💡 Feature requests

Currently, in the risk register, we can only see the beginning of a risk description, and need to hover over each one to read the full sentence. This makes it difficult to quickly review or compare multiple risks - especially when prepping for an audit or working collaboratively across teams. We’d love the ability to see the full risk sentence/description at a glance, either by: Expanding the column width Wrapping the text onto multiple lines Or displaying the full text in a tooltip or modal upon click (rather than hover) Hovering over each individual item is time-consuming and unintuitive, particularly when managing a longer list of risks or reviewing historical entries. It would streamline our workflow and make the tool much more usable during time-sensitive tasks like audit prep. Thanks for considering this quality-of-life improvement!

It would be helpful to have an FAQs section in the Trust Center to address common customer questions.

The auditor made us aware, that any assets containing PII or PHI data, should be by default set to "confidential". Marking them "internal" is incorrect, which was a minor non-conformity. To exclude human error in future, we would highly appreciate an automatic classification of any assets in the inventory. PII/ PHI = confidential by default.

As a user managing risk scenarios, I want to be able to associate the same treatment task with multiple risks without needing to create duplicate tasks or tickets. Currently, I have to manually copy and paste identical tasks across different risks, which is inefficient and error-prone. Ideally, there should be a dropdown menu or linking option that allows me to select from previously created treatment tasks and apply them to relevant additional risk entries. This would streamline the process, ensure consistency in mitigation strategies, and reduce manual effort.

Currently, there’s no way for admins to see when an onboarding task is about to expire. It would be helpful to display expiry dates, so admins can proactively remind employees to complete their tasks before the deadline.

When someone who owns ISMS items (like risks or evidences) leaves the company, it becomes a manual and error-prone process to identify and reassign everything they were responsible for. This recently led to a few non-conformities during our internal audit because certain risks ended up without an owner after the previous assignee was offboarded. It would be great to have a feature that allows automatic reassignment of ownership upon user deactivation or removal, similar to how Google Workspace prompts for a successor when deleting an account. Even better would be: The ability to assign ownership based on roles, so that responsibilities persist regardless of who fills a given role A reassignment prompt when deactivating users, showing what ISMS items they’re responsible for and allowing bulk reassignment Visibility into “orphaned” items with missing owners to prevent NCs This would help us ensure continuity and keep our ISMS responsibilities clean and compliant during team transitions (which unfortunately happens at the worst time sometimes - like before the External Audit).

It would be great to see more flexibility in how user roles are managed in the Secfix platform. Right now, there are only two options — Admin and Employee — which creates friction when trying to delegate responsibilities across the ISMS without giving full access. For example, I want to assign HR-related evidence tasks to our HR lead, but they can't upload or manage evidence unless we promote them to Admin. This doesn’t scale well and poses unnecessary access risks. A few role types we’d love to see: Evidence Contributor: Can upload and manage assigned evidences Risk Owner: Can view and manage risks they are assigned to Auditor (View-only): Read-only access for external or internal stakeholders Vendor / Contract Owner Human Resources Compliance Inventory Management More granular roles would help us distribute ownership more efficiently and keep responsibility aligned with actual roles within our organization — without compromising security or overwhelming users with unnecessary access.

Grant auditors read-only access to review data before audits.

Request We would like the ability to change the Approver of a document without reuploading Policies. Currently, when a document is already approved and the same person is both the Owner and Approver (based on ISO 27001 this should not be the case), there's no clear option to hand over the Approver role to someone else (e.g., from me to Michael) without reuploading the Policy. Benefits Enables proper role separation and ensures correct approval responsibilities. Aligns better with real-world collaboration scenarios, especially in compliance teams with changing responsibilities.

It'd be great if we could use the policies, automated checks and other data already in the Secfix platform to automatically populate answers for RFQs and security questionnaires.