Wiz Integration | CNAPP (Cloud-Native Application Protection Platform)
We use Wiz as our cloud security platform and would like to see a native integration with Secfix. Wiz already contains relevant cloud security posture, monitoring, and control evidence, so being able to sync this information automatically into Secfix would reduce manual evidence collection and make audit preparation more efficient. This would also help us demonstrate our cloud security controls more clearly during ISO 27001 audits. We’ve also noticed that similar compliance automation platforms already support Wiz integrations, so having this available in Secfix would provide significant additional value for teams using modern cloud security tooling.
Matt Sleeman 17 days ago
Connections
Feature Request
Wiz Integration | CNAPP (Cloud-Native Application Protection Platform)
We use Wiz as our cloud security platform and would like to see a native integration with Secfix. Wiz already contains relevant cloud security posture, monitoring, and control evidence, so being able to sync this information automatically into Secfix would reduce manual evidence collection and make audit preparation more efficient. This would also help us demonstrate our cloud security controls more clearly during ISO 27001 audits. We’ve also noticed that similar compliance automation platforms already support Wiz integrations, so having this available in Secfix would provide significant additional value for teams using modern cloud security tooling.
Matt Sleeman 17 days ago
Connections
Feature Request
Vendor Discovery Page – Surfacing New/Unreviewed Vendors More Clearly
Title: Vendor Discovery Page – Surfacing New/Unreviewed Vendors More Clearly Description: The current "Discover Vendors" tab shows all vendors in a single list, including those already ignored. With 144 vendors in total—over 130 of which have been ignored—it's difficult to tell at a glance whether any new vendors require review. Proposed Solution: The optimal improvement would be to split the tab into two separate views: A "Discovered Vendors" tab (or equivalent) showing only unreviewed/un-ignored vendors A separate "Ignored Vendors" tab for vendors already dismissed This would allow users to immediately see how many vendors need attention without scrolling through a long mixed list. Alternative / Minimum Viable Improvement: If a full tab split isn't feasible, sorting the list by status (new vs. ignored) would also help—but only if a visible "New" badge or count indicator is shown in the header, so users are alerted without having to open the tab at all. User Impact: This change would make the Vendor page significantly more actionable for users managing large vendor lists, reducing the effort required to stay on top of new additions.
Melita Mujičić 10 days ago
Feature Request
Vendor Discovery Page – Surfacing New/Unreviewed Vendors More Clearly
Title: Vendor Discovery Page – Surfacing New/Unreviewed Vendors More Clearly Description: The current "Discover Vendors" tab shows all vendors in a single list, including those already ignored. With 144 vendors in total—over 130 of which have been ignored—it's difficult to tell at a glance whether any new vendors require review. Proposed Solution: The optimal improvement would be to split the tab into two separate views: A "Discovered Vendors" tab (or equivalent) showing only unreviewed/un-ignored vendors A separate "Ignored Vendors" tab for vendors already dismissed This would allow users to immediately see how many vendors need attention without scrolling through a long mixed list. Alternative / Minimum Viable Improvement: If a full tab split isn't feasible, sorting the list by status (new vs. ignored) would also help—but only if a visible "New" badge or count indicator is shown in the header, so users are alerted without having to open the tab at all. User Impact: This change would make the Vendor page significantly more actionable for users managing large vendor lists, reducing the effort required to stay on top of new additions.
Melita Mujičić 10 days ago
Feature Request
Ability to manually add an employee to Secfix
Currently, I need to reach out to support to manually add an employee to Secfix. I should be able to do it myself as the Admin.
tracy.olnhausen about 1 month ago
Feature Request
Ability to manually add an employee to Secfix
Currently, I need to reach out to support to manually add an employee to Secfix. I should be able to do it myself as the Admin.
tracy.olnhausen about 1 month ago
Feature Request
The search should also work in German
I use the SECFIX platform in German. Unfortunately, the search function only works with English terms. If you’re using the platform in German, you should also be able to search for German terms. For example, the search in the Manual Records. When I search for “Rechtsregister,” nothing comes up. I have to search for “Legal,” and then “Rechtsregister” appears. It’s kind of illogical. This behavior is the same for all search fields and should be corrected.
Domenico Genco 1 day ago
Manual evidence
Feature Request
The search should also work in German
I use the SECFIX platform in German. Unfortunately, the search function only works with English terms. If you’re using the platform in German, you should also be able to search for German terms. For example, the search in the Manual Records. When I search for “Rechtsregister,” nothing comes up. I have to search for “Legal,” and then “Rechtsregister” appears. It’s kind of illogical. This behavior is the same for all search fields and should be corrected.
