Recommend addition of "Add More" or "Click Here to Add" alongside the + symbol for Looped Questions.

Currently it's not very clear that the user needs to click on the + symbol and instructions need to be added to the description field.
These instructions can disappear/may not always be visible depending on the amount of information entered by the respondent.

Hailey's evidence validation capability is being extended into the Custom Registers architecture, starting with the Tests and Evidence registers. With richer context available -- test definitions, linked controls, framework mappings, and connected organisational data -- Hailey can validate evidence the way an experienced auditor would, not just check that something was submitted.

The capability is designed around three personas: control owners who define requirements, evidence submitters who respond to tasks, and evaluators who review submissions.

Key Components:

• Validation Guide Generation: When a test is created, Hailey automatically generates a guide defining what valid evidence looks like for that context. Guides are editable by the control owner to accommodate organisation-specific requirements.
• Submitter Experience: Submitters see the validation guide before uploading, can ask Hailey plain-language questions about what to provide, and receive specific feedback on any gaps before submission is confirmed. Iterative rounds are supported.
• Auditable Override: If a submitter believes their evidence is valid despite Hailey's assessment, they can override with a written explanation -- creating a record visible to the evaluator.
• Evaluator Experience: Evaluators receive submissions with Hailey's full validation history attached, including any overrides and the submitter's rationale.
• Knowledge Graph-Powered Validation: Hailey reasons across linked organisational data -- asset registers, system inventories, existing evidence -- to catch discrepancies that a document-only review would miss.
• Manual and Automated Test Modes: Automated tests are validated through integrations with no task required. Manual tests use the task workflow. Both surface validation status on the test record.

Benefits:

• Eliminates the evidence back-and-forth loop -- submitters get clear guidance upfront, evaluators receive pre-validated submissions.
• Validation uses linked organisational context, not just the submitted document, catching gaps that would otherwise reach the reviewer.
• Full audit trail across every submission round, override, and automated validation result.
• Works across file uploads, written descriptions, and pasted content -- no submission format is treated as second-class.

Example use case:

A systems administrator is assigned a task to provide evidence for a quarterly privileged access review. They ask Hailey what to submit and receive specific guidance. They upload a PAM export -- Hailey flags that it covers 47 accounts but the linked asset register shows 112 systems in scope. The administrator uploads a second export to address the gap. Hailey confirms coverage and the task is submitted. The evaluator receives the submission with the full validation history attached and can review with confidence, without performing a manual first-pass quality check.

Introduce a richer, more informative way to view and act on linked data across custom registers. This work replaces the current pill-based display with card-style linked data views and introduces Hailey-assisted mapping recommendations that proactively suggest relevant linkages based on a register item's data and context without requiring users to manually trigger or configure anything.

Key Components:

• A linked data presentation component replacing the current pill-based display with card-style views that surface related object context at a glance, shown in context on detail screens (e.g. right-hand panel on a control detail screen).
• Hailey-assisted mapping recommendations that analyse a register item's data, custom fields, and metadata and suggest relevant linkages, surfaced automatically in context without requiring manual triggering
• Confidence-rated suggestions allowing users to review, accept, or reject individual recommendations, with the option to bulk-accept high-confidence mappings

Benefits:

• Gives users richer at-a-glance context on how records relate to each other, reducing the need to navigate away to understand linkages
• Reduces manual effort in identifying and creating relevant linkages across the platform
• Keeps users in control by presenting AI suggestions for review rather than automating linkages silently
• Lays the groundwork for downstream capabilities including compliance posture, gap analysis, and evidence validation enrichment that depend on reliable, well-structured linkage data

Example Use Case: A control owner is reviewing a control for MFA configuration. Rather than manually hunting for relevant evidence and deciding which tests it applies to, Hailey analyses the available evidence -- an exported Azure AD report confirming MFA enforcement across all privileged accounts -- and recommends linking it to the relevant test. The control owner reviews the recommendation and confirms the linkage. Related objects are displayed in a clear card-style panel alongside the control, giving immediate context without navigating away from the screen.

Controls are the central object in 6clicks' compliance data model -- everything connects to and from them: evidence, tests, tasks, framework provisions, assets, and systems. This feature rebuilds the Controls module on the same Custom Registers architecture used across the platform, placing controls at the heart of a connected compliance data model and unlocking capabilities that were not possible with the legacy module.

