships !! https://knowledgebase.6clicks.com/risk-relationships

Would like to be able to multi-select risks and then bulk assign them to a related risk

e.g. Filter or search for all risks with 'EoL' in the title / Tag then select all and relate them to a Parent risk i.e. 'All my EoL Risk'

Scope:

• Ability to to customize the home screen layout
• Add charts and filter on stage/status
• Add Power BI dashboards

Focus: Tables across all core modules

Scope:

• Column sorting
• Column ordering (drag/drop)
• Column select

In a risk, when a risk treatment plan (TRP) is closed, planned controls linked to the RTP will be automatically moved to current controls of the linked risks.

Benefit:

• Removes the manual work required to transfer risks

Focus: Asset register

Planned scope

• Align the Asset register with with the Custom Registers 2.0 updates: https://roadmap.6clicks.com/feature-requests/posts/custom-registers-ui-ux-custom-fields-uplift

• Displaying QBA results in RBAs run on internal control sets

Focus: Risks

Scope:

• Response only users can be assigned RTPs and only see and action the RTP task.

• Drag and drop workflows builder
• Create custom workflows and integrations with third-party tools
• Create custom nonfictions based on events
• Create custom escalations workflows (Controls/CCM, Risks, Incidents, etc.)

Track user ownership of objects across all modules.

Scope:

• Updated design of tabs in side panels
• Removal of click and swipe between tabs

Focus: Controls

Scope:

• Ability to export a control set into CSV

Acknowledging risk domain values can be customised at the hub level, however this doesn't allow spokes to have their own custom risk domain values. Our client organisations require the ability to have different custom risk domains in each spoke.

It would be super helpful to be able to see a list of the assigned assets for a third pary within the third parties screen. This helps with being able to determine if a third-party should remain active or not.

To prevent maintenance overhead, duplication of data and the risk of inconsistent data, it would be amazing to be able to point drop-down lists to reference/control data. That might be a custom register of values, or lists in the custom data admin page.

The ability to attest to register items would allow us to utilise the document control functionality of the system for smaller documents which may require attestation but not necessarily fit within the functionality of the controls module.