Domenico Genco 1 day ago
Manual evidence
Feature Request
Automated Recognition of SentinelOne as AV Protection
SentinelOne XDR should be recognized as an AV protection solution on Windows, MacOS and Linux in the “Antivirus installed” compliance check. The Sentinel Agent is listed in the Intune software inventory, so easy to detect.
Frank Tiex 4 days ago
Inventory
Feature Request
Automated Recognition of SentinelOne as AV Protection
SentinelOne XDR should be recognized as an AV protection solution on Windows, MacOS and Linux in the “Antivirus installed” compliance check. The Sentinel Agent is listed in the Intune software inventory, so easy to detect.
Frank Tiex 4 days ago
Inventory
Feature Request
Policy acceptance (timestamps) per employees
For the audit purpose (SOC 2 Type II), it would be great to be able to show the policy acceptance timestamps per policy per employee. This was requested by the auditors
Rich Bard 5 days ago
Feature Request
Policy acceptance (timestamps) per employees
For the audit purpose (SOC 2 Type II), it would be great to be able to show the policy acceptance timestamps per policy per employee. This was requested by the auditors
Rich Bard 5 days ago
Feature Request
Bulk download all evidences
I need to export all SOC 2 evidence files as a ZIP package. I want to download all the evidence to my folder and not go over it 1 by 1. I am the auditor and want to save it in my DB.
meni.b 9 days ago
Feature Request
Bulk download all evidences
I need to export all SOC 2 evidence files as a ZIP package. I want to download all the evidence to my folder and not go over it 1 by 1. I am the auditor and want to save it in my DB.
meni.b 9 days ago
Feature Request
Put profile pic for policy approver
Under policies —> Profile picture of the approver should be put as well (like we do with the owner) so as to see whether the owner and approver is a different person or not (for quick check with customer)
François Gales 11 days ago
Feature Request
Put profile pic for policy approver
Under policies —> Profile picture of the approver should be put as well (like we do with the owner) so as to see whether the owner and approver is a different person or not (for quick check with customer)
François Gales 11 days ago
Feature Request
Bulk reminder to specific group
Under Employees —> One should be able to send a bulk reminder to a specific group only. This is currently not possible. (Only possible for either every employee concerned or one specific person). Could be interesting if we want to send a reminder to the i.e. the whole CS team.
François Gales 11 days ago
Feature Request
Bulk reminder to specific group
Under Employees —> One should be able to send a bulk reminder to a specific group only. This is currently not possible. (Only possible for either every employee concerned or one specific person). Could be interesting if we want to send a reminder to the i.e. the whole CS team.
François Gales 11 days ago
Feature Request
Enable vendor version & change history
Currently, I need to maintain external spreadsheets for vendor reviews because Secfix does not provide visibility into: what changed, who changed it, when the change happened. Any update overwrites the previous state, making it difficult to track changes and prepare audit evidence. This is especially inefficient in environments with multiple vendor owners across different departments, where many people are responsible for maintaining vendor information and changes happen frequently. Requested Functionality I would like vendor entries to include version history/change tracking similar to policy version history. For each vendor, it should be possible to see: timestamp of the change, user who made the change, changed fields, previous value, new value. Key fields: vendor owner, contact person, authentication method (MFA/SSO), processed data, risk level, certification status, active/inactive status. Expected Outcome This would allow us to: conduct vendor reviews fully inside Secfix, reduce reliance on external spreadsheets, improve audit traceability, simplify evidence collection, better manage reviews across multiple vendor owners.
Jan Wagner 11 days ago
Feature Request
Enable vendor version & change history
Currently, I need to maintain external spreadsheets for vendor reviews because Secfix does not provide visibility into: what changed, who changed it, when the change happened. Any update overwrites the previous state, making it difficult to track changes and prepare audit evidence. This is especially inefficient in environments with multiple vendor owners across different departments, where many people are responsible for maintaining vendor information and changes happen frequently. Requested Functionality I would like vendor entries to include version history/change tracking similar to policy version history. For each vendor, it should be possible to see: timestamp of the change, user who made the change, changed fields, previous value, new value. Key fields: vendor owner, contact person, authentication method (MFA/SSO), processed data, risk level, certification status, active/inactive status. Expected Outcome This would allow us to: conduct vendor reviews fully inside Secfix, reduce reliance on external spreadsheets, improve audit traceability, simplify evidence collection, better manage reviews across multiple vendor owners.
