💡 Feature requests

It'd be great if we could use the policies, automated checks and other data already in the Secfix platform to automatically populate answers for RFQs and security questionnaires.

Right now, access requests are handled manually via email, which is time-consuming & I would rather not start using an alternative app outside of Secfix. A built-in workflow in Secfix would help streamline approvals while maintaining control. Customizable approval workflows based on roles and policies. Auto-generated audit logs to ensure compliance. Integration with IAM tools for automated provisioning/deprovisioning. Ability to toggle between manual and automated processing as needed.

The trust center access request email lacks a clear call to action and does not provide any guidance on how to approve the request.

In the past, you were able to complete your access review using Secfix Access Management Google Sheet prototype (see screenshot). However, some of you left the task open for quite a while and didn't come back to it to complete the review. To repeat access review, you needed to go through a long process of updating the access lists for each tool. What we can change Once Access Page is automated and shows a list of accesses in the most critical software you use you could add the access tasks and conduct a proper access review directly on the platform. It allows to keep access page and access reviews up-to-date and see the Access Review history for your audits. Loom Video https://www.loom.com/share/0464141d05f049149affacf47244c24f

Incorporate Statement of Applicability from security reports into the platform

As Secfix grows, I see the need to allow companies to better segment their user permissions (not only between admin or employee).

Allowing custom tags for all the list items (vendors, access, risks, etc) would make working with them much easier and flexible. possible uses: mark as WIP, missing DPA, asset type, assigned team, and much more

Request I would like to have an internal audit reporting tool integrated into the platform that we can fully manage ourselves. The tool should allow us to document findings and observations from internal audits and directly generate actionable items such as tickets or to-dos from these entries. This would streamline the audit follow-up process and ensure traceability. Benefits Centralized and structured internal audit documentation. Immediate creation of follow-up tasks to close gaps efficiently. Improved traceability and accountability during audit cycles. Reduced reliance on external tools or manual workflows.

Request I would like to see a centralized repository within the platform for two types of documents that currently lack a dedicated space: Documents not directly linked to Policies (POLs) – such as cloud exit strategies, backup strategies, or overarching compliance frameworks. These documents are important for audits and internal controls but do not fit neatly under specific policies. Documents exclusively related to the ISMS (Information Security Management System) – such as ISMS-specific procedures, frameworks, or strategic documents that are essential for managing the system but aren’t tied to individual POLs. Benefits Clear and structured access to critical compliance documents. Better support for audit readiness and ISMS maintenance. Reduced risk of document scattering and information loss.

It would be great to have the ability to add custom fields to vendors. This would allow us to track important details such as: Has the contract been signed? Do they delete data within six months? Where is their data located? Where do they process their data?