Release Notes
Updated by Gillian Langor
November 22, 2024 2.20.0 - 2.24.0
Enhancements
- Updates to assessment follow-up: Updates the default behavior for automatic follow-up on assessments.
- Safebase partnership: Updates UI to indicate when a vendor's trust portal link originates from our partnership with SafeBase.
- Trial capability expansion: New! Production trials now have all control domains enabled by default.
Bug Fixes
- Adds risk values to the list of assessments awaiting risk acceptance.
- Corrects the column names for different tabs in the assessment list.
- Updates the styling for logo sizes in email templates for instances where an email client removes styling.
- Updates the styling to improve the display for security leadership details in directory records.
- Resolves an issue where some vendors were unable to upload artifacts during remediation.
- Resolves a bug that prevented vendors from uploading artifacts on follow-up.
Oct 17, 2024 2.15.0-2.19.0
Bug Fixes
- Resolves a bug where assessment expiry notifications released to vendors too early in the collection process.
Sep 12, 2024 2.13.0 - 2.14.0
Enhancements
- Custom Domains + Co-branded collection: Register your domain and email addresses to ensure all VISO TRUST communications come directly from your organization. Personalize your vendor experience with custom colors, logos, and icons, building trust and consistency at every touchpoint
- You can now filter your relationships by "Risk Accepted" status from the Relationships List page.
Bug Fixes
- Improves error handling for artifact update assessment when there is a difference between how the AI system classifies the original and replacement artifact.
- Fixes a UI bug where the relationship name link flickers and is hard to click on the relationship list page.
- Fixes an issue where the vendor is prevented from submitting a required document after completing a follow-up questionnaire.
- Fixes an issue where the label for "Remediation Assessment" was missing on the Assessment List page.
Aug 23, 2024 2.10.0 - 2.12.0
Enhancements
- Risk Tolerance: Allows org admins to set the risk tolerance of their program. The feature is found under Settings > Risk Model and provides a preview how a different selection would change the distribution of residual risk across your vendor population as well as guidance for what option to select.
- Start assessment: Streamlined "Start Assessment" modal. The new screen formalizes an option to assess a third party with only publicly available information.
- Trust portal link An inline banner now appears on the start assessment modal with to the link to a vendor's trust portal if one is known to accelerate the artifact collection process.
- Collection flow update: Updates the design of the third party collection experience to simplify the steps, language, and follow-up questionnaire logic in service of improved usability.
Bug Fixes
- Fixed an issue where Org Users were unable to manage the tags associated with a relationship.
Aug 2, 2024 - 2.8.0-2.9.0
Enhancements
- Custom email domains can now be configured to send outgoing email from VISO TRUST. You can find the configuration options under Settings > Org Profile. For more information about how to configure this feature, click here.
- Material security incidents disclosed by public companies in SEC 8K documents now automatically create a VISO TRUST Risk Advisory on the platform. If a recent advisory (within the past 30 days) impacts your vendor or 4th party, a notification of the risk advisory will be sent to the business owner and org admins.
Bug Fix
- Disabled risk dimensions no longer show up in the "Print to PDF export" on the relationship page.
July 17, 2024 - 2.5.0-2.7.0
Enhancements
- Customized Contact Options for Lifecycle Management: You can now choose who to contact for specific lifecycle management events. Here’s how it works:
- Default Contact: If lifecycle management is enabled, the default contact will be the third-party contact unless otherwise specified.
- Recertification Settings: For recertification, if you have previously selected “auto,” the system will default to the third-party contact. If you selected “remind me,” it will default to the business owner.
- Contact Changes: If the third-party contact is removed or edited, clients will be notified to supply a new contact to ensure interactive relationship events continue to function smoothly.
- Subscribers: If you’d like other email addresses to be copied on communication for lifecycle events, add them as subscribers on the relationship.
- Recommendation for higher assurance artifact
The recommendation for the third party to provide a higher assurance artifact has been updated as follows:
- When there is no high assurance artifact, a SOC2 Type 2 or ISO is given as an example of a recommended artifact type.
- When a high assurance artifact has already been provided (SOC2 Type 2 or above) the recommendation to provide an even higher assurance artifact (e.g. CSA STAR Level 2 Certification Report or BSI C5 Report) will not be shown.
Bug Fixes
- We have addressed an issue where reminder emails continued to be sent for remediation after the current assessment had been completed.
- Removes the follow-up questionnaire from the initial assessment collection request to reduce friction in the experience. Follow-up questionnaires will be sent if deemed necessary after the artifacts are reviewed by the audit team.
June 14, 2024 2.1.0-2.1.4
Enhancements
- Smart artifact collection: Completely redesigned vendor collection experience that uses Artifact Intelligence to classify documents in real time. This allows us to understand the information tbeing provided and ask for specific documents (e.g. request that an artifact's sibling document be provided like the Statement of Applicability for an ISO report).
- Risk acceptance workflow update: Updates for usability as outlined below
- Risk acceptance and remediation requests can now be revoked at any time after the initial action is taken.
- Lifecycle management settings were decoupled from the action of onboarding/off-boarding.
- An optional comment can be made when accepting risk or requesting remediation. The is logged with a reference to the corresponding action in the "comments" tab of the relationship.
- Assessments for which remediation has been requested will no longer appear in the "awaiting risk acceptance" tab on the assessment list page. The Remediation Requested column on the Relationship List page can be used to filter for all relationships for which remediation has been requested.
- ISO validity period tooltip: Added help text to explain the nuances around how we treat ISO artifact validity. The tooltip text is “While this ISO certification technically remains valid for three years from the initial issue date, VISO treats it as having a 1-year validity period with a buffer of additional 3 months to align with the annual surveillance audit required for maintaining the certification.”
- Email notification updates for risk advisories: If you have a 3rd or 4th party relationships, risk advisory email notification be sent to notification to org admins, business owners, and subscribers on the relationships impacted. If there is no relationship with the third party, only in-app notifications will be sent.
Bug Fixes
- Updates the final assessment reminder cadence to be sent closer to the assessment expiration.
- The specific missing controls will be listed in the recommendation text when a control domain is only partially validated.
May 15, 2024 - 2.0.0
We are excited to announce a major version upgrade for our app! Along with significant platform performance improvements, we’ve introduced several new features and enhancements:
Enhancements
- Risk Advisories
- We publish a feed of Security and Compliance Advisories and link to the source URL along with guidance from VISO TRUST, where relevant.
- Contextualize the impact of a risk advisory to your program with a new metric called "network exposure" which counts third-party and fouth-party connections to the identified organization.
- Explore your network exposure using a prefiltered view of the nth party graph.
- Get notified in-app and by email about recently-created risk advisories relevant to your program.
- This features replaces the existing Public Risk Event Notices page.
- Remediation:
- At the end of an assessment, request Third Party remediation based on assessment recommendations.
- Add a comment for the Third Party, set a target date for the remediation, and choose whether to copy relationship subscribers on associated emails.
- "Remediation Requested" column has been added to the Relationship List page for tracking and management.
- Framework Detections:
- View Control Detections mapped to one of 13 common Security and Compliance frameworks including AICPA TSC, GDPR, ISO27001, ISO27018, ISO27701, NIST 800-171, NIST 800-53, NIST Privacy Framework 1.0, CCPA, GLBA and HIPAA.
- Other Enhancements:
- Tags are now included in the CSV export on the Relationship List page.
- New column on the assessment list page reporting the cumulative calendar days that an assessment has spent "in review".
- New tab on the Assessment List page displaying completed assessments requiring review.
Bug Fixes
- Fixed an issue where some Third-Party metadata was not populating correctly on the directory record.
- Fixed an issue where an incorrect count of recommendations was showing on the Relationship List page.
April 25, 2024 - 1.128.0
Enhancements
- Renames "deleted" relationships as "archived" relationships.
- Adds an entry in the assessment history table corresponding to the "proceed with available info" event.
