Easier Language Switching (HR ⇄ ENG)
Dynamic Coloring for Risk Value Fields in Risk and Risk Assessment
Lan Sweeper Integration Interface
After Synchronizing your data from Lan Sweeper with the "Synchronization" button, you can import that data directly into your Entity table with the "Import into Entity table" button.
Import Options:
Added Attachments to Control Assessment Table
New Password Validation
Findings Table: Added new column Due Date
Improved delegation of Entities, Risks and Risk assessment
Added Findings tab inside Control Plan Edit form
Navigation: Risk→ Control Plan
Implementation of Multifactor Authentication (MFA) Option in Settings
Navigation:Administration->ShowTwoFactorAuthentication
New Report: Control Assessment Report
A new report has been created for Control Assessment process, allowing detailed analysis of control evaluations in form of a table.
Navigation: Reports → Control Assessment Report
Dynamic Coloring for "Risk Value" Fields on Risk & Risk Assessment Forms
The "Risk Value" fields on both the Risk and Risk Assessment edit forms are now dynamically color-coded based on the entered values, enhancing visual identification of risk levels.
Enhanced Probability & Impact Catalog Management
The system now supports the historical tracking of Probability and Impact catalogs over time. Older catalogs are preserved for historical data accuracy, while the latest valid catalog is always displayed for new calculations. This ensures consistency and precision in historical reporting and future risk assessments. This functionality can be accessed through the following pages, which are available to Administrator, Group Admin, and Manager roles.
Current catalog items should be marked as "active" while historical items should be marked as "not active".
Dynamic Coloring for "Risk Value" Field on Risk Treatment Plan Status Page
The "Risk Value" field on the Risk Treatment Plan Status page is now color-coded based on the entered values, making risk levels more intuitive.
Navigation: Reports → Risk Treatment Plan Status
New Color Option for Colored Fields
All fields that can be color-coded based on entered values now support four colors: red, yellow, green, and the newly added orange. This update affects the Probability & Impact matrix, which is used for calculating risk values across four distinct levels. More (dynamic) colors should be available in the next versions of the application.
FIX: Import of Regulatory Document Sections Now Functional
The import functionality for sections of regulatory documents is now working correctly.
Navigation: Knowledgebase → Regulatory documents → Chapters
New Page & Report: Finding Control Plan
A new report has been added for the Finding Control Plan page, which combines the functionality of the Finding and Control Plan pages. The report can be generated by clicking "Report."
Navigation: Reports → Finding Control Plan
New Detail Table: Compliance Edit Form
A new Control Assessment grid has been added to the Compliance edit form, providing an integrated view of control assessments. Previous assessments for the control can be visible as historical items in the grid below.
Navigation: Compliance → Edit Form
New Page & Report: Risk Treatment Plan Status
A new report has been added for the Risk Treatment Plan Status page. The report can be generated by clicking "Report."
Navigation: Reports → Risk Treatment Plan Status
"Users in roles" tab now visible in Administration for administrators and group admins
Here (navigation: Administration) administrators can view users by roles - i.e., see how many users are in each role.
Education functionality
The education module is a kind of LMS (Learning Management System) system, which enables the user to manage the education of his employees. In the first step, the user must create a new project (navigation: Projects) with the selected field Type of project = "Education".
After that, he adds external attachments/educational materials (eg powerpoint, pdf, word, etc.) to the form of the newly created project, and in the menu below that, he selects the users who must attend the education. Users are selected using the "multi-choice" menu on the "All users" tab (as well as deleting users from education), and the selected users can be viewed via the "Users in education" tab.
Also, the creator of the training can notify added users about the training via the "Send training notification" button on the training form, which sends an email notification to all added users.
After that, each of the users added to the education can access the education on the "Education" page in the navigation. By clicking on an individual education on that interface, he gets added educational materials, and after viewing them, that is, after completing the education, he can click the "Complete education" button, thus notifying the creator of the project/education about his completed education.
Version logs now accessible through the app
Hover the "Help" tab in the navigation and click "Version logs"
RiskAssessments graphs available
Go to the "Risk assessments" page (navigation: Risks -> Risk assessments), and click the following button:
There, select "Charts" and you will be presented with the graph/chart view of data.
