The SimpleRisk 20210121-001 release was originally intended to be delivered in late Q4 2020, however, we began on overhauling the SimpleRisk release process and it took a few extra weeks to complete that work. Our goal was to make this SimpleRisk release process "bullet proof". We did this by moving this key release functionality into the Upgrade Extra and then publishing APIs for it as part of the SimpleRisk Core. While it won't work for this release, all future releases will prefer the use of the API for upgrades. These APIs have been developed to provide messages for all sorts of use cases for why things might fail. Because these are APIs, and not code in the SimpleRisk Core, we can modify code used by the release at the time of the release, rather than at the time the "Upgrade" button is clicked. We realize that this might mean nothing to you, and that's okay, just realize that it's all part of our goal to have a simple, less error-prone, release process for all of our users.
This release also included the addition of two new reports. The "Connectivity Visualizer" report was created to give a visual representation of the relationships between frameworks, controls, risks and assets. Simply select which one you want to focus on and we will show you how they are related.
The "Current Risk Comments" report is the other new report that was created as a result of a number of customers looking for an easy way to identify new comments on their risks. It will show the most recent comment for each risk as well as the date of the comment.
A number of other new features were added to enhance the usability of SimpleRisk including:
- Added Last Test Date to the audit timeline report.
- Added searchable fields from the Dynamic Risk Report to all other reports in the reporting section.
- Re-ordered the control dropdown menus to be in alphabetical order.
- Changed the format on the Document Program so the edit buttons are easier to use.
This release also included the following bug fixes for the SimpleRisk Core:
- Fixed an issue where Next Review Date and Approval Date fields would display in different date formats when editing items in the Document Program.
- Fixed an issue where users were unable to set a Last Test Date prior to the current day when editing Compliance Tests.
- Fixed an issue where searching for items in the Document Program using Framework or Control would not function if the item belongs to multiple selections.
- Fixed an issue where Timezone was not being displayed correctly according to what was configured in Settings.
- Fixed an issue where editing the tags associated with an asset would submit them twice.
- Fixed an issue where the tabs to switch between risks and the risk list would break when a risk was edited.
- Changing a value in the Add and Remove values now records an audit entry as expected.
- Fixed an issue where the User Permissions in the User Management were not correctly spaced.
We also fixed a XSS vulnerability on the Settings page under the Configure menu.
The SimpleRisk Extras are the paid for functionality that extend the features of the SimpleRisk Core. This release included a ton of new functionality and bug fixes to our SimpleRisk Extras:
- Added a new Reporting menu.
- Added a new “Overview” report under the Reporting menu.
- Added a new “Incident Trend” report under the Reporting menu which shows a variety of metrics for incidents captured in the system.
- Added a new “Lessons Learned” report under the Reporting menu which shows a list of all lessons learned and the incidents which they are associated with.
- Added a new Configure menu.
- Added a new “Settings” page under the Configure menu.
- Added a new “Add and Remove Values” page under the Configure menu which gives you the ability to add, edit or remove items in the Incident Management dropdown menus.
- Added a new “Playbooks” page under the Configure menu which gives you the ability to create custom playbooks and edit existing playbooks.
- Updated Incident Management to use tags the same way as the rest of SimpleRisk.
- The “Collected on” field will now save properly when users have a date format set other than default.
- Editing and saving incidents no longer duplicates notes/evidence.
- Fixed an XSS on the Customization Extra configuration page.
- Fixed an issue where users could not disable the Risk Mapping field.
- Fixed an XSS on the All Open Risks By Team By Risk Level report while using Custom Fields.
- Fixed an XSS on the Management Review page when using Custom Fields.
- Fixed an issue where after Assessments was turned on for the first time some text would be displayed somewhere randomly on the next page loaded.
- Fixed an issue where adding a new tag to an answer would not make it available for later use in dropdowns.
- Unified how tags work in Assessments to match the rest of SimpleRisk.
- Changed the separator for multiple tags on active/closed risks on the questionnaire results page as commas were found to be misleading.
- Added the ability to have a risk added in Jira trigger a new risk in SimpleRisk.
- Fixed an issue where users would receive an error when disabling the ComplianceForge SCF Extra.