- Removes the Third Party Details tab from the PDF export of Assessment Results.
- Adds "uploaded date" metadata to the artifact table on the relationship detail page.
Bug Fixes
- Fixes an issue where the table on the data types settings page was not sorting.
April 18, 2024 - 1.127.0
Enhancements
- Added a confirmation step when cancelling an assessment to reduce unintentional cancellation.
- Updated the assessment summary email to include the same information as what is configured for that relationship in the app.
Bug Fixes
- Fixes an issue whereby the inherent risk is reported incorrectly if the relationship context is changed after the assessment is started.
- Fixed an issue where Business Owners were not receiving the Assessment Summary by email.
April 11, 2024 - 1.126.0
Enhancements
- Adds a button, ("Proceed with available info") to initiate an assessment's review stage. This button is inactive until at least one artifact has been uploaded.
- Re-introduces Recommendations into the text-based configurable Assessment Summary.
- Introduces audit logging to the API to track changes made within your VISO TRUST account. Logs include account level actions like login, profile changes, and artifact management.
Bug Fixes
- Fixes an issue where disabled data types are shown as filter options on the Relationship List page.
April 4th, 2024 - 1.125.0
Enhancements
- A new Assessment List page has been added to the platform. This feature enables users to review and take action on assessments requiring their attention.
- Users can now configure the default Assessment Summary contents for all relationships and also offers granular control to configure for an individual assessment as well.
Bug Fixes
- Resolved an issue which included toast messages in the PDF export of the Assessment Summary.
- Resolved an issue which prevented assessment emails from going to the new Third Party Contact after an assessment was started.
March 28th, 2024 - 1.124.0
Enhancements
- VISO TRUST's Privacy Policy has been updated. https://visotrust.com/privacy-policy/
- Resigned the Artifact Types page. The new design adds an FAQ section about Assurance and also updates artifact metadata including calculation of Validity Period for each artifact.
- Increased the assurance value for the SOC2 Type 1 Audit report type. This change required a Risk Model Refresh and relationships impacted by this change now have a lower residual risk. This risk event is noted on the Risk Timeline for these relationships.
- Users can now see a copy of all emails sent out as part of an assessment by clicking the message link under "email activity".
Bug Fixes
- Resolved an issue where the Assessment Summary did not list "Not Applicable" controls from AI, Resilience, Service location, Cyber Insurance & Privacy dimensions, even though they are correctly represented in the Risk Analysis output.
March 21th, 2024 - 1.123.0
Enhancements
- Informational controls found to be Not Present will now be noted in the Assessment Summary.
Bug Fixes
- Resolved an issue which prevented tags from being applied to relationships as a bulk action.
March 14th, 2024 - 1.122.0
Enhancements
- Risk analysis now begins immediately after uploading an artifact to an assessment by populating detections and updating the residual risk score in real time.
- Updated recommendations engine to dynamically specific artifact types when recommending higher assurance documents.
Bug Fixes
- Fixed an issue which erroneously prevented assessments from being started based on available assessment license count.
March 8th, 2024 - 1.121.0
Enhancements
- Improved Recommendations engine by considering an edge case where control validation information spans artifacts of both high and low assurance.
- Added ability to create or modify a Relationship's Third Party Contact through the API.
March 7th, 2024 - 1.120.0
Bug Fixes
- Fixed issue where the "Start Assessment" button was erroneously disabled when starting assessments for multiple relationships.
February 29th, 2024 - 1.119.0
Enhancements
- Added ability for Third Party responder to extend the deadline for artifact collection, communicate that they aren't doing business with you anymore, or collect contact information from someone else to complete the request.
February 15th, 2024 - 1.117.0
Enhancements
- Redesigned the completed Supplemental Questionnaire viewing experience to include filters and detailed references to detected language.
Bug Fixes
- Fixed an issue which prevented images in email notifications from rendering in some email clients.
- Fixed an issue which erroneously reported out of scope Risk Domains as being non-compliant.
February 8th, 2024 - 1.116.0
Enhancements
- Updated the Org User role permissions to be able to view and add comments.
- Added detail pages for Organizations in the Third Party Directory populated with risk-relevant metadata.
- Added risk-relevant metadata about Organizations to the Relationship Detail Page.
- The Assessment Summary is now distributed via email to the Subscribers list for a relationship.
Bug Fixes
- Fixed a bug that published Recommendations for out of scope, and informational control domains.
- Improved error handling and related user messaging for bulk relationship upload.
February 1st, 2024 - 1.115.0
Enhancements
- Improved the Risk Network experience to show only verified 4th party directory records.
Bug Fixes
- Fixed an issue which prevented a user from seeing Vendor Details on the Relationship detail page.
January 30th, 2024 - 1.114.0
Enhancements
- Updated new user registration to remove required fields and simplify experience.
- Added structured Assessment Recommendations to the Relationship detail page.
January 25th, 2024 - 1.113.0
Enhancements
- Improved Data Types detail page to display categorization, sensitivity level, and value.
January 18th, 2024 - 1.112.0
Bug Fixes
- Resolved an issue which prevented the User role from seeing Control Validation Detections.
January 11th, 2024 - 1.111.0
Enhancements
- Added form field validation in assessment questionnaire experience so that users understand where answers are missing or incomplete.
Bug Fixes
- Resolved an issue which prevented "created by" from showing in Relationship detail page.
January 4th, 2024 - 1.110.0
Bug Fix
- Resolved an issue which prevented duplicated artifacts from being automatically validated in Trust Profiles.
December 21th, 2023 - 1.109.0
Enhancements
- Risk level, compliance status, and information collection status will be displayed for their respective Control Dimension.
Bug Fixes
- Resolved an issue which prevented sorting on the Users page.
- Resolved an issue which erroneously included deleted relationships in the existing relationship count on the directory page.
- Fixed issue preventing the ability to download all artifacts from the Relationship Detail Page.
- Resolved an issue which allowed Org Users to add a Risk Override to a Relationship.
December 18th, 2023 - 1.108.0
Enhancements
- Clients can now search for Organizations by popular product names in the Third Party Directory.
- Downloaded Questionnaires from Supplemental or Trust will now include Detection data relevant for each answer.
Bug Fixes
- Resolved an issue which prevented users from downloading all Artifacts from a Relationship when they included URL Artifacts.
December 7th, 2023 - 1.107.0
Enhancements
- The integrations page has been updated to include management options for all existing system integration options, as well as potential future integrations users can vote on.
- Transactional email templates have been updated to consider alternative Relationship Contact information in the even the configured Contact is no longer active.
Bug Fixes
- Resolved an issue which prevented the Relationships List Page from updating when updating Relationship Owners.
November 30th, 2023 - 1.106.0
Enhancements
- Risk Override has been introduced to the Relationship experience. Org Admins can apply a Risk Override in the Onboarding flow, and document alongside it an optional message, and remove them at a later date if desired. The Override will persist until removed by an Org Admin. The Legacy Risk import is now a Risk Override and the Import experience has been updated accordingly.
- The API has been updated to include Assessment Resource management. Assessments can be started via the API, including the submission of client provided Artifacts. Note: Artifacts cannot be added via GraphQL.
- Hash-based routing has been deprecated for the web application. URLs will no longer contain a "#". This simplifies a number of browser and other technologies implemented in the tool. You can still use the "#" and it will redirect your request, but it's no longer supported and may cause issues in the future.
Bug Fixes
- Resolved a bug which prevented the Control Domain statistics from showing in the Relationships Detail Page for imported Relationships.
- Resolved an issue which prevented the Primary Third Party Contact from being removed from the Relationship.