Chatbot AlterRisk assistant + Help wizard
From version 4.5 onwards, AlterRisk has been enhanced with the AlterRisk Assistant – an artificial intelligence chat, which can provide the user with detailed instructions and information about the application. It supports two languages, Croatian and English, and the chatbot also has a "Talk to human" option, which redirects the user from a conversation with the UI directly to a conversation with the dev team.
Furthermore, a wizard with instructions on how to use the application is now present and can be accessed by clicking the "Tour" button on the bottom right of the application. (see the image above - the button is shown below the chatbot).
"Check Data" functionality
On the "Client settings" page (navigation: Administration -> Client settings) there is a new "Check data" functionality that allows the user to check the accuracy, completeness and reliability of their data throughout the application. The results are presented in Excel format and are automatically downloaded to the user's computer at the push of a button. All found errors are listed in the Excel file, along with an identification indication of where the erroneous data is located.
New field on Personal Data Processes page (navigation: GPDR->Personal Data Processes)
Field "Data destruction method".
RiskAssessment mail notification functionality
Risk assessments now have the option of sending email notifications to the chosen owner of the risk assessment ("Risk Owner" field). Mail notification can be sent for a single assessment or simultaneously for several, via "multi-choice" selection.
Single risk assessment notification:
Multiple notifications:
New knowledge base
The mapping of controls to a new set of chapters for the ISO/IEC 27001:2022 and ISO/IEC 27002:2022 standards was introduced in the knowledge base. (For the Croatian language.)
Personal Data Processes - choose between textual and lookup fields
"Personal Data Processes" page (navigation: GPDR -> Personal Data Processes) now allows you to choose the kind of field you want for your "Data Processor" and "Process/Service" fields.
If you navigate to "Client Settings" page (navigation: Administration -> Client Settings) there is a new row called "ShowEntityPDataProcessTextFields". If you set it to 1, the aforementioned two fields will appear in the form of free text. If you set it to 0, the fields will appear as lookups.
Client Settings row:
Personal Data Process edit form - client settting set to 1, so the fields appear in the free text form:
Field "Financial impact" added to Risk page
The field can be shown or hidden based on user input in the Client Settings page - under the setting key named "FinancialImpactGrid"
Administrators and Group administrators can now send mail invitations to newly created users
Custom logos can be added to reports
Client Settings page
New fields on "Goals" grid
This grid is used on the Projects edit form. The new fields include: "Responsible" (responsible person for achieving the goals in question), "DateEnd" (due date of the goals), and "Resources" (amount of resources needed for achieving the goals).
Inline editing is enabled for the following pages:
eg.
Historic metric values can now be tracked
Project edit form now shows Metric values for that particular project.
"Process all risks" (Croatian: "Rizici po procesima") page and its reports updated
Can be found in the navigation under Reports -> Process All Risks
"Control Assessment" mail notifications now have a direct link to the relevant unresolved control assessment
Once clicked in the mail, it will take the user directly to the edit form of the control assessment in question.
Entities are now automatically added to groups for each user
Before, this was done by hand - while importing regulatory documents. This step is now redundant.
The "Create On template" action on the Project edit form is now available for all project types
This action allows the creation of new projects based on already existing ones - i.e., the current projects can be used as templates for new ones.
Risk assessments of a given entity can now be used for multiple projects
Each project has its own entities. On the edit form of a project of type "risk assessment", there is an action "Auto. create risks", which allows the user to automatically create risk assessments, as well as allowing him/her to use previous risk assessments of the entities in question as a template for new ones.
Apply previous risk assessment (based on the entities of that particular project) - if "yes" is clicked, the new risk assessments will be filled with values from previous risk assessments of that entity, if "no" is clicked, empty new risk assessments will be created.
Bug on import of RiskAssessments (ie projects are saved as null) resolved
This process is envisioned as the following:
2. The user makes the necessary changes through Excel
3. The user clicks on "Actions" and "Update data" (yellow marker on picture) if he/she wants to update the existing RiskAssessments or "Import from file" (red marker on picture) if he/she wants to add new RiskAssessments from the Excel file (in this case, the aforementioned first step is unnecessary as there will only be new RiskAssessment values in the Excel file, not the existing ones)
Bug on ServiceRequest create-form (ie Service Request Type showing null values) resolved
The ServiceRequest page now works correctly - the user can insert, update or delete without issues.
Bug on Risk-RiskAssessment relationship resolved
Bug on RiskAssessment report resolved
Previous reports showed a double Project name field, one of which is now removed.
