Changelog
Follow up on the latest improvements andΒ updates.
RSS
1. NIS 2 Framework is now available on Secfix!
: Review your NIS 2 health score on your dashboard and access the detailed NIS 2 compliance report. 
2. TISAX Health score and compliance reports
: Review your TISAX health score on your dashboard and access the detailed TISAX compliance reports.
3. Trust Center: Attach resources to compliance frameworks
: You can now upload or link a resource, such as a certification, directly to a compliance framework in the Trust Center. It will appear alongside the. compliance framework and also be accessible in the resources section. 
. 4. Azure Connection: Simplified Setup Flow
: Weβve redesigned the Azure connection steps to make the process smoother and more intuitive. With clearer instructions and a more user-friendly flow, connecting your Azure account is now easier than ever.
1. GCP Connection: Simplified Setup Flow
Weβve redesigned the GCP connection steps to make the process smoother and more intuitive. With clearer instructions and a more user-friendly flow, connecting your GCP account is now easier than ever.
2. Trust Center: Add Link Resources
You can now attach links as resources in the Trust Center, alongside documents.
3. Mark automated task as "Not Applicable"
You can now mark automated tasks as "Not Applicable." Once marked, these tasks will be hidden from your main view and will not appear in your security report. However, you can still view them by applying the "Not Applicable" filter. If needed, you can restore them to the main list by switching their status to "Mark as Applicable."
Your customers and prospects can now view your Trust Center seamlessly on any device. Whether they're on a phone, tablet, or desktop, the experience is smooth and responsive.
You can dive in right now and start creating and publishing your own Trust Center. Check out how our co-founder Grigory customizes the Trust Center for Secfix in under 5 minutes!
With the Secfix Trust Center, you can upload your certificates, policies, and other resources, make them public or restricted, customize most of the content, colors, and logos, add subprocessors with automated suggestions, and add controls applicable to your company within seconds. And as a cherry on top β you can receive access requests for sensitive documents like pentest reports from your prospects.
We've also created a self-starter guide for you: Introduction to the Trust Center.
If you'd like some help getting started or want assistance from our designers, feel free to book a quick chat with us through this Calendly link.
You asked, and we listened.
This release focuses on bug fixes and feature improvements based on your feedback:βοΈ
Updates on Manual Evidence:
: - Secure Configuration Baselines: Added 2 new templates (in EN and DE).
- Test of Incident Response Plan: Added 1 new template (in DE).
- Incident Report or Root Cause Analysis: Added 1 new template (in DE).
- Tabletop Disaster Recovery Exercise: Added 1 new template (in DE).
ποΈ
Enhanced employee end date logic
: If an employee is removed from the IDP (e.g., Office365) and the end date is fetched from the IDP, Secfix will prevent manually overwriting the end date with an empty value or clearing it. However, users can manually change the end date to any other past date.π
Fixed cloud asset sync issue
: Manual changes to cloud asset attributes now persist after syncs.β‘
Real-time updates on employees page
: Updates are now saved and displayed immediately without requiring a page refresh.π₯
Improved policy update feature
: Automatically pre-selects previously selected groups when uploading a new policy version.π©πͺ
Added German security questionnaires
: Support for German security questionnaires for vendors.π
Simplified risk assessment survey
: Survey questions are now optional, making it easier to skip irrelevant questions.πΌ
Fixed user role change issue
: Resolved unintended user terminations caused by role changes.Weβre thrilled to introduce an amazing new feature that will transform your workflow!
π Reuse Past Evidence
Now, you can easily reuse past evidence, making your workflow more efficient and streamlined.
For a closer look at this awesome update, check out the following video
πͺ
Additional Enhancements:
- Dashboard:Enhanced health score for ISO27001:2022
- Reports:Added ISO27001:2013 security report
- Risk Assessments:Added a success alert to inform you of the number of added risk scenarios after completing an assessment survey.
- New Navbar:Our app now features a fresh and updated look with a new navbar.