November 23rd, 2023 - 1.105.0
Enhancements
- Improved the Import experience by informing Users of various file related limitations
- Improved the Notification experience by allowing users to click anywhere and be navigated to the related Assessment or Relationship
- Assessments will no longer be automatically created when making changes to a Relationship that has control domain areas that have not been previously validated
Bug Fixes
- Resolved an issue which prevented the appropriate Reply To e-mail address to be set on Assessment related notifications
- Resolved an issue which prevented Users from editing the Relationships List Page columns
November 17th, 2023 - 1.104.0
Enhancements
- The Integrations menu is now exposed generally, initially offering the Coupa integration. Customers of Coupa can integrate seamlessly with VISO TRUST to ensure all of their suppliers are Assessed. Many more integrations to follow! See https://support.visotrust.com/article/rwajblgguk-how-to-configure-coupa-supplier-sync for information on how to configure.
- Customers can now assign users to an Org User role, in addition to the existing Org Admin. Users can create new Relationships and start Assessments for them, and will be assigned the Business Owner for these Relationships. Users are able to view all Relationship data on the platform, but modify only those that they are the Business Owner for.
- The VISO TRUST Slack Application is now generally available. Users can install the application into a Slack Team, and query their Organization's Trust Profile, as well as Third Party Relationship data.
- Third Party Contacts who receive a request to update an expired Artifact will now also be presented with a Questionnaire if they are unable to provide supporting Artifacts.
November 9th, 2023 - 1.103.0
Enhancements
- Updated the Bulk Import Template to, among other general updates, include all available Data Types
- The Risk Dimension AI has been renamed to AI Trust to more appropriately suit its scope.
Bug Fixes
- Resolved and issue which caused the Relationship Import to fail when being used to both create and refer to a newly created Business Unit
- Resolved an issue which caused the Risk Insights PDF export result to be blank for some users.
November 2nd, 2023 - 1.99.0 - 1.102.0
Enhancements
- Users can now view and interact with Artifact Intelligence directly in Risk Analysis by clicking on the Detection reference Page Number or other links.
Bug Fixes
- Resolved an issue which prevented users from cancelling an Assessment.
October 5th, 2023 - 1.98.0
Enhancements
- Users in the Assessment Collection experience will now see the Control Domains related to Questions they are asked to answer
Bug Fixes
- Resolved an issue which caused some buttons to span the entire width of the Relationship page
September 29th, 2023 - 1.97.0
Enhancements
- Users will now be notified, and presented with language in the Assessment Summary when Artifacts have been distributed to Relationships
- Users in the Assessment Collection experience will be presented with Questionnaires for Risk Dimension areas (like AI Trust) that are not currently expected to have evidence within Artifacts
- Checkboxes have been removed from Artifacts List views, simplifying the experience
- Questionnaire Import has been improved to now flag records that are likely not questions and likely require editing or deletion
Bug Fixes
- Resolved an issue with prevented some users from adding Artifacts to their Trust Profile Artifact Intelligence
September 22nd, 2023 - 1.95.0, 1.96.0
Enhancements
- AI Trust Control Domains have been released, allowing Clients to capture AI Trust relevant Control coverage from their Third Parties.
- AI Q&A For TPRM is now available, allowing Clients to interact directly with Artifact Intelligence on the Relationship experience. Questions asked will be automatically answered using the Artifact Intelligence for the Third Party.
- Assessment summaries will include language which better informs Clients that new Artifact Intelligence or Business Case changes may have rendered the Summary outdated.
- Supplemental Questionnaires can now be edited within the application, no longer requiring support assistance.
- The Risk Level for an Assessment is now presented alongside the historical Assessment Record, giving Clients visibility into how specific Assessment efforts have changed Risk.
Bug Fixes
- Resolved an issue which prevented Clients from sorting Artifacts based on Name or Source
- Resolved an issue which prevented Resilience, Cyber Insurance, or Service Location Control Domains to be presented in the Assessment Summary
September 7th, 2023 - 1.94.0
Enhancements
- IQR can now be used to intelligently answer Supplemental Questionnaires on your vendor's behalf, using the Artifacts provided and analyzed in their Assessment
- Users who @ mention in a Relationship Comment will now have their email address provided as the reply-to in the emails sent by the platform
- Users can now export Questionnaire Artifacts as a CSV
Bug Fixes
- Resolved an issue which caused the Relationship Count to be incorrect when switching between List and Graph view on the Relationships experience
September 1st, 2023 - 1.93.0
Enhancements
- We've redesigned the Control Detection component, better visualizing the grounded reference and metadata about it
- Artifact Validation Status now includes additional visualization of Automation or Human Review. Note: Some Artifacts will not require Human Review if we are confident in it's accuracy
- Artifacts Source and Ownership will be displayed. Artifacts Publicly available will be associated to an Organizations Directory Profile and made available to Clients immediately upon Relationship creation
- The Risk Network visualization has been moved to the Relationships experience, and is filterable using the same options
- Clients with a configured Support Email in their Organization Profile will have that email included in transactional emails as the support contact for their Third Parties
- Vendors who choose to upload a SOC 3 will be required to also supply the corresponding SOC 2 audit
August 24th, 2023 - 1.92.0
Enhancements
- A new inline callout is now added to UI, and Clients will now see messages prompting for call to action in the Relationship experience
- The style of the transactional emails is now updated to match the most current brand
- The Assessment Summary is now included in all Client recipient emails of the Assessment Complete email
Bug Fixes
- Resolved an issue allowing 3Ps to submit the questionnaire without answering all the questions
- Resolved an issue where Artifact Assessments were being auto-cancelled, and then another assessment was started without previous assessments artifacts included
August 18th, 2023 - 1.91.0
Enhancements
- As a customer, I want to see a report of exceptions across vendors (ie. the control domains with exceptions)
- Clients are now presented with Suggested Vendor Org Contacts from the VISO Directory when choosing a contact for a Relationship or an Assessment
- The Risk Events List is no longer included in the Relationship PDF export
Bug Fixes
- Resolved an issue with presented Questions for all Control Domains to vendors, even when they were out of scope
- Resolved an issue where switching between Comments and Risk Analysis tab, and changing other Relationshipo tabs in between resulted in odd sizing of the Artifact Intelligence table
August 17th, 2023 - 1.90.0
Enhancements
- Customers will no longer see an expired indicator for documents that are superseded
- Customers can now select a Directory Profile Contact for an Organization within the Start Assessment experience for their Relationship
Bug Fixes
- Resolved issue preventing users from staying on the Trust > pages when refreshing their browser
- Resolved an issue which caused re-assessments to be cancelled and resent every 5 days
August 4th, 2023 - 1.89.0
Enhancements
- As a client I'd like to add a column for Inherent and Residual Risk Percentage in the Relationships Page
Bug Fixes
- Selecting business case then only Customer Data does not trigger Inherent Risk analysis
- 3p assessment sent to addresse that Soft Bounces (mailbox full) does not cancel the assessment appropriately.
- Assessment recipients unable to select "I have no documents to update" in recertification flow
- Clicking on the artifact name in Trust > Artifact Intelligence does not download File Artifacts
July 28th, 2023 - 1.88.0
Enhancements
- As a customer on a contextless RDP, I want to see all controls listed in the Risk Analysis section
- Rename No Access to No Context throughout the application
- Contextless relationships should show control domain count as total not in scope
Bug Fixes
- Description Only privacy controls without full coverage are showing as not found in the assessment summary
- New tags get wiped out when adding a second tag in Relationship Modal
- Navigating to specific assessment in dev is throwing undefined reading latestRiskAssessment
- Privacy Policy missing from Add Privacy Document selection in assessment response
July 27th, 2023 - 1.87.2
Bug Fixes
- Ignore case when searching for a vendor
- Recertification reminder emails say "in 0 days" and also get started.
- Can't create a vendor from directory
July 24th, 2023 - 1.87.1
Bug Fixes
- Corrected an issue where emails are being sent to wrong relationship contact
July 21st, 2023 - 1.87.0
Enhancements
- As a customer on the Relationship Details Page (RDP), you will now easily identify clickable fields in the risk analysis section. This enhancement ensures a more user-friendly experience while navigating through relevant information.