Teams can migrate on their own timeline. The legacy Controls module remains fully functional during the transition, and migration is opt-in and customer-controlled.

Key Components:

• Controls Register: A dedicated out-of-the-box register for creating and managing controls, with all standard fields preserved from the legacy module. Control sets allow controls to be organised, grouped, and reused across frameworks and programs.
• Many-to-Many Linking: Controls link to evidence, tests, tasks, and framework provisions in any direction. A single control can satisfy multiple provisions across multiple frameworks simultaneously, and compliance status assessed on a control propagates automatically to every linked provision.
• Hailey Evidence Validation: The control record surfaces a consolidated view of all Hailey evaluations across all linked evidence and tests, giving control owners and compliance managers a single place to see the full validation picture without navigating across individual records.
• Scope Awareness: Filter and manage controls by system or framework, supporting organisations with distinct OT and IT environments, multiple regulatory jurisdictions, and complex entity structures.
• Knowledge Graph Foundation: Linkages across controls, assets, systems, evidence, and tests form the connected data structure that enables Hailey to reason across the full compliance object model and supports future agentic capabilities.

Benefits:

• Compliance status assessed once on a control flows automatically to every linked framework provision, eliminating the need to re-assess the same control multiple times across different frameworks.
• Many-to-many linking removes the architectural constraints of the legacy module without disrupting existing workflows.
• Consolidated Hailey validation on the control record reduces time spent navigating across tasks, evidence, and tests to understand the overall compliance picture.
• Scope awareness keeps views clean and relevant for teams with different responsibilities across complex hybrid environments.
• Consistent UX across all registers reduces onboarding time for teams managing multiple compliance objects.
• Customers migrate at their own pace, with no forced cutover and full parity maintained throughout.

Example use case:

A security team at a critical infrastructure operator manages compliance across ISM, Essential Eight, and SOCI simultaneously. After migrating to the new Controls Register, they discover that 40% of their controls map to provisions across more than one framework. Assessments now propagate automatically, eliminating the duplicate effort of re-assessing the same control three times. When a new SOCI obligation is mapped to an existing ISM control, compliance status flows through immediately with no additional assessment work. The control record surfaces a consolidated Hailey validation summary across all linked evidence and tests, giving the compliance manager a single view of what has been validated, what is outstanding, and what was submitted through automated integrations versus manual task workflows.

The review process for QBAs often occurs outside the platform, leading to fragmented communication and limited visibility. This feature enables users to complete the entire QBA review phase within 6clicks.

Users can add question-level comments to provide context or feedback, assign comments to drive accountability, and receive notifications when they are mentioned or assigned. Comments can also be marked as resolved to track progress and maintain a clear audit trail.

This creates a centralized, transparent, and efficient review experience for QBAs, reducing reliance on external tools.

Key Components:

• Question-Level Commenting (for QBAs): Add contextual comments directly against specific questions during the QBA review phase.
• Comment Assignment: Assign comments to users to drive ownership and accountability.
• Mentions & Notifications: Notify users when they are mentioned or assigned within QBA comments.
• Comment Resolution: Mark comments as resolved to track completion of discussions.
• Audit Trail: Maintain a clear, centralized record of all review discussions and decisions within QBAs.

Benefits:

• Centralized Review for QBAs: Eliminates the need for external tools.
• Improved Collaboration: Enables seamless communication during the QBA review phase.
• Clear Accountability: Assignments ensure ownership of actions.
• Timely Responses: Notifications keep users on track.
• Better Visibility & Tracking: Resolution and audit trails provide clarity on progress.
• Increased Efficiency: Reduces manual effort and speeds up reviews.

Example use case:

During a Third-Party Risk QBA, a reviewer flags an incomplete response to a data protection question and assigns a comment to the vendor owner. The owner receives a notification, updates the response with clarification, and the reviewer marks the comment as resolved—keeping the entire discussion tracked within the QBA.

The review process for RBAs currently happens outside 6clicks, leading to fragmented communication and limited visibility. This feature enables users to complete the entire RBA review phase within the platform.

Users can add requirement-level comments to provide context or feedback, assign comments to drive accountability, and receive notifications when they are mentioned or assigned. Comments can also be marked as resolved to track progress and maintain a clear audit trail.

This creates a centralized, transparent, and efficient review experience for RBAs, reducing reliance on external tools.

