Link custom evidence (e.g. policies) to controls
It would be nice to be able to add (supporting) evidence (e.g. linking a policy, ME or AC) to a control. E.g. “We’d like to map POL-04 as evidence under 12.1.1 PCI DSS control, to have the Acceptable Use section also visible for the PCI DSS audit. That's what our auditor knows from the past and was asking for. Sure, having the POL-02 linked to it is the generic approach and totally correct. The POL-04 would simply make it more concrete.”
Frank Tiex 26 days ago
Feature Request
Link custom evidence (e.g. policies) to controls
It would be nice to be able to add (supporting) evidence (e.g. linking a policy, ME or AC) to a control. E.g. “We’d like to map POL-04 as evidence under 12.1.1 PCI DSS control, to have the Acceptable Use section also visible for the PCI DSS audit. That's what our auditor knows from the past and was asking for. Sure, having the POL-02 linked to it is the generic approach and totally correct. The POL-04 would simply make it more concrete.”
Frank Tiex 26 days ago
Feature Request
MCP server for the Secfix platform
We would like to connect an AI assistant to the platform and programmatically pull compliance data. Problem / use case: The customer is preparing for ISO certification. They want to pull platform data — policies, controls, and related artifacts — into their AI workflow, then auto-generate a detailed requirements-and-preparation plan for the cert. They also want to push the output into Jira (e.g., create a ticket documenting the requirements and prep plan). Today this is manual. Proposed capability: An MCP server that exposes Secfix data (policies, controls, frameworks, evidence) as queryable resources/tools for MCP-compatible AI clients. Read access at minimum; optionally write/action support for downstream integrations (e.g., creating Jira tickets from generated plans).
Srinivas Sambari 25 days ago
Feature Request
MCP server for the Secfix platform
We would like to connect an AI assistant to the platform and programmatically pull compliance data. Problem / use case: The customer is preparing for ISO certification. They want to pull platform data — policies, controls, and related artifacts — into their AI workflow, then auto-generate a detailed requirements-and-preparation plan for the cert. They also want to push the output into Jira (e.g., create a ticket documenting the requirements and prep plan). Today this is manual. Proposed capability: An MCP server that exposes Secfix data (policies, controls, frameworks, evidence) as queryable resources/tools for MCP-compatible AI clients. Read access at minimum; optionally write/action support for downstream integrations (e.g., creating Jira tickets from generated plans).
Srinivas Sambari 25 days ago
Feature Request
Ability to update existing risks by using the "import" feature
Currently, the import feature creates new risks in the risk register. We’d like the option to be able to update the existing risks using this feature. When we put in the exact risk IDs that we already have on the Risk Register, it should update the existing risk entries.
katharina.hansen 3 days ago
Feature Request
Ability to update existing risks by using the "import" feature
Currently, the import feature creates new risks in the risk register. We’d like the option to be able to update the existing risks using this feature. When we put in the exact risk IDs that we already have on the Risk Register, it should update the existing risk entries.
katharina.hansen 3 days ago
Feature Request
Bulk Download of Current Policy Documents
Proposed Solution Add download capabilities directly on the Policies page. Problem We often need to download and share our current policy documents for internal reviews, audits, compliance activities, or document archiving. While policy templates can be downloaded from the Policies page, there is currently no straightforward way to download the actual policy versions maintained by us. We must navigate through multiple screens and use a workaround to access and download min 20 documents. Additionally, downloaded files may lose their original naming structure, creating extra manual work after download.
Oliver Broszat 6 days ago
Feature Request
Bulk Download of Current Policy Documents
Proposed Solution Add download capabilities directly on the Policies page. Problem We often need to download and share our current policy documents for internal reviews, audits, compliance activities, or document archiving. While policy templates can be downloaded from the Policies page, there is currently no straightforward way to download the actual policy versions maintained by us. We must navigate through multiple screens and use a workaround to access and download min 20 documents. Additionally, downloaded files may lose their original naming structure, creating extra manual work after download.
