Complete
Trust collaborator role
A Trust Center collaborator needs access only to the Trust Center dashboard to review, approve, or reject access requests. Typically, a trust center collaborator doesn’t have any other responsibilities in Secfix beyond handling Trust Center requests.
Jakub Wanat 3 days ago
Feature Request
Complete
Trust collaborator role
A Trust Center collaborator needs access only to the Trust Center dashboard to review, approve, or reject access requests. Typically, a trust center collaborator doesn’t have any other responsibilities in Secfix beyond handling Trust Center requests.
Jakub Wanat 3 days ago
Feature Request
Under Review
Frameworks export needs Owner + Due Date (CSV/Excel) or Customizable fields to export
Right now, when we export the frameworks report, we only see the control details and status. We can’t see who owns the control or when it’s due. Since people tend to ignore email reminders, we often have to follow up manually — and without that information in the export, it’s hard to get a clean overview of what needs attention and who to chase. It would be great if you could extend the current export to include additional columns for Owner and Due date / Expiry date, so we can easily filter and manage follow-ups in Excel - even comments. Please update the frameworks export (CSV/Excel) to include at least: Control ID, Control Title, Status, Owner, and Due Date/Expiry Date. This would make weekly follow-ups and audit prep much easier for us. Or even better, to have the export customizable to whichever fields you need.
Yevheniia Hovorova 10 days ago
Frameworks page
Feature Request
Under Review
Frameworks export needs Owner + Due Date (CSV/Excel) or Customizable fields to export
Right now, when we export the frameworks report, we only see the control details and status. We can’t see who owns the control or when it’s due. Since people tend to ignore email reminders, we often have to follow up manually — and without that information in the export, it’s hard to get a clean overview of what needs attention and who to chase. It would be great if you could extend the current export to include additional columns for Owner and Due date / Expiry date, so we can easily filter and manage follow-ups in Excel - even comments. Please update the frameworks export (CSV/Excel) to include at least: Control ID, Control Title, Status, Owner, and Due Date/Expiry Date. This would make weekly follow-ups and audit prep much easier for us. Or even better, to have the export customizable to whichever fields you need.
Yevheniia Hovorova 10 days ago
Frameworks page
Feature Request
Under Review
Allow vendors to be reviewed without selecting an authentication method
Currently in the Vendors review flow, selecting a login/authentication method is mandatory to mark a vendor as Reviewed. However, not all vendors provide software or platforms that require authentication. Context Some vendors (e.g. law firms or consultants) do not offer any system requiring a login. In these cases, we are forced to select an incorrect authentication method just to complete the review. Proposed solution Add a “No authentication required / Not applicable” option that allows vendors to be marked as Reviewed without selecting a login method.
Frank Tiex 21 days ago
Vendor management
Feature Request
Under Review
Allow vendors to be reviewed without selecting an authentication method
Currently in the Vendors review flow, selecting a login/authentication method is mandatory to mark a vendor as Reviewed. However, not all vendors provide software or platforms that require authentication. Context Some vendors (e.g. law firms or consultants) do not offer any system requiring a login. In these cases, we are forced to select an incorrect authentication method just to complete the review. Proposed solution Add a “No authentication required / Not applicable” option that allows vendors to be marked as Reviewed without selecting a login method.
Frank Tiex 21 days ago
Vendor management
Feature Request
Open
In-app Notifications Tab
After receiving an email with tasks assigned to them(via manual tasks), the user would like to log into Secfix and see their specific tasks to do in one view - in a Notifications tab.
Elisabeth Fockel - LANOS About 1 month ago
Feature Request
Open
In-app Notifications Tab
After receiving an email with tasks assigned to them(via manual tasks), the user would like to log into Secfix and see their specific tasks to do in one view - in a Notifications tab.