Key Components:

• Requirement-Level Commenting (for RBAs): Add contextual comments directly against specific requirements during the RBA review phase.
• Comment Assignment: Assign comments to users to drive ownership and accountability for actions.
• Mentions & Notifications: Notify users when they are mentioned or assigned within RBA comments.
• Comment Resolution: Mark comments as resolved to track completion of discussions.
• Audit Trail: Maintain a clear, centralized record of all review discussions and decisions within RBAs.

Benefits:

• Centralized Review for RBAs: Eliminates the need for external tools by bringing all review discussions into one place.
• Improved Collaboration: Enables seamless communication between stakeholders during the RBA review phase.
• Clear Accountability: Assignments ensure ownership of actions and reduce ambiguity.
• Timely Responses: Notifications and mentions help users stay on top of required actions.
• Better Visibility & Tracking: Comment resolution and audit trails provide clear insight into progress and decisions.
• Increased Efficiency: Reduces manual effort and speeds up the overall RBA review workflow.

Example use case:

During an ISO 27001 RBA, a reviewer flags a vague response to an access control requirement and adds a comment, assigning it to the IT owner. The IT owner receives a notification, provides clarification, and attaches supporting details. Once reviewed, the comment is marked as resolved, maintaining a clear audit trail within the RBA.

Hello
I’m experiencing an issue with importing controls within a control set in 6clicks. We have custom fields configured, but when I download or view the controls import template, the custom fields are not included (they appear correctly in other modules—for example, the risks import).
Additionally, if I manually add the relevant custom field columns to the import file, 6clicks does not import/populate those fields.
Please find attached the template file I’m trying to import for your review.
Could you please advise how we can import custom fields for controls within a control set, or confirm if there are any limitations/settings required for this functionality?

Description: Introduce a way to download multiple files at once. This would eliminate the need to download individual files and improving efficiency during audits and reviews.

Key Components:

• Bulk download option to download all attachments linked to a requirement or record in a single action
• Consistent experience across modules

Benefits:
Saves significant time by enabling users to download all evidence in one go
Enhances audit and review efficiency through faster access to supporting documentation

Introduce an out-of-the-box Tasks Register that centralizes all tasks across a Spoke into a single register. This enhancement brings full register capabilities—visibility, configuration, permissions, and linking—to tasks, while preserving existing task IDs and behaviors. Tasks remain generated from other content (e.g., Risks, Controls etc) and are automatically reflected in the Tasks Register for consistent tracking and governance.

Key Components:

• Out-of-the-box Tasks Register:
  • Available by default for all new teams
  • Automatically enabled for existing teams
• Backward Compatibility:
  • Existing task IDs remain unchanged
  • All existing tasks are surfaced in the Tasks Register
• Automatic Task Aggregation:
  • Any task created in any register appears in the Tasks Register
• Register Capabilities for Tasks:
  • All standard register features (fields, views, filters, linking, permissions) apply to Tasks
• UI Enhancements:
  • Configurable center-grid tabs to view linked content (e.g., Tasks tab in any register; Controls tab in Risks)
• Permissions & Governance:
  • Tasks Register follows standard register permission sets (task-specific permissions TBD)

Benefits:

• Provides a single source of truth for all tasks within a Spoke
• Improves visibility and tracking across registers and assessments
• Preserves existing task behavior while unlocking powerful register features
• Enhances governance with consistent permissions and configurable linkages
• Streamlines workflows by keeping task creation contextual, not duplicated

Extend the existing Requirement-Based Assessment (RBA) capability beyond frameworks and control sets to custom registers. This enhancement allows users to initiate RBAs directly against one or more items from a selected custom register, collecting structured assessment data while maintaining strong linkage between register items and assessment outcomes.

Key Components:

• Ability to initiate an RBA from one or more items within a single custom register
• Reuse of existing RBA mechanics, including requirement selection and configurable response fields
• Support for assessing custom register items, and providing visibility into its linked data
• Automatic linkage of assessment data back to the originating register items
• Visibility of assessment results within the Linked Data section of each register item

Hi, our vendors have been responding to the assessments we send to them and increasingly are sending me emails to ensure I received their responses as they aren't sure if it submitted. I would like to request that a big sign pops up to say "Your Assessment has been Submitted" once the respondent hits submit. Thanks!

As part of our ongoing efforts to enhance performance and stability across the Analytics module, we are decommissioning the legacy Risk reports and replacing them with new, optimized versions.