Oliver Broszat 6 days ago
Feature Request
Feature Request: Include Vendor Address Information in Vendor Export
Proposed Solution Add vendor address information (or at minimum vendor location/country) to the Vendor Export. Problem We frequently use the Vendor Export as part of security questionnaires, customer onboarding processes, and audit preparations. While the current export provides a list of vendors, it does not include vendor address/location information. Many customer due diligence and security review questionnaires require not only the vendor name but also information about where the vendor is located. As a result, we currently have to manually open each vendor record and copy the address information into the exported vendor list.
Oliver Broszat 6 days ago
Feature Request
Feature Request: Include Vendor Address Information in Vendor Export
Proposed Solution Add vendor address information (or at minimum vendor location/country) to the Vendor Export. Problem We frequently use the Vendor Export as part of security questionnaires, customer onboarding processes, and audit preparations. While the current export provides a list of vendors, it does not include vendor address/location information. Many customer due diligence and security review questionnaires require not only the vendor name but also information about where the vendor is located. As a result, we currently have to manually open each vendor record and copy the address information into the exported vendor list.
Oliver Broszat 6 days ago
Feature Request
Employee reminder functionality
Currently, a reminder can be sent to a single employee or to all of them having open tasks. When selecting the checkbox of an employee line, the bulk reminder feature disappears. It would be helpful, if a reminder could be sent dedicatedly to selected employees. In addition, it would be a great feature, if there was also an option to use an own, custom text to the reminder. It is in most cases helpful to give some more context to the adressees.
Frank Tiex 6 days ago
Employees
Feature Request
Employee reminder functionality
Currently, a reminder can be sent to a single employee or to all of them having open tasks. When selecting the checkbox of an employee line, the bulk reminder feature disappears. It would be helpful, if a reminder could be sent dedicatedly to selected employees. In addition, it would be a great feature, if there was also an option to use an own, custom text to the reminder. It is in most cases helpful to give some more context to the adressees.
Frank Tiex 6 days ago
Employees
Feature Request
Complete
Devolutions Passwort Manager in Secfix Computer aufnehmen
Der Secfix Agent prüft die PC’s. Devolutions Workspace wurde umbenannt in Devolutions Password Manager. Diesen bitte zusätzlich aufnehmen
Thomas Wischermann 10 days ago
Feature Request
Complete
Devolutions Passwort Manager in Secfix Computer aufnehmen
Der Secfix Agent prüft die PC’s. Devolutions Workspace wurde umbenannt in Devolutions Password Manager. Diesen bitte zusätzlich aufnehmen
Thomas Wischermann 10 days ago
Feature Request
Send Secfix Intro-Email when idP is connected
Employees might not know that the company has started using the Secfix platform and hence might qualify the bulk reminder as a phishing email. It would be helpful if an automated “intro-email” was sent out to all employees, upon connection of the idP, introducing Secfix and letting the employees know that they’ll have to complete a certain number of tasks in the coming days.
aj 11 days ago
Feature Request
Send Secfix Intro-Email when idP is connected
Employees might not know that the company has started using the Secfix platform and hence might qualify the bulk reminder as a phishing email. It would be helpful if an automated “intro-email” was sent out to all employees, upon connection of the idP, introducing Secfix and letting the employees know that they’ll have to complete a certain number of tasks in the coming days.
aj 11 days ago
Feature Request
Custom Vendor review date settings
Just came up recently, where we needed to do a test scenario for three months with a vendor. Would be beneficial if the review date could be adjusted to that timeline, so we could have checked the vendor again / archived them after the test was completed.
Niclas Nibbe 11 days ago
Vendor management
Feature Request
Custom Vendor review date settings
Just came up recently, where we needed to do a test scenario for three months with a vendor. Would be beneficial if the review date could be adjusted to that timeline, so we could have checked the vendor again / archived them after the test was completed.
