Table of Contents | ||
---|---|---|
|
Most Important Improvements
Reworked global user access roles: Reader is now true read-only; Creator became Contributor.
New assessment card: Visible control details and separate tabs to evaluate the Design and Operating Effectiveness.
Real-time email notifications: You can now receive immediate email notifications if someone left a comment on a request, task or assessment.
API integration: The first version of our secure API integration is now available for testing.
What’s New in v3.2
People Dashboard and Updated Global User Roles
True Read-Only Reader
We improved and clarified the capabilities for the global Reader role. True to the name, these users can read everything, but their comments are limited to items that display a Comments tab. In addition, they cannot be assigned to fields where actionable activities occur. If there are already users in a Reader role assigned to an object, they will remain in that field with all additional permissions prior to this rollout.
Creator Renamed to Contributor
Another role, Creator, was renamed to Contributor. This better describes the abilities granted and falls more in line with industry standards. The users in this role are usually asked to submit, verify or review evidence. They typically have full read and write permissions, but only for information to which they are assigned. This is a role suited for any outside personnel, such as external auditors, who don't need to view other types of activity in ZenGRC, such as your organization's vendors or risk management.
For additional information on permissions, please see Role-Based Permissions.
For instructions on using the People module, please see People / Roles.
New People Dashboard
The People dashboard now features a list view similar to other modules, which can be sorted and filtered. Column headings can be added or removed to customize information according to your needs. The page is also broken into tabs for the different available roles.
New Assessment Card
This release features additional design changes for assessments. The new view displays all necessary details directly on the card. The assessed control's information is always visible, with other pertinent information just a few clicks away.
Design and Operating Effectiveness tabs
Only one control can be mapped to an assessment. But since controls may be mapped to objectives from multiple programs, ZenGRC now provides a Design tab. This area shows all objectives to which the control is mapped and allows a comparison of the control description against regulatory requirements.
A control may also have several requests mapped to them, which could come from multiple audits. The Operational Effectiveness tab displays these requests, making it easy to review what was requested and whether the evidence provided is satisfactory.
Issue Creation Made Easy
If either the design or the operation of the control is insufficiently executed, or the submitted evidence is unsatisfactory, the assessor can create an issue directly on the assessment page.
Real-Time Email Notifications
In response to customer demand, comments on tasks, requests, and assessments are now sent instantly to users playing a role on the object. This allows you to immediately view and respond to the comment, which keeps the momentum moving on audits or other projects.
The option to enable instant comment notifications can be toggled on and off, so only organizations wanting that change need activate it.
API integration
To further integrate ZenGRC with your eco-system, we are developing a new API integration for ZenGRC. Due to its complexity, we will gradually develop and release our API over the next versions. In the current release, the API is limited to read-only for audit-related object types and for vendors. For further technical information of our API, please visit our developer portal: https://api-preview-v2.reciprocitylabs.com/
Microsoft OneDrive Integration
Our enterprise customers can now use Microsoft OneDrive as a storage integration option. This option is set on the Storage page and allows your organization to use OneDrive for all information gathered during evidence collection and other ZenGRC activities that require attachments.
Save Favorite Views
The new Favorites module addresses the pain of having to set up personal views with every visit to a page. Similar to browser bookmarks, favorites allow customized views to be saved for later selection. Once a favorite is created, the Favorites link displays in the left-hand navigation with the new link only shown to the person who created it.
List View Improvements
The list view, which displays on all module home pages, has an option to display "Date created" and "Date modified" columns. These are view-only columns, meaning they can't be edited, but they can be sorted and filtered, just like other columns in the list view. These dates are calculated in UTC and also display a time stamp.
Another addition to the list view includes colored icons for the item statuses. Although the statuses have different names depending on the object type, the color coding allows a quick view of which items are in a finalized status, which is green, or a state that shows the item needs work, which is yellow.
Custom Attribute Additions
This release features a much-anticipated addition to custom attributes. Now, there is an attribute that provides a true multiple-choice selection. If there's a need to gather one or more responses to a question, the "Multi choice" option allows you to do so.
Other additions to custom attributes include "Integer" and "Decimal" options. Both fields only accept numerical values, but the "Decimal" attribute allows for a decimal point in the number, while the "Integer" does not.
IP Whitelisting
The IP addresses assigned to your instance may change from time to time, which impacts integrations between ZenGRC and other applications. So we're now providing a list of ZenGRC's public IP addresses along with recommendations for configuring your firewalls. For additional information, please see IP Whitelisting.
List of Bug Fixes
Display informative error message when the integration between Google Drive needs additional configuration in order to work with ZenGRC.
Task descriptions correctly display bulleted and numbered lists.
Customized reply-to header in ZenGRC email now displays the customer's preference instead of "notifiactions@reciprocitylabs.com."
Addressed the timeout error shown when objects are bulk edited.
- No access users cannot be selected in the user drop-down anymore.
- On the questionnaire builder, it is now more visible which of the questions have missing information before the questionnaire can be saved.
- Icon alignment on the questionnaire builder is now fixed.
- Login issues in Internet Explorer browser are now fixed.
Coming in v3.2+
- New, easy to use audit setup wizard.
@-mentions in comments.
Enhanced Jira integration for task management.
Enhanced recurrence for audit-related objects.
Additional API functionality.
Editable statuses and stock attributes.
Known Issues
Please see our currently known issue here.