These legacy reports have been identified as key contributors to performance bottlenecks, occasionally causing the analytics environment to slow down or temporarily stall. The new reports are optimized for performance and scalability, ensuring a faster and more stable user experience across all tenants.

Key Improvements
Faster load times: New reports load 20–30% faster than before. Improved stability: Reduces the likelihood of slowdowns or timeouts when viewing Risk data. Enhanced data model: Includes linked entities and relationships from Risks to other modules. Better user experience: Streamlined design and improved consistency across dashboards.

Enhance the user experience across registers and assessments by enabling advanced search and filter capabilities based on linked data. This feature allows users to quickly find, segment, and analyze items that are connected to other records

Key Components:

• Search and filter options based on linked data relationships (e.g., show all risks linked to a specific control)
• Support for multiple link types across all registers and modules
• Consistent interface design aligned with existing filtering behavior
• Optimized performance for handling large datasets with complex relationships

Benefits:

• Improves discoverability of related content across the platform
• Enables deeper analysis by viewing connections between registers and items
• Saves time by allowing users to directly filter by linked relationships instead of navigating manually
• Strengthens traceability and compliance reporting through easier cross-referencing
• Enhances decision-making by providing a complete, relationship-aware view of data

Build a Content Library feature to house pre-built workflow recipe templates, enabling customers to quickly implement common risk workflow automations without building integrations from scratch. This repository provides tested, ready-to-use recipes for standard integration scenarios across Risk, Risk Treatment Plans, and Risk Assessments modules, reducing implementation time and accelerating adoption.

Key Components:

• Content Library interface accessible from workflow integration settings
• Recipe template storage with categorization (by module, use case, integration platform)
• Search and filter functionality for recipe discovery
• 8-10 pre-built recipe templates covering common workflows
• Template documentation including setup instructions and configuration requirements
• One-click recipe import/deployment capability
• Recipe versioning and update notifications

Benefits:

• Reduces customer time-to-value from weeks to minutes for standard integrations
• Provides proven best practice patterns for risk workflow automation
• Lowers technical barriers for non-technical users to implement integrations
• Decreases support and CSM burden by offering self-service solutions
• Accelerates workflow feature adoption and customer success
• Establishes foundation for community-contributed recipes in future

Example Use Case: A compliance manager wants to automatically notify stakeholders when high-severity risks are identified, but lacks technical expertise to build custom recipes from scratch. They access the Content Library, browse available templates, and select the "High-Risk Alert to Slack" recipe. With one click, the recipe imports into their workflow workspace with pre-configured triggers and actions. They simply authenticate their Slack workspace, customize the notification message, and activate the recipe. Within 10 minutes, their automated risk alerting workflow is live—a process that would have taken days of manual configuration and testing.

We need more flexibility in communications to provide relevant details so the end user understands the importance of the email. The current communication is generic and only has a unique URL. Only after clicking on the URL does the user understand their required actions.

Enhance the Hub Administration experience with new capabilities that streamline advisor and user management across the Hub-and-Spoke environment. This feature empowers Hub admins to centrally manage advisors, assign them to Spokes (even if they don’t yet have access), and gain full visibility of users across all Spokes, improving oversight and operational efficiency.

Key Components:

• Advisor Management at User Level: Assign and manage advisors individually
• Assign Advisors to Orphan Spokes: Set an advisor for a spoke even if they don’t have existing access or relationship with that spoke.
• Cross-Spoke User Visibility: View all users across the Hub and their spoke assignments in one consolidated interface.
• Improved Navigation & Context: Simplified interface for identifying orphan spokes, managing user assignments, and updating advisor access.

Benefits:

• Improves administrative efficiency with centralized user and advisor management.
• Enables proactive management of orphan spokes and advisor coverage gaps.
• Strengthens governance and oversight by making user-spoke relationships transparent.

Description: Introduce a modernized evidence management experience with the ability to **view attachments directly in the browser. This enhancement streamlines how users interact with evidence across requirements, assessments, and registers, and improving efficiency during audits and reviews.