- Access Page:Added missing fields and helpful tooltips.
new
May updates
πͺ Risk Assessments
You can now easily identify risks specific to your organization. The assessment includes questions tailored to the most common risks faced by modern companies
π GDPR Health score report
Now you can review your GDPR health score on your dashboard and access the detailed GDPR security report.
π Improved access page
- β Check the status of MFA & SSO for accounts
- β Easily assign owners inline
- β Identify accounts as "External person" or "Not a person"
- β Add your notes to accounts
π Improved manual evidence
- β Assign an owner to manual evidence
- β Add your notes to manual evidence
π New features
HRIS Integration:
- Improved Sync: Enhancements to the synchronization process between HRIS and IDP to ensure accurate user data.
- Force Sync on Reconnect: Automatically syncs HRIS data when reconnection occurs.
- Employee Status Alignment: Standardizes employee status to always reflect Secfix as the source.
π Fixes & Improvements
- User Sync Bug Fix: Resolved issues with syncing users between IDP and HRIS following customer feedback.
- Control Status Calculation: Fixed bugs in control status calculations for Security Reports and ISO27001 Health Score, centralizing status calculations on the backend.
- Cloud Tags Bug Fix: Resolved issues with cloud tag management in inventory.
- Enhanced Company Representation: Updated to display the company name prominently.
- Security Report Improvements: Addressed missing status icons and text in security report summaries.
- New Filters: Introduced 'New Person/Not Person' as a filter option on the employee page.
- HR Merge Date Corrections: Corrected date displays in HR merge user table.
- Autocomplete and UI Fixes in Risk Register: Improved the controls field with an autocomplete list and enhanced UI.
- Connection Page and Me Page Enhancements: Improved UI on the Connection page and reduced duplicate calls to the data/me endpoint.
- Employee Task Visibility: Fixed an issue where tasks for terminated employees were not visible on hover.
- Progress Bar Color Correction: Addressed a bug causing the progress bar to display as grey when progress is at 100%.
- Access Page Search: Resolved a bug that stopped the search functionality on the Access page when displaying 100 results.
π New features
- HRIS integration: BambooHR and Personio are now integrated, allowing the manual creation of new Secfix accounts synced with HRIS if they are not available on IdP. Note: HRIS is available on-demand only for early adopters.
- Dashboard compliance health score: Track compliance with ISO27001 directly on your dashboard.
- Expanded Summary items on dashboard: Additional links under Summary for quick access to Manual Evidence, Automated Tasks, Risks, Policies, Vendors, Employees.
- Risk snapshots and history: New features for tracking changes over time.
- Improved import for risk management: Now includes options to import Treatment Strategy and Residual Score.
Fixes and improvements
- Treatment tasks: Tasks can now be closed without resetting an approved risk to not approved. Added the possibility to delete treatment tasks directly from their tab.
- Sorting enhancements: Improved sorting functionality on Risks, Vendors, Employees, Access, and Inventory tables.
- Login page: design improvement.
- Employee profile enhancements: Overhauled design and extended filtering capabilities on the employee page.
- Employee onboarding (/me) page: Improved status update behavior on security training and policy tasks.
- Access page: Pagination fix.
- Groups page: Updated to show only active employees (specifically for Florian from Consor).
- Enabled editing Serial No/ID to be empty.
- Enhanced group functionality to only show active employees when a group is selected.
- Fixed issues with imported risks that affected risk approval.
- Employee list: Fixed the filter for groups not functioning correctly.
π New features
- My tasks page:new and improved look for employee-facing tasks on Secfix.
- Sorting: users can now sort risk register and vendor management entries to better view information.
Fixes and improvements
- Issues on My tasks when uploading evidence with multiple custom trainings enabled.
- Task status update on My Tasks.
- Access management pagination.
- Hide GDPR task from employees who shouldn't have this task.
- Issue with duplicate summary emails being sent.
- Issue with summary email policy count.
- Issue with summary email displaying risks that didn't need attention.
Load More
β