Bug Fixes
- Emails being sent to VISO Auditors when they manually transition an assessment to Review Started has been resolved. VISO Auditors will no longer receive unintended email notifications during this process.
- For unauthenticated sessions, the privacy assessment questionnaire step wizard was not displaying as expected. This issue has been fixed, and you can now smoothly progress through the questionnaire.
- The problem of the Follow-up Questionnaire for Privacy Controls redirecting users to the Assessment Response flow attestation has been resolved. Users will now be directed to the correct flow for a seamless experience.
- Previously, attempting to create a relationship with an organization that had an invalid URL as its homepage would result in failure. With this update, you can successfully create relationships with organizations, regardless of the validity of their homepage URLs.
- The New Relationship flow was encountering issues when tags were used. We are pleased to inform you that this problem has been addressed, and the New Relationship flow now works seamlessly with tags.
- The incorrect inclusion of privacy control domains in scope for specific business cases has been corrected. You can now be confident that the scope accurately reflects your requirements.
- On the Relationship List Page (RLP), there was no clear cell line separation between relationship names and their status. We have fixed this issue to ensure better readability and organization.
- Out-of-scope control domains were erroneously included in the Assessment Summary. This has been fixed, and the Assessment Summary now provides accurate and relevant information.
- The password button was previously clickable but appeared disabled across the app. This issue has been resolved, and the password button now functions as intended.
- Supplemental Questionnaires were incorrectly moving assessments back to Collecting Information status after being uploaded. This issue has been addressed, and Supplemental Questionnaires now behave correctly.
July 14th, 2023 - 1.86.0
Privacy Control Coverage is Generally Available
Reach out to support@visotrust.com or your technical account manager to inquire about enabling.
- Customers can now view privacy-related information directly in the Assessment summary, providing a comprehensive overview of privacy controls and domains
- Based on the selected data types, customers can now see the scope of privacy control domains, allowing for more targeted control implementation
- Audit Types support has been updated to include privacy related documents, allowing for better customization and compliance management
- Third-party respondents participating in assessments for Privacy module customers can now access more detailed and specific privacy-related questions within the VISO questionnaire
- Customers with the Privacy Module enabled can now find a collection of privacy control domains conveniently located on the Privacy Tab within the risk analysis section
- A dedicated privacy section has been introduced in the control domains area, separate from security control domains, to ensure a streamlined and focused privacy management experience
- Third-party respondents can now find an additional page dedicated to privacy document requests, simplifying the process of obtaining and reviewing necessary privacy-related documents
Enhancements
- Customers now have the ability to include a general support email address in their organization profile, making it easier for users to reach out for assistance
- The Risk Network graph now displays all identified sub-servicers and auditing bodies, providing a comprehensive visual representation of your risk ecosystem
- The Settings section now includes an updated list of Control Domains for Privacy Control Domains
- Customers can now view a list of risk timeline data points, enabling a detailed analysis of risk trends and mitigation efforts
- Customers can now choose from a wider range of audit types, allowing for better customization and compliance with privacy regulations.
- Users now have the ability to generate their own JWT (JSON Web Token) tokens directly from their profile page, providing enhanced security and access control.
June 16th, 2023 - 1.83.0
Enhancements
- Added a count for control domains with CUECs to the risk analysis section on the RDP
- Made some UI updates to the counters in the risk analysis section on the RDP
- Added a column for Auditing Body on the artifact list page
June 8th, 2023 - 1.82.0
Enhancements
- Updated the assessment summary language in the assessment summary referencing CUECs
- Added 3 opt-in control domain options for customers, Resilience, Product Security, and Cyber Insurance
- Made some copy updates to the assessment summary
- Added an Auditing Body field for Third Party Audit artifacts
- Added the following new audit types; Security/Trust Whitepaper, Public Breach Notice, Trust or Security Center, Status Page, Bug Bounty Program, Usage Policy, Environmental, Social and Governance Policy, and Other Relevant Link
- Added a PDF copy of all URL artifacts for customers to download
- Added the ability to URL artifacts on the Artifact Intelligence page
- Updated the name of the Control Domains sidebar menu
Bug Fixes
- Resolved an issue preventing some users from successfully sorting on Inherent Risk on the Relationship List Page
- Resolved an issue preventing users from being able to confirm they have no new documents to upload
- Resolved an assessment summary issue causing some incorrect recommendations and out of scope control domain detections to show
- Resolved an issue where some VISO users appeared in the contacts list for some customers
- Resolved an issue that was displaying a URL field on the Assessment Details page
- Resolved a filtering issue on the Risk Insights Onboarded metric
- Resolved an issue that was hiding the Support link on the sidebar
- Resolved an issue trigger the auto completion of some assessments
- Resolved an issue preventing users from sorting on the Artifact Update column
June 1st, 2023 - 1.81.0
Enhancements
- Enhanced the artifact update and recertification experience to not ask users to update superseded documents
- Updated the styling of radio buttons and checkboxes throughout the app
- Updated the detection sort order so that they display by detection type
- Updated the upload modal language to inform customers that uploading new documents will add them to an existing assessment or start a new assessment for validation
- Updated the artifact table to reflect a not validated status for artifacts that were not auto identified on upload
- Made some small copy updates to the assessment summary
Bug Fixes
- Resolved a subservicer name display issue on subservicer validation detections
May 30th, 2023 - 1.80.2
Enhancements
- Updated the Sensitive PII and Customer or Proprietary Information data type examples
Bug Fixes
- Resolved a data issue when auto populating the business owner of the VISO relationship for new customers
May 29th, 2023 - 1.80.1
Bug Fixes
- Resolved an issue preventing the Artifact Intelligence tab artifact list from displaying correctly
May 25th, 2023 - 1.80.0
Enhancements
- Update the assessment tab to reflect the latest assessment summary while a new assessment is in progress
- Updated the links in each validation to open the artifact in a new tab
- Updated the hover over pop up to show the full artifact name
- Updated the first time login experience to include a welcome modal with a basic functionality overview
- Updated the assessment summary to include references to the CUECs detected during the assessment
- Updated the recertification settings to suggest a date for recertification on default
Bug Fixes
- Resolved a Risk Insights PDF export issue preventing the relationship list from appearing
May 22nd, 2023 - 1.79.1
Bug Fixes
- Resolved an error preventing some users from being able to update the business case for a relationship
- Resolved a duplicate warning issue when some users tried to select "assess automatically" in the recertification settings
May 19th, 2023 - 1.79.0
Enhancements
- Updated the recertification settings so that customers can choose the recertification date at any time for any onboarded vendor
- Updated the recertification settings so that it is easier to understand the next certification date and the subsequent assessment date
- Updated the assessment summary to include the third party's subservicers
- Added some additional language to provide further clarity around assessments
- Updated the styling of the date picker throughout the app
- Updated potential risk to be inherent risk
- Updated the checkbox copy for disabling artifact update