Jan Wagner 11 days ago
Feature Request
Optional "Reports to" Requirement for Externals/ Contractors
Currently, automated checks require all employees/users to have an assigned owner/manager. This creates issues for external employees and contractors (e.g. external developers), who: work inside the company environment, should still complete compliance-related tasks such as Security Awareness Training and Policy Acceptance, but often do not have a formal internal manager/owner within the organization. At the moment, customers are forced to assign arbitrary HR or IT users as owners purely to satisfy the automated check requirements. Introduce a new configurable setting on employee groups tasks: Ownership/ Reports to required (enabled/disabled)
Frank Tiex 12 days ago
Feature Request
Optional "Reports to" Requirement for Externals/ Contractors
Currently, automated checks require all employees/users to have an assigned owner/manager. This creates issues for external employees and contractors (e.g. external developers), who: work inside the company environment, should still complete compliance-related tasks such as Security Awareness Training and Policy Acceptance, but often do not have a formal internal manager/owner within the organization. At the moment, customers are forced to assign arbitrary HR or IT users as owners purely to satisfy the automated check requirements. Introduce a new configurable setting on employee groups tasks: Ownership/ Reports to required (enabled/disabled)
Frank Tiex 12 days ago
Feature Request
Automatic Data Sync for Maintenance PSR
Enable the Maintenance PSR to automatically pull and reflect updates from other relevant sections (e.g., Risk Register, Vendor Reviews) to reduce manual work and ensure consistency. Introduce automatic synchronization between the Maintenance PSR and other key modules: When the Risk Register is reviewed, this should automatically update the corresponding task/status in the Maintenance PSR When a quarterly vendor review is completed, the related task in the Maintenance PSR should be automatically marked as completed Expected Benefits Eliminate repetitive manual updates Improve data consistency across the platform Save time for users managing ongoing ISO 27001 compliance Reduce risk of missing required maintenance actions
Jan Wagner about 1 month ago
Feature Request
Automatic Data Sync for Maintenance PSR
Enable the Maintenance PSR to automatically pull and reflect updates from other relevant sections (e.g., Risk Register, Vendor Reviews) to reduce manual work and ensure consistency. Introduce automatic synchronization between the Maintenance PSR and other key modules: When the Risk Register is reviewed, this should automatically update the corresponding task/status in the Maintenance PSR When a quarterly vendor review is completed, the related task in the Maintenance PSR should be automatically marked as completed Expected Benefits Eliminate repetitive manual updates Improve data consistency across the platform Save time for users managing ongoing ISO 27001 compliance Reduce risk of missing required maintenance actions
Jan Wagner about 1 month ago
Feature Request
ability to edit assigned employee groups for a draft policy
Currently, you can see on the right panel of a policy detail which employee groups a draft policy was assigned to. It would be cool if this were not only a list of group tags, but a list of check boxes so that we can edit them when necessary. This would make things much easier. Since group settings only list approved policies, it’s a hassle to manage this before a policy is approved.
Frank Tiex about 1 month ago
Feature Request
ability to edit assigned employee groups for a draft policy
Currently, you can see on the right panel of a policy detail which employee groups a draft policy was assigned to. It would be cool if this were not only a list of group tags, but a list of check boxes so that we can edit them when necessary. This would make things much easier. Since group settings only list approved policies, it’s a hassle to manage this before a policy is approved.
Frank Tiex about 1 month ago
Feature Request
Hide CISOai bubble
It’d be great to have a toggle to hide the CISOai bubble. It’s useful sometimes, but it’s mostly distracting.
Fidel Esquivel about 1 month ago
Feature Request
Hide CISOai bubble
It’d be great to have a toggle to hide the CISOai bubble. It’s useful sometimes, but it’s mostly distracting.
Fidel Esquivel about 1 month ago
Feature Request
Detect all groups from IdP for scoping
I thought I would not have to create a new group in the IdP, but rather select among the groups that were already created. So, for us at M365 IdP, we have our groups created, for example: XXX-HQ XXX-Germany So I expect that the integration would be able to fetch already present groups from the IdP and let us select from those groups. With the current behavior, I would need to either rename XXX-HQ to Secfix-XXX-HQ or create another "duplicate" group called Secfix-XXX-HQ.
galo.rosero about 1 month ago
Feature Request
Detect all groups from IdP for scoping
I thought I would not have to create a new group in the IdP, but rather select among the groups that were already created. So, for us at M365 IdP, we have our groups created, for example: XXX-HQ XXX-Germany So I expect that the integration would be able to fetch already present groups from the IdP and let us select from those groups. With the current behavior, I would need to either rename XXX-HQ to Secfix-XXX-HQ or create another "duplicate" group called Secfix-XXX-HQ.
galo.rosero about 1 month ago
Feature Request