Note: The following features are not added to IT Compliance Management by default. For information on adding these features to your version of the app, contact your CSM.
New Features
Point in Time Reporting
With the new Point-in-Time reporting feature, users can view historical information in reports in order to compare and contrast against information from previous timeframes. For instance, an IT compliance team can easily compare a previous year's certification results with the current year to better align evidence submission. Admins can enable this feature from the Configure Filters palette when editing a report.
Suggested Evidence
When a user from the IT Compliance Team user group selects SOC 2 as the source framework of a citation, the citation will now display a new read-only Suggested Evidence section. This new section will make it clear what evidence users should submit for the citation and reduce the amount of time spent on an assessment.
Mass Applicability
Users in the IT Compliance Team user group launching an applicability assessment will now be able to mass select which citations are not applicable to the assessment without having to manually push each citation. This will maximize the team's efforts and reduce the need for unnecessary manual administration.
Framework Mapping
Users in the IT Compliance Team user group have access to a new Framework Mapping activity. This activity leverages each framework's content package to connect the requirements shared among frameworks and expose overlaps in evidence. This allows the IT compliance team to easily solidify lasting mappings across their evidence and frameworks and fast track additional framework certifications.
External Control Review
Resolver is adding a new External Control Review activity to allow users to easily digest pre-defined external control libraries. This enables users to leverage best practice control libraries and does away with the need to create new controls entirely from scratch. The activity allows teams to review, vet, and tailor these controls, producing an optimal control library specific to the organization.
Increased External Auditor Support
The IT Compliance Assessment form will have new fields that capture the external auditors' comments, reviews, and attachments. This will make it easier to capture essential external auditor information during a certification.
Multi-Framework Support
Each citation will now only show fields relevant to the selected source framework. This will reduce clutter and allow users to focus on relevant information.
In-App Alerts
Users in the IT Compliance Team user group will have access to a new Alert Management activity. This will allow Resolver's content team to provide customers with vital news and updates. This lets the IT compliance team know when new updates are available and allows plenty of time to plan how to leverage them.
Data Subject Access Request Portal
Users in the IT Compliance Team user group can use the new Data Subject Access Request Portal activity to collect important requests regarding personal identifiable information. These requests can then be verified by the InfoSec team and tracked to completion, taking an important responsibility and centralizing that effort into a single monitoring activity.
Assessment Scoping Improvements
The IT Compliance Assessment form has been enhanced to better support scoping exercises. When the IT compliance team is scoping an assessment, instructions will be visible to walk them through the process. After scoping, the instructions will be replaced with a tabular view of the scope for simple reference. This will reduce confusion on users and make the scoping process easier overall.
Archive Support
Members of the IT Compliance Administrator user group can now access the new Archived activity to view the following archived objects:
Assessments
Citations
Controls
Issues
Alerts
The Library will have new views to allow users to view archived authority documents and their child objects.
Miscellaneous Improvements:
Applicability assessments can now utilize navigation trees for ease of use.
Reports will now include descriptions to increase user clarity. The descriptions will also mention if the report is an export.
The IT Control Owner user group has been renamed to IT Control Owner (Limited User).
A new Audit Reference ID field has been added to controls in all assessment forms.
The IT compliance team and administrators can now manually send a control in the Review workflow state back to the Document and Assess workflow state if further work is required.
- Members of the Issue Owner user group will have read-only access to citations in the following workflow states:
Pending Assessment
Document Controls
In Review
External Review
Complete