Bug Fixes
- Resolved an issue preventing some third parties from being able to submit an assessment
- Resolved a copy issue on the upload modal for ISO certifications
- Resolved a date format issue
May 18th, 2023 - 1.78.2
Enhancements
- Updated the recertification settings to allow customers to disable artifact updates for that relationship
Bug Fixes
- Resolved an artifact count UI issue on the artifact table
May 16th, 2023 - 1.78.1
Bug Fixes
- Resolved a snackbar notification design issue
May 11th, 2023 - 1.78.0
Enhancements
- Updated the end date field for SOC2 documents to reflect the audit Period end date
- Updated the upload modal on the RDP so that all documents will display immediately
- Added a notification after upload submission to inform customers that the document has been added to an existing assessment or that a new assessment started
- Updated the upload modal on the RDP so that all new documents uploaded will either be associated with an in-progress assessment or start a new assessment so all uploaded documents get validated
- Added some additional parameters to improve vendor directory search
- Added a new audit types for Client-Third Party Contractual Agreements and Cyber Insurance
- Added a new detection type for Complementary User Entity Controls (CUECs) to surface these validations in the RDP
- Added a new section in the assessment summary to call out Complementary User Entity Controls (CUECs)
- Updated the empty artifact state to prompt users to upload artifacts to the relationship
- Added scrolling to the artifact list table to make it easier to see the risk analysis section
- Enhanced the "Relationships by Tag" report on the Program Metrics dashboard
Bug Fixes
- Resolved an issue triggering an incorrect artifact update warning message
- Resolved an assessment status display issue on the Artifact Intelligence page
- Resolved an issue preventing pre-created tags from being associated with relationships
- Resolved a duplicate activity display issue on the assessment details page
- Resolved a latest assessment display issue when a new assessment started
- Resolved an event display issue on the assessment details page
- Resolved an exception label UI issue in the risk analysis section
- Resolved a duplicate artifact detection upload error
- Resolved an assessment summary issue displaying incorrect artifacts in certain sections
- Resolved an issue causing the URL field in start assessment to clear prior to submission in some cases
- Resolved an issue that was blocking a new assessment from starting when additional controls were added to the scope of the relationship
- Resolved an issue preventing some detections from displaying in the risk analysis section
- Resolved an assurance display issue for control domains listed with No Information
May 4th, 2023 - 1.77.1
Bug Fixes
- Resolved an issue preventing customers from editing the third party contact on the RDP
April 28th, 2023 - 1.77.0
Enhancements
- Updated the Risk Analysis section of the RDP to include the Artifact Table
- Updated the global search and drag and drop functionality to match the UI
- Updated the popover experience so that popovers dismiss shortly after mousing away
- Updated the Artifact Intelligence page to show the new integrated artifact table and risk analysis component
- Updated the Activity Details tab on the Assessment Details page to be scrollable
- Updated the default event sort on the Activity Details tab to be newest first
Bug Fixes
- Resolved a display issue where Third Party Penetration Testing reports and Privacy Policies were appearing in the wrong section of the assessment summary
- Resolved a comments UI issues
- Resolved a breadcrumb display issue that occurred when users downloaded a PDF of the RDP
April 21st, 2023 - 1.76.0
Enhancements
- Added an Artifact Intelligence (beta) page for select customers
- Enabled select customers to upload their own security artifacts and view a control domain analysis of their own security posture
- Added an IQR (beta) page for select customers
- Enabled select customers to upload a questionnaire file (.csv, .xlsx, .xls .xlm) to be answered
- Enabled select customers to download a .csv file of the submitted questions, their answers, grounding for the answers, associated VISO control domain, and associated artifact evidence
- Removed the artifacts tab from the assessment details page to simplify and centralize the artifact management experience to the RDP
- Added an assessment timeline view on the Assessment Detail page
- Added an activity details section on the Assessment Details page
- Updated the color palette for the entire platform to reflect the new brand
- Updated the buttons to reflect the new design system
- Removed the Import Relationships button from the Relationships list page
Bug Fixes
- Resolved an issue that was showing Description Only control domains as insufficient
- Resolved an issue preventing users from deleting artifacts from their Artifact Intelligence page
- Resolved a UI issue where the upload component was not reflecting the new color palette
- Resolved a display issue with two buttons in the 3p initial assessment
- Resolved a modal display issue
April 13th, 2023 - 1.75.0
Enhancements
- Updated the assessment summary to reflect when VISO sends out a follow up questionnaire
Bug Fixes
- Resolved a Description Only control domain detection display issue
- Resolved an issue preventing some detections from appearing in the risk analysis section
- Resolved an issue preventing customers from bulk import relationships
- Updated some copy and UI email template issues
- Resolved an issue preventing some customers from updating their own logo on the Org Profile page
April 6th, 2023 - 1.74.0
Enhancements
- Updated the logo for the entire platform to reflect the new brand
- Updated all references of VISO TRUST in the platform to reflect the new brand
- Added a URL validation to the Privacy Policy field on the Org Profile page
- Improved the assessment summary format
Bug Fixes
- Resolved an assessment summary issue whereby some artifacts were listed twice
- Resolved an issue preventing some 3ps from indicating they do not have any new artifacts to provide
- Resolved an issue causing incorrect values on the Relationships Assessed but Not Onboarded report
April 4th, 2023 - 1.73.5
Enhancements
- Updated the Risk Insights page to include a new tab called Risk Network BETA that (on default) shows all of your organization's 3rd parties
- Added a disclaimer and feedback overlay to the Risk Network BETA graph
- Added a button on the Risk Network BETA tab called "Show all 4th Parties" which reveals all organizations detected in the documentation associated with your onboarded vendor population
- Added zoom in and zoom out buttons on the Risk Network BETA tab
- Enhanced the network display to show larger nodes relative to the number of shared 3rd party vendors for identical detected 4th party organizations
- Added a loading bar display to inform customers while they wait for all 4th parties to be revealed
Bug Fixes
- Resolved a UI issue on the Business Case and Data Types Shared Edit button
- Resolved an artifact update assessment display issue
- Resolved an assessment response modal stepper button display issue
March 30th, 2023 - 1.73.0
Enhancements
- Added Privacy Policy, Headquarters Location, Legal Name, and Company Size fields on the Settings > Org Profile page
- Added a Subservicer Name field to Subservice detection types so customers know what organization the detection is associated with
Bug Fixes
- Resolved a display issue for Immaterial Artifact types
- Resolved some Assessment Summary copy logic issues
March 23rd, 2023 - 1.72.0
Enhancements
- Updated the assessment summary to include information about Subservicer documentation
- Updated the assessment summary to include a recommendation to update expired documents
- Updated the assessment summary to include the list of document types reviewed as part of the assessment
- Updated the assessment summary to indicate which documents reviewed are expired
- Updated the assessment summary to included explicit references to the data types in scope
- Updated the assessment summary to make more granular audit type guidance recommendations
- Updated the existing assessment summary copy to be more informative
- Updated the Risk Metrics dashboard to include a relationship list report
Bug Fixes
- Resolved a display issue preventing users from seeing a bulk action added tag to their list of relationships
- Resolved a Settings menu UI issue
- Resolved an issue causing superseding artifact detections to display in the risk analysis section of the relationship details page