Niclas Nibbe 11 days ago
Vendor management
Feature Request
Downloaded file name should be the same as what's on the platform
When you download a file, for example, at Evidence, the filename is apparently generated from a UUID, even though the original filename is actually stored in the system (and also displayed). This makes it very cumbersome to assign the downloaded file.
Philipp Lehmayr 12 days ago
Feature Request
Downloaded file name should be the same as what's on the platform
When you download a file, for example, at Evidence, the filename is apparently generated from a UUID, even though the original filename is actually stored in the system (and also displayed). This makes it very cumbersome to assign the downloaded file.
Philipp Lehmayr 12 days ago
Feature Request
Evidences: Usage references
I like the way evidences are shown and handled now. There’s just one detail, I might have missed so far. It would be very helpful to have a dedicated tab for a single evidence to see, to which Framework controls it is linked. Coming from the Framework, you can drill down to the evidences, but in practice I feel, the other way around would be even more helpful. It’s a kind of cross-reference, should not be too difficult to implement.
Frank Tiex 19 days ago
Manual evidence
Feature Request
Evidences: Usage references
I like the way evidences are shown and handled now. There’s just one detail, I might have missed so far. It would be very helpful to have a dedicated tab for a single evidence to see, to which Framework controls it is linked. Coming from the Framework, you can drill down to the evidences, but in practice I feel, the other way around would be even more helpful. It’s a kind of cross-reference, should not be too difficult to implement.
Frank Tiex 19 days ago
Manual evidence
Feature Request
Wiz Integration | CNAPP (Cloud-Native Application Protection Platform)
We use Wiz as our cloud security platform and would like to see a native integration with Secfix. Wiz already contains relevant cloud security posture, monitoring, and control evidence, so being able to sync this information automatically into Secfix would reduce manual evidence collection and make audit preparation more efficient. This would also help us demonstrate our cloud security controls more clearly during ISO 27001 audits. We’ve also noticed that similar compliance automation platforms already support Wiz integrations, so having this available in Secfix would provide significant additional value for teams using modern cloud security tooling.
Matt Sleeman about 2 months ago
Connections
Feature Request
Wiz Integration | CNAPP (Cloud-Native Application Protection Platform)
We use Wiz as our cloud security platform and would like to see a native integration with Secfix. Wiz already contains relevant cloud security posture, monitoring, and control evidence, so being able to sync this information automatically into Secfix would reduce manual evidence collection and make audit preparation more efficient. This would also help us demonstrate our cloud security controls more clearly during ISO 27001 audits. We’ve also noticed that similar compliance automation platforms already support Wiz integrations, so having this available in Secfix would provide significant additional value for teams using modern cloud security tooling.
Matt Sleeman about 2 months ago
Connections
Feature Request
Bulk download all evidences
I need to export all SOC 2 evidence files as a ZIP package. I want to download all the evidence to my folder and not go over it 1 by 1. I am the auditor and want to save it in my DB.
meni.b about 2 months ago
Feature Request
Bulk download all evidences
I need to export all SOC 2 evidence files as a ZIP package. I want to download all the evidence to my folder and not go over it 1 by 1. I am the auditor and want to save it in my DB.
meni.b about 2 months ago
Feature Request
Vendor Discovery Page – Surfacing New/Unreviewed Vendors More Clearly
Title: Vendor Discovery Page – Surfacing New/Unreviewed Vendors More Clearly Description: The current "Discover Vendors" tab shows all vendors in a single list, including those already ignored. With 144 vendors in total—over 130 of which have been ignored—it's difficult to tell at a glance whether any new vendors require review. Proposed Solution: The optimal improvement would be to split the tab into two separate views: A "Discovered Vendors" tab (or equivalent) showing only unreviewed/un-ignored vendors A separate "Ignored Vendors" tab for vendors already dismissed This would allow users to immediately see how many vendors need attention without scrolling through a long mixed list. Alternative / Minimum Viable Improvement: If a full tab split isn't feasible, sorting the list by status (new vs. ignored) would also help—but only if a visible "New" badge or count indicator is shown in the header, so users are alerted without having to open the tab at all. User Impact: This change would make the Vendor page significantly more actionable for users managing large vendor lists, reducing the effort required to stay on top of new additions.