Elisabeth Fockel - LANOS About 1 month ago
Feature Request
Open
Expand Vendors to include Partners and other third parties
Problem The current Vendors section is limited in scope and suggests that only software vendors should be listed. In practice, organizations work with different types of third parties, such as: infrastructure providers, partners involved in collaborative development, customers participating in joint projects. These entities are currently not clearly represented in the Vendors section, although they are relevant from a risk and compliance perspective. Proposed solution Rename Vendors to Vendors & Partners, or extend the section to explicitly support different third-party types (e.g. vendor, partner, customer, infrastructure provider). Benefits More accurate representation of third-party relationships Better coverage of non-software and collaborative partners Improved clarity and usability for customers
Frank Tiex 21 days ago
Vendor management
Feature Request
Open
Expand Vendors to include Partners and other third parties
Problem The current Vendors section is limited in scope and suggests that only software vendors should be listed. In practice, organizations work with different types of third parties, such as: infrastructure providers, partners involved in collaborative development, customers participating in joint projects. These entities are currently not clearly represented in the Vendors section, although they are relevant from a risk and compliance perspective. Proposed solution Rename Vendors to Vendors & Partners, or extend the section to explicitly support different third-party types (e.g. vendor, partner, customer, infrastructure provider). Benefits More accurate representation of third-party relationships Better coverage of non-software and collaborative partners Improved clarity and usability for customers
Frank Tiex 21 days ago
Vendor management
Feature Request
Visibility of groups (and use as filter) in inventory/employees
It would be a significant help, if the groups to which employees were assigned to already were visible and used for filtering in the inventory section. Especially the reporting assignment would become much faster with such a filter.
Frank Tiex 1 day ago
Feature Request
Visibility of groups (and use as filter) in inventory/employees
It would be a significant help, if the groups to which employees were assigned to already were visible and used for filtering in the inventory section. Especially the reporting assignment would become much faster with such a filter.
Frank Tiex 1 day ago
Feature Request
Filtering Vendors
As an admin or editor, I’d like to filter the list of vendors by multiple criteria, as Owner, Risk Level, completion of mandatory attributes from the details panel.
Frank Tiex 1 day ago
Vendor management
Feature Request
Filtering Vendors
As an admin or editor, I’d like to filter the list of vendors by multiple criteria, as Owner, Risk Level, completion of mandatory attributes from the details panel.
Frank Tiex 1 day ago
Vendor management
Feature Request
In Progress
Allow users to exist in multiple Secfix workspaces
Enable the same user (email) to be part of multiple Secfix workspaces. This is needed for enterprises with multiple subsidiaries, where each subsidiary has its own Secfix workspace but uses the same Identity Provider.
Jakub Wanat 6 days ago
Feature Request
In Progress
Allow users to exist in multiple Secfix workspaces
Enable the same user (email) to be part of multiple Secfix workspaces. This is needed for enterprises with multiple subsidiaries, where each subsidiary has its own Secfix workspace but uses the same Identity Provider.
Jakub Wanat 6 days ago
Feature Request
In Progress
Control which employees are in scope using Google Workspace groups
We want to control which employees are in scope in Secfix when connecting our Identity Provider, instead of having to connect our entire parent organization. As an enterprise with multiple subsidiaries and domains under one IDP, we manage different employee groups using directory groups and attributes. When connecting our IDP to Secfix, we need the ability to select a specific group that defines which users belong to a given Secfix workspace. This would allow us to manage subsidiaries and business units separately and avoid pulling in out-of-scope employees.
Katie Cameron 6 days ago
Feature Request
In Progress
Control which employees are in scope using Google Workspace groups
We want to control which employees are in scope in Secfix when connecting our Identity Provider, instead of having to connect our entire parent organization. As an enterprise with multiple subsidiaries and domains under one IDP, we manage different employee groups using directory groups and attributes. When connecting our IDP to Secfix, we need the ability to select a specific group that defines which users belong to a given Secfix workspace. This would allow us to manage subsidiaries and business units separately and avoid pulling in out-of-scope employees.
Katie Cameron 6 days ago
Feature Request
Open
Allow different link formats while entering links as manual evidences
We want to add links to manual evidence from our document management system, and the links look like this: xyzexample:\\(123) Secfix does not allow this format in the ui, it only allows something like this: https://xyzexample:\\(123) This does not work because we only need the xyzexample:\\(123) and don’t want to edit each time.
Elisabeth Fockel - LANOS 7 days ago
Feature Request
Open
Allow different link formats while entering links as manual evidences
We want to add links to manual evidence from our document management system, and the links look like this: xyzexample:\\(123) Secfix does not allow this format in the ui, it only allows something like this: https://xyzexample:\\(123) This does not work because we only need the xyzexample:\\(123) and don’t want to edit each time.