- Resolved a transitional risk display issue
March 20th, 2023 - 1.71.1
Enhancements
- Updated the recertification and artifact update assessments to include an option for respondents to indicate they have no new documentation to upload and submit the assessment
March 17th, 2023 - 1.71.0
Enhancements
- Added founding date to vendor directory records on the relationship details page
- Added Protected Health Information (PHI) as a default data type for selection
- Added additional logic to improve Vendor Directory search
- Added a new artifact type to support Privacy Policies
- Added a new column in the artifact table to identify the subservicer organization the artifact is associated with (if applicable)
Bug Fixes
- Resolved a VISO questionnaire performance issue
- Resolved some Assessment Summary copy issues
- Resolved an interaction issue on the business owner "Create a new contact and assign" tab
- Resolved a Tag count display issue
March 6th, 2023 - 1.70.0
Enhancements
- Updated some relationships so that they map to vendor directory records where the domain matched
Bug Fixes
- Resolved an issue with the VISO Questionnaire response display on the RDP
- Resolved a login issue
March 1st, 2023 - 1.69.0
Enhancements
- Updated the risk analysis section on the RDP to display a count of control domains In Scope, Insufficient, Present, No Information, and Exceptions
- Updated the detections UI so that each detection is more readable
- Added new artifact types to support Cyber Essentials certifications
- Added a new report on the risk insights dashboard that tells customers their average risk level
Bug Fixes
- Resolved an issue with submitting assessment
- Resolved a UI link display issue
- Resolved a vendor directory search issue
- Resolved a mobile display issue
- Resolved a duplicate relationship message issue
February 10th, 2023 - 1.68.1
Enhancements
- Updated the new relationship feature so that customers can create multiple identical relationships with the same vendor
- Added an informational message on the new relationship modal to notify customers when they have already created a relationship with the vendor selected
- Updated the new relationship modal so that customers can add a tag on the purpose step
Bug Fixes
- Resolved a UI issue on the new relationship modal affecting the step progress bar
February 2nd, 2023 - 1.68.0
Bugs
- Resolved an import template issue
- Resolved a UI issue related to the Risk Timeline tab
January 27th, 2023 - 1.67.0
Enhancements
- Added a vendor directory so customers can search, select, and see details about known organizations when creating a relationship
- Added a new tab on the Relationship Details page so that customers can see the vendor directory details on the relationship
- Updated the relationship import feature to require the company homepage URL
- Enhanced vendor directory searching functionality to make it more accurate
Bug Fixes
- Resolved a bug related to exporting the Risk Insights dashboards
- Resolved an assessment summary content issue that was incorrectly displaying insufficient questionnaire follow up responses
- Resolved an assessment summary content issue that was surfacing superseded artifact details
January 19th, 2023 - 1.66.0
Enhancements
- Added a Recertification State and Completed Assessment filters to the Relationship List page
January 13th, 2023 - 1.65.0
Enhancements
- Added a new in-app VISO announcement feature to improve the communication of major product updates to our customers
Bug Fixes
- Resolved some UI and performance issues across the platform
January 9th, 2023 - 1.64.0
Enhancements
- Added a new Data Types filter on the Relationship List and Risk Insights pages
- Made some UI adjustments to standardize components across the platform
Bug Fixes
- Resolved a UI issue related to exporting the Risk Insights dashboard as a PDF
- Resolved a display issue on the artifact assurance level icon
December 20th, 2022 - 1.63.0
Enhancements
- Updated the Risk Insights page so that it now includes two dashboards, Risk Metrics (scope: onboarded vendors) and Program Metrics (scope: onboarded and not onboarded vendors)
- Added a new report to the Risk Metrics dashboard: Percentage of Relationships with a Comprehensive Audit Artifact
- Added a new Program Metrics dashboard with the following reports: Total Relationships, Relationships Assessed but Not Onboarded, New Relationships by Month, Relationships by Tag, Relationships by Status, Total Completed Assessments, Overdue Recertifications, Upcoming Reminders Only Recertifications, Relationship by Recertification Type, Assessments Started by Month, Completed Artifact Validations by Month
- Improved the dashboard reports so that they respond to all available filters
- Updated the number reports (note: does not include %) with click-through behavior to the Relationship List Page with filters applied
- Enabled PDF export of the Risk Metrics and Program Metrics dashboards respectively
Bug Fixes
- Resolved some UI and performance issues across the platform
- Resolved a casing issue causing some managed organization duplication
- Resolved a UI issue related to Subservicer artifacts
December 8th, 2022 - 1.62.0
Enhancements
- Improved the artifact update requests so that VISO is no longer asking for updated artifacts that have been superseded
Bug Fixes
- Resolved some backend performance issues related to the Diligence Request
- Resolved an issue related to relationships without a primary contact assigned
- Resolved a UI issue related to superseded artifacts
December 1st, 2022 - 1.61.0
Enhancements
- Improved the UI to better surface superseding artifacts within same Vendor. Superseded artifacts do not impact risk
Bug Fixes
- Resolved some UI and performance issues across the platform
- Resolved a search issue on the Relationship Details Page
Nov 17th, 2022 - 1.60.0
Enhancements
- Updated the password icon for adding a password for protected documents
- Made some UI changes to the Start Assessment modal so that it is easier to action
Bug Fixes
- Resolved some UI bugs on the Relationship Details page
- Resolved an issue preventing some customers from uploading relationships via import
Nov 10th, 2022 - 1.59.0
Bug Fixes
- Resolved a sorting bug on the Artifact list table on the Relationship Details page
- Resolved some UI bugs related to the tagging feature
Nov 7th, 2022 - 1.58.0
Enhancements
- Added a new Tagging feature that allows customers to add custom tags to their vendor relationships. Tags can be added on both the Relationship List page and the Relationship Details page
- Added a Tags filter on the Relationship List page and Risk Insights dashboard
- Added the ability for customers to remove Tags on the Relationship Details page
- Added the ability for customers to bulk add tags to relationships, sort, and filter on the Relationship List page
- Added a Settings > Tags menu for org admins to manage their organizations tags and see usage
- Updated the import relationships template to include Tags
- Added a Business Cases filter on the Relationship List page
Bug Fixes
- Resolved a bug occasionally preventing users from downloading the relationship details page PDF
Oct 27, 2022 - 1.57.0
Bug Fixes
- Resolved a display issue with Business Purpose on the Relationship Details page
- Resolved some UI issues in the Import Relationships settings
Oct 20, 2022 - 1.56.0
Enhancements
- Updated the messaging for duplicate document upload
Bug Fixes
- Resolved an issue that was prematurely closing assessments with associated artifacts
- Resolved issues with the notification list
Oct 13, 2022 - 1.55.0
Bug Fixes
- Resolved a sorting issue on the Contacts page
Oct 6, 2022 - 1.54.0
Bug Fixes
- Resolved an issue preventing vendors from completing a follow-up questionnaire
- Resolved a column display issue on Relationship List Page
- Resolved an issue preventing customers from downloading a PDF version of the Relationship Details page
Sept 26, 2022 - 1.53.0
Enhancements
- Updated the Assessment Details page so that it is more informative and better organized
- Updated the Relationship Creation workflow so that it is easier to read
- Updated the criteria for assessment recertification requiring users to add in a business case & data types
Bug Fixes
- Resolved issue relating to duplicate file uploads
- Resolved an issue related to password locked documents
Sept 15, 2022 - 1.52.0
Enhancements
- Updated the vendor assessment so that respondents can move between document request sections, providing more flexibility. In addition, if a vendor does not upload a document to a section, they are now required to attest that they do not have documents for that section (e.g. Third Party Audits, Pen Tests, etc.)
