💡 Feature requests

Currently when uploading files (screenshots, docs) to manual evidence tasks, you can only select 1x file at a time. The ability to select multiple files from the file picker would make this process so much better. You can currently do this in the Automated Checks comment section. But not in Manual Evidence or Vendors.

The Risk Register currently has predefined fields, limiting flexibility for different risk management needs. Adding custom fields would allow users to tailor risk entries to their specific requirements. Use Case Risk management processes vary across organizations, and predefined fields may not always capture all necessary details. For example: A financial institution might need a "Regulatory Compliance Impact" field. A tech company might want a "Data Sensitivity Level" field. A project-based organization could track risks by "Department" or "Project Phase."

* Assets returned by employees > should be tracked under assets available * Cloud provider service agreement > alreadey in assets available * ISO 27001 certification from cloud provider > already in assets available * Supplier/vendor agreements > already in assets available

That way I wouldn't need to change it manually in case a user is terminated.

If admin has approved a policy, you can't revoke the approval. It goes directly to the employees that have been assigned to the policy. I'd like to be able to revoke it and that all the groups assigned to this policy are unassigned as well.

Customer is suggesting to add another likelihood level in the residual likelihood part of the risk management. Example: Risk A was reviewed and it's treatment strategy is avoidance. The risk was removed completely. Nevertheless the residual risk likelihood can be set only to "low" "medium" or "high" or "critical". Customer is aware that the "low" level refers to risk with less than 20% chance of happening, would however like to see an 5th option, expressing the 0% likelihood.

Email notifications are helpful in the following cases: Alerting editors/admins when users are assigned as owners. Notifying when a new admin is added to the account. Informing employees about newly uploaded policies ready for review. Sending automated employee reminder notifications, with a central setting to configure reminder frequency and preferences.

our Company use Passbolt as our passwordmanager, is it possible to Check for the Browser extention or the Client installation of Passbolt, Passbolt is open sorce this could make it easyer to implement

Improve collaboration by enabling a comments section and owners for both manual evidence and automated tasks.

The risk treatment checkmark is not intuitive enough (when it got overdue, I didn't know what to do, the fact that I should click on/complete the checkmark wasn't clear to me)