💡 Feature requests

Customer is suggesting to add another likelihood level in the residual likelihood part of the risk management. Example: Risk A was reviewed and it's treatment strategy is avoidance. The risk was removed completely. Nevertheless the residual risk likelihood can be set only to "low" "medium" or "high" or "critical". Customer is aware that the "low" level refers to risk with less than 20% chance of happening, would however like to see an 5th option, expressing the 0% likelihood.

Commenting on behalf of Jan W. - at the moment our Customers do not have a good overview over the vendors. The vendors are currently sorted by owners, risk level or status. As soon as the vendor number grows, there is no way to sort them by their category. Customer is suggesting to structure the risk scenarios by: creating departments; assigning labels; grouping. Use case: A SMB with multiple departments and multiple vendors needs a good overview over the vendors. Adding for instance grouping or labeling by departments will help our customers to assign vendor to the right category - for instance banking, internal communication etc. This helps customers structure the work on the platform and manage the vendor ownership more efficiently.

Tracking audit findings in an Excel sheet feels disconnected - I would like to be able to do this directly within Secfix.

As the list of identified risks in the Risk Register keeps growing over the years, it is becoming harder to manage & maintain using only the Risk Scenario column - filtering by risk ID# would reduce time taken scrolling to look for a specific risk. This is also useful for us to reference in a clean way in our ticketing solution tasks.

We’d like to have the ability for automatically assigning owners to specific areas of the product. For example, we currently assign all cloud assets to a specific owner manually using bulk edit. However, this means we have to assign the owner every time a new resource is added. It would be helpful if there was an option to set an owner for a specific area, so new resources are automatically assigned.

Email notifications are helpful in the following cases: Alerting editors/admins when users are assigned as owners. Notifying when a new admin is added to the account. Informing employees about newly uploaded policies ready for review. Sending automated employee reminder notifications, with a central setting to configure reminder frequency and preferences.

It would be helpful to have an FAQs section in the Trust Center to address common customer questions.

A customizable timeline that maps out all required ISO compliance maintenance actions throughout the year would be highly beneficial. This could include reminders for key tasks like booking the pentest, scheduling internal audits, and performing regular checks (monthly/quarterly). By automating these reminders, IT security teams in SMEs can reduce manual planning efforts and ensure compliance without extra stress. Based on our experience with Secfix and the audit process, having such a structured timeline has proven invaluable—eliminating the need for constant planning and making compliance tasks clear and manageable.

It'd be great if we could use the policies, automated checks and other data already in the Secfix platform to automatically populate answers for RFQs and security questionnaires.