Key Components:

• In-browser evidence viewer supporting common file types (PDF, images, etc.)
• Bulk download option to download all attachments linked to a requirement or record in a single action [Moved to https://roadmap.6clicks.com/feature-requests/posts/bulk-download-attachments]
• Consistent experience across modules

Benefits:

• Improves usability with seamless online viewing of attachments
• Enhances audit and review efficiency through faster access to supporting documentation
• Reduces context switching and manual effort during evidence validation or review cycles
• Strengthens collaboration by allowing stakeholders to quickly view and verify documents in-platform

Description: Introduce advanced workflow capabilities across registers, enabling structured escalations, exception handling, and approval flows. This feature brings greater automation and governance by defining how items move through stages, who approves changes, and how exceptions or overdue actions are escalated to the right stakeholders.

Key Components:

• Escalation Rules: Automatically escalate items (e.g., risks, issues etc) based on conditions
• Exception Handling: Capture and manage exceptions that deviate from standard processes
• Approval Flows: Define approval steps before an item transitions between workflow stages
• Configurable Triggers & Notifications: Email or in-app alerts to keep stakeholders informed at each step.
• Workflow Visibility: Clear audit trail of actions, approvals, and escalations for compliance and accountability.

Benefits:

• Strengthens governance by enforcing structured review and approval processes
• Improves accountability with traceable escalation paths and audit history
• Reduces manual oversight by automating exception and overdue item handling
• Enhances operational efficiency and consistency across all registers and assessments
• Provides flexibility to model organization-specific processes and controls

Description: Expand the Risk Forms capability to provide richer field context and improved communication. This enhancement introduces support for placeholder and description text on form fields, enables matrix field display on forms, and allows submitters to include their email address for acknowledgment or follow-up. Together, these improvements enhance the clarity, usability, and traceability of submitted risks.

Key Components:

• Display of field placeholders and descriptions on the form for improved guidance
• Support for matrix fields (e.g., risk rating matrices) to be shown on the form
• New “Submitter Email” field allowing users to optionally provide their contact address
• Email integration for sending confirmation or notifications to the submitter and risk owner
• Consistent design aligned with existing risk form configuration options

Benefits:

• Improves form usability by helping submitters understand what each field represents
• Enables richer data capture with support for complex field types like matrices
• Strengthens communication by allowing acknowledgment or follow-up with submitters
• Reduces confusion and incomplete submissions through better field context
• Enhances overall data quality and governance in external risk capture processes

Example Use Case: An organization publishes a public risk form for employees to report potential security risks. Each field now includes a short description explaining what to enter, and a risk rating matrix helps the submitter assess impact and likelihood. Before submitting, the user provides their email address to receive a confirmation and to enable follow-up from the risk owner.

Restructure the user permissions architecture to provide granular control over risk review access across multiple platform areas. This enhancement introduces dedicated Risk Review permissions under the My Tasks group, decouples Risk Review module access from the general Risk permissions, and converts obsolete risk review permissions into active, granular controls. The update addresses current inconsistencies where obsolete permissions still control access and the Risk Review module incorrectly uses general Risk permissions instead of dedicated review-specific permissions.

Key Components:

• New "Risk Review" permission added under My Tasks permission group (Administration > Users)
• De-obsolete and restructure existing risk review permissions into four granular levels: View, Create, Edit, Delete
• Decouple Risk Review module access from General.Risks permission
• Update My Tasks visibility to use new Risk Review permission
• Add "Risk review" option to My Tasks Type filter
• Update Risk Review module permission checks to use dedicated review permissions
• Backward compatibility and migration path for existing role configurations

Benefits:

• Provides administrators independent control over risk review access without requiring general Risk module permissions
• Aligns permission structure with other My Tasks items (e.g., Risk Treatment Plan permission pattern)
• Enables organizations to assign risk review responsibilities to users who don't need full Risk module access
• Eliminates confusion from obsolete permissions that still control access
• Improves platform security by enforcing proper permission boundaries
• Addresses multiple SLA tickets (#33608, #33723, #33612) related to permission inconsistencies
• Simplifies role management by clarifying permission purpose and scope
• Ensures consistent permission behavior across My Tasks, Risk Review module, and Type filters

Example Use Case: A compliance officer needs to conduct periodic risk reviews and document findings in My Tasks, but shouldn't have access to view all organizational risks or modify risk data. With the new permission structure, the administrator can grant "Risk Review - View/Edit" permission under My Tasks without providing general Risk module access. The user can see assigned risk reviews in My Tasks, access them through the Type filter, complete their review work, while maintaining appropriate access boundaries. Meanwhile, a risk analyst with full Risk module permissions can still be restricted from deleting completed risk reviews by only granting View/Edit permissions for Risk Reviews.