Elisabeth Fockel - LANOS 7 days ago
Feature Request
Complete
Automated checks should respect the start date of the employee
We create accounts in MS already before the employee starts. Here is an example, where I set the start date in the Secfix platform to 1.2.2026. But in every automated check, this employee comes up. So, the automatic checks should respect the start date, in my opinion.
Martin Trachsel About 1 month ago
Automated tasks
Feature Request
Complete
Automated checks should respect the start date of the employee
We create accounts in MS already before the employee starts. Here is an example, where I set the start date in the Secfix platform to 1.2.2026. But in every automated check, this employee comes up. So, the automatic checks should respect the start date, in my opinion.
Martin Trachsel About 1 month ago
Automated tasks
Feature Request
Under Review
“Select All” option when assigning groups to accept policies
When uploading or updating a policy in Secfix and selecting the groups that need to acknowledge it, each group must currently be selected manually. For customers with many groups configured, this becomes time-consuming and unnecessarily repetitive, especially when most or all groups need to confirm the document. Proposed Solution Add a “Select all” checkbox/button in the group selection component when assigning document confirmations. Impact / Value Saves time for customers with many groups Reduces frustration and repetitive manual clicks Improves usability without changing core functionality
Frank Tiex 13 days ago
Policies
Feature Request
Under Review
“Select All” option when assigning groups to accept policies
When uploading or updating a policy in Secfix and selecting the groups that need to acknowledge it, each group must currently be selected manually. For customers with many groups configured, this becomes time-consuming and unnecessarily repetitive, especially when most or all groups need to confirm the document. Proposed Solution Add a “Select all” checkbox/button in the group selection component when assigning document confirmations. Impact / Value Saves time for customers with many groups Reduces frustration and repetitive manual clicks Improves usability without changing core functionality
Frank Tiex 13 days ago
Policies
Feature Request
Open
Extend Asset Classification to Include Availability and Integrity
The current asset and information classification system is based solely on confidentiality. There is no classification of assets with respect to their availability and integrity requirements. Why This Is a Problem Relying only on confidentiality results in an incomplete protection needs assessment. Assets with high availability or integrity requirements may not receive adequate protection, which can negatively impact: the effectiveness of implemented security controls, risk identification and prioritization, alignment with ISO/IEC 27001 requirements. -> causing a nonconformity during the audit Proposed Feature Extend the asset classification framework to include availability and integrity dimensions, in addition to confidentiality. For each asset, users should be able to define protection needs across all three CIA dimensions.
Poul L. About 1 month ago
Inventory
Feature Request
Open
Extend Asset Classification to Include Availability and Integrity
The current asset and information classification system is based solely on confidentiality. There is no classification of assets with respect to their availability and integrity requirements. Why This Is a Problem Relying only on confidentiality results in an incomplete protection needs assessment. Assets with high availability or integrity requirements may not receive adequate protection, which can negatively impact: the effectiveness of implemented security controls, risk identification and prioritization, alignment with ISO/IEC 27001 requirements. -> causing a nonconformity during the audit Proposed Feature Extend the asset classification framework to include availability and integrity dimensions, in addition to confidentiality. For each asset, users should be able to define protection needs across all three CIA dimensions.
Poul L. About 1 month ago
Inventory
Feature Request
Under Review
Remember filter settings
It would be nice, if the pages for Automated Checks and Manual Evidences could remember the personal filter settings at least during a user session. Currently, if you leave these pages and return again, the selections are gone.
Frank Tiex 15 days ago
Manual evidence
Feature Request
Under Review
Remember filter settings
It would be nice, if the pages for Automated Checks and Manual Evidences could remember the personal filter settings at least during a user session. Currently, if you leave these pages and return again, the selections are gone.