- Updated the default relationships list view to include the Primary Vendor Contact and added new optional fields to select from
- Removed the relationship creator from all assessment workflow notifications
Bug Fixes
- Resolved an issue that was causing some off-boarded relationships to appear on the Risk Insights dashboard
- Resolved an issue preventing VISO Trust from appearing in the relationship list view for some clients
- Resolved an issue preventing some users from submitting a completed assessment
Sept 8, 2022 - 1.51.0
Bug Fixes
- Resolved some UI issues related to the new email templates
Sept 1, 2022 - 1.50.0
Enhancements
- Updated the onboarding a vendor modal to have more informative messaging around the Onboard and Recertification options available
- Updated the assessment Slack notifications from VISO to be more informative and actionable
- Updated the in-app messaging to prevent users from adding a duplicate business unit
Bug Fixes
- Resolved some UI issues related to the new email templates
Aug 26, 2022 - 1.49.0
Enhancements
- Updated the new and edit relationship experience. In addition to general UI and copy updates, the Company Data types will hide all Sensitivity Types with no Data Types assigned to them
Bug Fixes
- Resolved an issue which prevented some third parties from submitting an assessment when they had previously responded to a questionnaire
- Resolved some email related issues
Aug 18, 2022 - 1.48.0
Enhancements
- Updated the language and standardized the look and feel of our emails out to third parties and customers to make them more informative and actionable
- Made some general UI improvements throughout the app
Bug Fixes
- Resolved an issue with the settings icon menu
Aug 11, 2022 - 1.47.0
Enhancements
- The New Relationship Creation experience has been revised with a number of usability improvements. The Relationship Context and Data Type sections are now more instructive and informative, and visualize Potential Risk accordingly
- The Start Assessment experience has been revised to allow more flexibility. Users can now directly supply Artifacts or identify the two (Third Party Contact or URLs) potential methods for acquiring Artifacts from a Third Party in one place
Bug Fixes
- Resolved an issue which prevents Users from seeing the Risk Insight Dashboard when Custom Data Types were in scope for Onboarded Relationships
August 5, 2022 - 1.46.0
Bug Fixes
- Resolved an issue which prevented Users from seeing the full list of Business Units when managing Contacts
- Resolved an issue which prevented Third Parties from submitting the Assessment when the Business Context of the Client Relationship was empty
July 28, 2022 - 1.45.0
Enhancements
- Customers can now interact with the VISO Trust platform via API with both REST and GraphQL, reach out to your customer success representative for more information
Bug Fixes
- Resolved an issue which caused incorrect sorting by Assurance Level in the Relationship Detail Page Artifact List
July 21, 2022 - 1.44.0
Enhancements
- Inherent Risk has been renamed to Potential Risk
- Users can now filter on relative date of Recertification Date in the Relationship List Page
- Users will can now receive native in-app notifications with information regarding maintenance, release, new features, or other VISO updates
Bug Fixes
- Resolved an issue where scrolling functionality of Assessment Detail Email history was missing
July 14, 2022 - 1.43.0
Enhancements
- Relationship Recertification Type is now visible, filterable, and sortable on the Relationship List Page
- The page size limit of Relationship List Page results is now configurable
Bug Fixes
- Resolved an issue where some Assessment Summary suggestions were unnecessarily duplicated
July 7, 2022 - 1.42.0
Enhancements
- Detected Control Exceptions are now highlighted with iconography in their respective Relationship Detail Control Domain
Bug Fixes
- Resolved an issue where sorting the table in Contact page resulted in an error
- Resolved an issue where a subdomain was required when adding a home page URL for a Third Party Relationship
June 30, 2022 - 1.41.0
Enhancements
- The Assessment Summary is now associated directly to Assessment and available to review in the Assessment Tab of the Relationship Detail Page
- The Relationship List Page can now be filtered by Relationship Business Owner
- Control Detections for Document Artifacts can be previewed directly by clicking on the associated page number with the Control Domain Profile on the Relationship Detail Page
- Risk plotting on time series graphs are now colored according to their associated Risk Level
Bug Fixes
- Resolved an issue where Relationships with No Access would not be included in Risk Insights aggregations
- Resolved several usability issues with the filterable Relationship List in the Risk Insights Dashboard
June 23, 2022 - 1.40.0
Enhancements
- When starting an Assessment with a Third Party Contact, your User Name will be included in the transactional email From field, and your email will be included as the Reply-to address
- Penetration Tests or Application Assessments with unresolved findings can now be validated accordingly, with reduced Assurance value
- The Relationship List Page Export will now only include Relationships that are returned by the current filter
Bug Fixes
- Resolved an issue where Relationships with no Business Cases or Data Types selected in scope would not be included in Risk Insights
June 16, 2022 - 1.39.0
Enhancements
- Organization Admins now have the ability to specify Recertification options for an Onboarded Relationship
- If selected to Recertify Periodically, you can now specify if you would like the Relationship to be Assessed Automatically or have the platform send Reminders Only
- The alternative option Do not recertify was introduced to allow the Relationship to be Onboarded on to the platform without the need for periodic Recertification
- When there is a follow-up Questionnaire sent to a vendor to provide additional details around controls, the Assessment Expiration period will be set to 7 days
Bug Fixes
- Resolved an issue where the Start Assessment button was not visible when the latest assessment was marked as Incomplete
- Resolved an issue where the filtering within the Risk Insights Dashboard was not returning any values
- Resolved an issue where the Recertification Assessment was not updating the Recertification Date tile
- Improved the behavior and visibility of the Risk Timeline within the Relationship Details Page
- Corrected the Sort by Name filtering within the Contact Management page
June 13, 2022 - 1.38.0
Enhancements
- The Relationship Statuses have been simplified to three states: Onboarded, Not Onboarded, Deleted
- Drafted relationships are now Not Onboarded
- Relationships that are currently Rejected or Inactive are now Deleted
- Functionally, Deleted relationships will operate just like Inactive did. They will need to be included in filters to be viewed in Relationship List Page, and Relationships must be Not Onboarded before they are Deleted. In order to interact with them once again, they must be Restored to Not Onboarded via the Relationship List Page kebab menu
- The Assessment Phase in the Relationship List Page has been updated to reflect consistently with the Assessment Timeline of the Relationship Detail Page
- All new assessments initiated will now default to Expedited priority unless specifically flagged as Low Priority during the Assessment Submission
- The Relationship Detail Page has been visually updated for a more seamless user experience
- Organization Admins can now manage Contacts for use in Relationships as Business Owners or Subscribers
- Organization Admins can now edit specific attributes of a Relationship in the Relationship Details Page without the need to go through the Relationship Edit Wizard
- Improved the usability of the kebab actions in the Relationship List Page to only display available actions for that Relationship
- The Audit Report Assurance Level is now displayed consistently throughout the application
- Third Party Homepage is now used to attribute favicon in the Relationship List Page and the Relationship Detail Page
Bug Fixes
- Resolved an issue where in some scenarios users were unable to download certain Artifacts from the Relationship Detail Page
- Resolved an issue where in some scenarios the proposed Recertification Date was inaccurate
- Resolved an issue where downloading multiple artifacts from the Artifact List Page that contain the same name would return an error
May 31, 2022 - 1.37.0
Enhancements
- Transactional emails will now source from hello@visotrust.com rather than no-reply@visotrust.com
May 19, 2022 - 1.36.0
Enhancements
- Assessment Timeline has been introduced to the Relationship Detail Page, allowing Users to better understand the progress of a current Assessment effort and it's Summary when completed
- Third Party Assessment Recipients attempting to access Assessments that are no longer in progress will be better informed as to their status and instructed to reach out to the sending Client
- The Relationship Edit experience can now be accessed directly from the Relationship List Page using the kebab
Bug Fixes
- Resolved an issue which caused some Artifact Expiration Dates to be displayed incorrectly in the Assessment Response experience
- Removed unnecessary Relationship Status change options in the Relationship Detail Page
May 12, 2022 - 1.35.0
Enhancements
- Users can now securely provide sensitive credential information along with Artifacts which may require it to be accessed
- Relationship Recertification period options have been updated to include 2 and 3 year periods
- The VISO color palette has been updated for improved readability and clarity
Bug Fixes
- Resolved an issue where in some conditions a Relationship which was not onboarded would generate Lifecycle Event notifications
May 5, 2022 - 1.34.0
Bug Fixes
- Resolved an issue where in some conditions users could not download Artifacts which were provided by VISO on behalf of the Third Party
- Removed sliders from settings menu items which did not support modification
- Various UI element improvements for usability, consistency, and clarity
April 28, 2022 - 1.33.0
Enhancements
- Added a link to Relationship Import help documentation article on the Relationship Import experience
- Various UI element improvements for usability, consistency, and clarity
Bug Fixes
- Resolved an issue where in some conditions an Assessment Summary was not generated for Artifact Lifecycle Events
- Resolved an issue which prevented users from updating the Relationship Lifecycle Status to Onboarded without specifying a Business Unit
April 21, 2022 - 1.32.0
Enhancements
- Added the Assurance Level of Audit Report Types to the Settings page so that Users can better understand what they are
- Assessment Recipients may now receive additional Requests for Information should they initially respond with Artifacts that do not provide Control Evidence for all Relationship Relevant Controls
- Added a Relationship Recertification Overdue Lifecycle Notification
- Updated the Relationship Recertification Lifecycle Notifications to make them more clear and concise
- Introduced a placeholder Business Unit "Unassigned" for those which have not been assigned one. This change required a historical Assessment update, with no impact to Risk Score.