Melita Mujičić about 2 months ago
Feature Request
Vendor Discovery Page – Surfacing New/Unreviewed Vendors More Clearly
Title: Vendor Discovery Page – Surfacing New/Unreviewed Vendors More Clearly Description: The current "Discover Vendors" tab shows all vendors in a single list, including those already ignored. With 144 vendors in total—over 130 of which have been ignored—it's difficult to tell at a glance whether any new vendors require review. Proposed Solution: The optimal improvement would be to split the tab into two separate views: A "Discovered Vendors" tab (or equivalent) showing only unreviewed/un-ignored vendors A separate "Ignored Vendors" tab for vendors already dismissed This would allow users to immediately see how many vendors need attention without scrolling through a long mixed list. Alternative / Minimum Viable Improvement: If a full tab split isn't feasible, sorting the list by status (new vs. ignored) would also help—but only if a visible "New" badge or count indicator is shown in the header, so users are alerted without having to open the tab at all. User Impact: This change would make the Vendor page significantly more actionable for users managing large vendor lists, reducing the effort required to stay on top of new additions.
Melita Mujičić about 2 months ago
Feature Request
Ability to manually add an employee to Secfix
Currently, I need to reach out to support to manually add an employee to Secfix. I should be able to do it myself as the Admin.
tracy.olnhausen 3 months ago
Feature Request
Ability to manually add an employee to Secfix
Currently, I need to reach out to support to manually add an employee to Secfix. I should be able to do it myself as the Admin.
tracy.olnhausen 3 months ago
Feature Request
The search should also work in German
I use the SECFIX platform in German. Unfortunately, the search function only works with English terms. If you’re using the platform in German, you should also be able to search for German terms. For example, the search in the Manual Records. When I search for “Rechtsregister,” nothing comes up. I have to search for “Legal,” and then “Rechtsregister” appears. It’s kind of illogical. This behavior is the same for all search fields and should be corrected.
Domenico Genco about 1 month ago
Manual evidence
Feature Request
The search should also work in German
I use the SECFIX platform in German. Unfortunately, the search function only works with English terms. If you’re using the platform in German, you should also be able to search for German terms. For example, the search in the Manual Records. When I search for “Rechtsregister,” nothing comes up. I have to search for “Legal,” and then “Rechtsregister” appears. It’s kind of illogical. This behavior is the same for all search fields and should be corrected.
Domenico Genco about 1 month ago
Manual evidence
Feature Request
Automated Recognition of SentinelOne as AV Protection
SentinelOne XDR should be recognized as an AV protection solution on Windows, MacOS and Linux in the “Antivirus installed” compliance check. The Sentinel Agent is listed in the Intune software inventory, so easy to detect.
Frank Tiex about 1 month ago
Inventory
Feature Request
Automated Recognition of SentinelOne as AV Protection
SentinelOne XDR should be recognized as an AV protection solution on Windows, MacOS and Linux in the “Antivirus installed” compliance check. The Sentinel Agent is listed in the Intune software inventory, so easy to detect.
Frank Tiex about 1 month ago
Inventory
Feature Request
Policy acceptance (timestamps) per employees
For the audit purpose (SOC 2 Type II), it would be great to be able to show the policy acceptance timestamps per policy per employee. This was requested by the auditors
Rich Bard about 1 month ago
Feature Request
Policy acceptance (timestamps) per employees
For the audit purpose (SOC 2 Type II), it would be great to be able to show the policy acceptance timestamps per policy per employee. This was requested by the auditors
Rich Bard about 1 month ago
Feature Request