Frank Tiex 15 days ago
Manual evidence
Feature Request
Open
RHEL/Fedora RPM Package for SecFix agent
As of now, only packages for Debian and Ubuntu Linux are available. In enterprise environments, RHEL/Fedora are quite commonly used. Please provide an RPM package for easy installation with these systems. For engineers: The following directories might conflict during installation, because of Fedoras ownership, but should be easily fixable. %dir %attr(0755, root, root) "/etc" %dir %attr(0755, root, root) "/lib" %dir %attr(0755, root, root) "/lib/systemd" %dir %attr(0755, root, root) "/lib/systemd/system" %dir %attr(0755, root, root) "/usr" %dir %attr(0755, root, root) "/usr/local" %dir %attr(0755, root, root) "/usr/share" %dir %attr(0755, root, root) "/usr/share/doc" %dir %attr(0755, root, root) "/var"
Lukas Abegg About 1 month ago
Secfix agent
Feature Request
Open
RHEL/Fedora RPM Package for SecFix agent
As of now, only packages for Debian and Ubuntu Linux are available. In enterprise environments, RHEL/Fedora are quite commonly used. Please provide an RPM package for easy installation with these systems. For engineers: The following directories might conflict during installation, because of Fedoras ownership, but should be easily fixable. %dir %attr(0755, root, root) "/etc" %dir %attr(0755, root, root) "/lib" %dir %attr(0755, root, root) "/lib/systemd" %dir %attr(0755, root, root) "/lib/systemd/system" %dir %attr(0755, root, root) "/usr" %dir %attr(0755, root, root) "/usr/local" %dir %attr(0755, root, root) "/usr/share" %dir %attr(0755, root, root) "/usr/share/doc" %dir %attr(0755, root, root) "/var"
Lukas Abegg About 1 month ago
Secfix agent
Feature Request
Open
CVE references for listed customers/software
As an Information Security Officer I'd like to see known CVEs from public sources, which refer to the vendors and software listed within Secfix for our tenant. This would support the vulnerability check/non-conformities for the continuous tracking. The premium version would mark computers with identified vulnerabilitites, although this is quite operational and goes far beyond a certification tool.
Frank Tiex 21 days ago
Computers
Feature Request
Open
CVE references for listed customers/software
As an Information Security Officer I'd like to see known CVEs from public sources, which refer to the vendors and software listed within Secfix for our tenant. This would support the vulnerability check/non-conformities for the continuous tracking. The premium version would mark computers with identified vulnerabilitites, although this is quite operational and goes far beyond a certification tool.
Frank Tiex 21 days ago
Computers
Feature Request
Open
Create Tasks in Linear
Even though I connected Linear as part of the ticketing integrations, Jira seems to be the only available options to automatically create and links tasks from SecFix.
Matteo Galli 22 days ago
Connections
Feature Request
Open
Create Tasks in Linear
Even though I connected Linear as part of the ticketing integrations, Jira seems to be the only available options to automatically create and links tasks from SecFix.
Matteo Galli 22 days ago
Connections
Feature Request
Open
Fetch "not enabled" data related to vendors from MS and ignore them automatically
There are some vendors that appear on Secfix's vendors list, which are marked in MS as "not enabled for users to sign in," and the users are unable to access these applications. We need these applications due to our configuration, but they are inaccessible to the users. It'd be good if Secfix read this data and marked it appropriately on the Vendors page.
Martin Trachsel 22 days ago
Vendor management
Feature Request
Open
Fetch "not enabled" data related to vendors from MS and ignore them automatically
There are some vendors that appear on Secfix's vendors list, which are marked in MS as "not enabled for users to sign in," and the users are unable to access these applications. We need these applications due to our configuration, but they are inaccessible to the users. It'd be good if Secfix read this data and marked it appropriately on the Vendors page.
Martin Trachsel 22 days ago
Vendor management
Feature Request
Under Review
Enable comments in the in app Project Status Report
Currently we cannot express our progress in percentage, only choose weather a task from the PSR is completed or incomplete. Also there is no possibility to comment on the task, which would be helpful to work with our CSM or collaborate with our internal teams. Ideally there should be a comment field, which would help to stay up to date & transparent for all parties.
Fidel Esquivel About 1 month ago
Home
Feature Request
Under Review
Enable comments in the in app Project Status Report
Currently we cannot express our progress in percentage, only choose weather a task from the PSR is completed or incomplete. Also there is no possibility to comment on the task, which would be helpful to work with our CSM or collaborate with our internal teams. Ideally there should be a comment field, which would help to stay up to date & transparent for all parties.
Fidel Esquivel About 1 month ago
Home
Feature Request
Open
Sync due dates of treatment tasks with the due dates in the linked ticket
The best case would be to update the ticket in Jira, and this should sync the due date in the risk register if the ticket is linked.
Jan Wagner About 1 month ago
Risk register
Feature Request
Open
Sync due dates of treatment tasks with the due dates in the linked ticket
The best case would be to update the ticket in Jira, and this should sync the due date in the risk register if the ticket is linked.
Jan Wagner About 1 month ago
Risk register
Feature Request