Bug Fixes
- Resolved and issue where in some cases a Request for Updated Artifacts was unnecessarily sent to Relationship Third Party Primary Contacts
April 19, 2022
Enhancements
- Added information about potential Inherent Risk changes when modifying a Relationship Business Case or Data Type collection
- Modified the Mark as Drafted to more accurately reflect the Offboard action for Lifecycle Management
Bug Fixes
- Resolved an issue where some Artifacts would not download in the Relationship Detail Page
- Resolved an issue where Lifecycle Notifications Events had the incorrect future day count
April 12, 2022
Enhancements
- Added Assessment Type and Reason to the Assessment section of the Relationship Detail Page so that users can understand their purpose
- Removed unnecessary control presence percentage data from the Assessment Detail page
- Removed unnecessary control count data in the Assessment section of the Relationship Detail Page
- Various UI element improvements for usability, consistency, and clarity
Bug Fixes
- Resolved an issue where an Assessment was unnecessarily created when editing the attributes of a new Relationship
- Resolved an issue which in some scenarios prevented users from editing a Subscriber
- Resolved an issue which prevented users from reviewing entire Email history of an Assessment in the Assessment Detail Page
April 1, 2022
Enhancements
- Users identified as Business Owners of Relationships nearing Recertification Date will now be notified and prompted to either Recertify or Offboard the third party
- Subscribers identified as Business Owners of Relationships nearing Recertification Date will now be notified and prompted to inform the Relationship Creator if they are no longer working with the third party
- Various improvement of iconography, tooltip language, and layout of the Relationship Detail Page
Bug Fixes
- Resolved an issue where some vendor web page hyperlinks presented on the Relationship List Page had incorrectly formatted URLs
- Resolved an issue where some Inactive (hidden) Relationship Artifact life-cycle events were being triggered
March 24, 2022
Enhancements
- Improved the language in Assessment Received email sent to Assessment Recipient after submitting a new Assessment so that they better understand the purpose and next steps of the review
- Improved the Relationship Bulk Import error messages so that it is easier to resolve conflicts or issues with import file data
- Improved the Slack Message notification content to include the Assessment Type where applicable
- We now show upload progress on Organization Profile logo and icon upload
Bug Fixes
- We resolved an issue where in some scenarios Legacy Risk Assessments from Relationship Bulk Import had a different Risk Score or Business Unit than specified
March 18, 2022
Enhancements
- Users can now click on the Artifact hyperlink in the Relationship Detail page Artifact Table to view the Artifacts details instead of clicking on the name twice.
- We now display the Artifact type along with the Artifact name in the Assessment Details page Files section to follow the progress of the documents the third party is providing for review.
- We have improved the Import Relationship feature error messages by making them more descriptive to provide better guidance to the user to fix the identified issues.
Known Issues
- We have identified that the 30 day Recertification reminder email notifications are not being sent out.
March 10, 2022
New Features:
- We have introduced a new assessment phase 'Awaiting Response' indicating that the third party is in the process of responding to the assessment request.
- We have introduced a new feature 'Recertification' where the business owner will be notified 30 days before the vendor is due for recertification and decide to either kick off a recertification assessment or off-board the vendor, based on whether they want to continue doing business with the vendor.
- We have added a functionality where an assessment will be canceled and new assessment request will be sent if a third party contact was updated after an assessment was sent and the third party contact hasn't responded to the request.
Enhancements
- We have updated the import template to clearly indicate the required fields.
- We now display the Data Types in the descending order of sensitivity in the Relationship creation form.
- We now redirect the user to the Relationship Detail page from the Assessment completion email making it easier to find the Assessment Summary report.
- We have renamed the label 'Description' on the Relation detail page to 'Business Purpose' to accurately reflect the purpose of the field.
Bug fixes
- We have fixed the issue where in some cases we were showing incorrect assessment status for some of the relationships on the Relationship page.
- We have fixed the issue where the Risk Insights Dashboard was not showing the accurate data for the Residual Risk column.
- We have fixed the issues in the CSV export on the Relationship page where some of the selected columns were not getting exported accurately.
Known Issue
- We have identified that In some scenarios the PDF export is exporting partial or blank data in some scenarios.
February 7, 2022
New Features
- We have introduced following three new data types that can now be associated with the vendor relationships where applicable. You can read the detailed description for these data types from your Data Types settings page.
- Financial Reporting Information
- Payment Card Industry Data Security Standard (PCI DSS)
- Monetary Assets
Enhancements
- We have enhanced the user interface for the Relationship Creation form making it more user friendly and intuitive.
- We have enhanced the Import feature. You can now download the CSV template directly from the interface and upload the updated CSV via the same interface. The two templates that are available:
- New Relationship - template to create new relationships in bulk
- Existing Relationship - template to import existing relationships and assessment results from different platform into VISO
Bug fixes
- We have fixed the issue where the data in the exported Relationship PDF report was not legible
- We have fixed the placement of the tool-tips for the Business case and data types in Relationship Details page Relationship tab.
- We have fixed the issue where users were unable to edit relationship details.
- We have fixed the issue where an incorrect data point was getting added in the Risk Timeline indicating even if user had not modified the relationship
- We have fixed the issue where the subscribers list was not populating in the Relationship Details page making it impossible for users to add subscribers to a relationship.
January 11, 2022
Enhancements
- We have introduced two new fields that you can now add to the Relationship table 'Inherent Risk' and 'Residual Risk'. You can add these columns to your view by clicking on the Edit option on the top right corner and selecting theses fields.
- We have introduced a download feature on the Relationship details page that will generate a PDF report of the Relationship details including the Risk Assessment summary for the relationship.
Bugs
- We have fixed the issue where the Subscribers menu was missing from the Application navigation.
- We have fixed the issue where the users were unable to upload logo during the Organization Profile set up process.
- We have fixed the issue where the 'Select all' field in the filter menu on the Relationship page wasn't selecting all the available menu options.
- We have fixed the issue where the navigation was missing icons to indicate the actions available from the main navigation when in collapsed state.
- We have fixed the issue where in some scenarios the application was loading an empty Relationship page.
Known Issue
- In some scenarios the data in the exported Relationship PDF report is not legible.
January 7, 2022
Enhancements
- We have introduced two new columns in the Relationship page 'Inherent Risk' and 'Residual Risk'. You can add these to your view by clicking on the filter icon on the top right corner and selecting these options from the menu.
Bugs
- We have fixed the issue where the Subscribers menu was missing from the Application navigation.
- We have fixed the issue where the users were unable to upload logo while setting up their profile.
- We have fixed the issue where the 'Select all' option in the filter menu in Relationship page wasn't selecting all the options
- We have fixed the issue where the collapsed navigation was missing icons to indicate the actions available from the main navigation.
- We have fixed the browser caching issue which, in some scenarios, was opening up an empty Relationships page.
Known Issue
- In some scenarios the data in the exported Relationship PDF report is not legible.
Dec 21, 2021 Release
New Feature
- We have introduced a download functionality on the Relationship details page which will allow you to generate a report in PDF format which will include the Relationship details as well as the Risk Assessment summary results provided by us.
December 16, 2021 Release
Enhancements
- We have updated some of the notifications language for slack notifications and the notifications within the application to clearly articulate what the notification is for.
Bugs
- We have fixed the issue where the Subscribers menu was missing from the Application navigation.
December 10, 2021 Release
Enhancements
- We have simplified our product navigation by providing a quick way to access the key dashboards - Relationship and Risk Insights Dashboard.
- We have increased the document file size, that can be uploaded to our platform, from 30MB to 100MB.
- We now show the Assessments that have been marked as 'Incomplete' in the Relationships page and users can also filter the relationships in the table on that status.
- We now allow users to submit or cancel assessment requests in bulk from the Relationships page.
Bugs
- We have fixed the issue where the Residual Risk was not reflecting the correct value for the relationship assessments that were imported into the system via the import template