Description

Issues self-service view enables users to build on-demand reports from the Issues register data inside the 6clicks app. It delivers preconfigured and custom views that power a broad range of reporting needs for the Issues module and provides a dashboard with key metrics for quick insight and monitoring.

Key Components

• Self-service report builder for Issues register data
• Predefined views for common reporting scenarios
• Configurable filters, sorting, and grouping
• Export and share options for stakeholder reporting
• Issues dashboard with KPIs and trend visualizations
• Permissions-aware access aligned to user roles

Benefits

• Faster insight generation without needing analyst support
• Consistent, trustworthy reporting across teams
• Clear visibility into issue volume, severity, owners, and SLAs
• Early detection of trends and hotspots to guide action
• Time saved through reusable views and exports

Example Use Case

A compliance lead filters the Issues register to open high-severity items owned by their team, groups by category, and exports a monthly summary with trend charts from the dashboard to share in the governance meeting.

The ability to manage the risk module fully independent from the Hub.

This should give the ability to not only manage flows, risk assessment labels, risk assessments, risk fields, including disabling fields that have been established at the hub level.

Description: Introduce the ability to consolidate results from multiple assessments into a single aggregated report. Users can select multiple source assessments (QBAs/RBAs), roll up their control requirements into a unified RBA, and generate paginated, pixel-perfect reports that preserve unique fields and references from each source.

Key Components:

• Option to select and merge multiple assessments (QBA/RBA) into one consolidated output
• Automatic aggregation of control requirements into a “roll-up” RBA
• Support for preserving unique fields and referenceability from each source assessment
• Pixel-perfect, paginated reporting format for professional outputs
• Alignment with control inheritance concepts to support layered or multi-source assessments

Benefits:

• Eliminates the need for manual exports and merges across assessments
• Ensures consistency by retaining source-specific custom fields in the roll-up
• Saves time and reduces errors in creating consolidated reports
• Provides a holistic view of compliance and risk posture across multiple assessments

Example Use Case: An assessor selects three separate RBAs that cover different operational domains. Using the merge capability, they generate a consolidated report where all control requirements are rolled up and reported together. The resulting Word report is paginated, pixel-perfect, and retains references back to each source assessment, providing a single comprehensive view.

• Description: Introduce an AI-driven capability that validates uploaded control evidence against control test requirements. The system will analyze the content of evidence submissions to confirm adequacy, flag deficiencies, and recommend improvements. Additionally, it enables second-line teams to efficiently review and monitor the effectiveness and residual risk of controls.
• Key Components:
  • AI-based validation of submitted control evidence against control test criteria.
  • Contextual feedback to evidence submitters on what is missing or insufficient.
  • Integration with control frameworks (e.g., ISO/IEC 27001, NIST) and control test requirements.
  • Flags ineffective, missing, or high-risk controls across control sets for second-line to priortise for remediation.
• Benefits:
  • Reduces human error and subjectivity in evidence reviews.
  • Accelerates control testing workflows by guiding users to submit complete and relevant evidence.
  • Enhances assurance by surfacing controls that are non-functional or poorly implemented.
  • Supports second-line risk and compliance functions with actionable insights and oversight tools.

Description: Introduce a structured QA review workflow within RBA assessments, enabling organizations to enforce quality checks before assessments are finalized. This feature provides a formalized review stage where compliance managers or designated reviewers can validate responses, evidence, and overall completeness, ensuring higher confidence in assessment outputs.

Key Components:

• Configurable review stage within the RBA workflow (e.g., Draft → In progress → Review → Completed)
• Ability to assign reviewers (e.g., compliance managers, QA leads)
• Reviewer tools for:
  • Checking requirement responses and linked evidence
  • Providing comments, requesting clarifications, or rejecting responses
  • Approving or rejecting requirements individually or in bulk
• Notifications and task assignments for smooth handover between assessors and reviewers
• Audit trail of review actions for transparency and accountability

Benefits:

• Ensures completeness and accuracy of assessments before they are finalized
• Improves governance by embedding quality assurance directly into the RBA process
• Reduces risk of errors or omissions in compliance reporting
• Enhances collaboration between assessors and reviewers through structured workflows
• Provides traceability with a clear record of review actions and approvals