💡 Feature requests

Currently in the Vendors review flow, selecting a login/authentication method is mandatory to mark a vendor as Reviewed. However, not all vendors provide software or platforms that require authentication. Context Some vendors (e.g. law firms or consultants) do not offer any system requiring a login. In these cases, we are forced to select an incorrect authentication method just to complete the review. Proposed solution Add a “No authentication required / Not applicable” option that allows vendors to be marked as Reviewed without selecting a login method.

Problem The current Vendors section is limited in scope and suggests that only software vendors should be listed. In practice, organizations work with different types of third parties, such as: infrastructure providers, partners involved in collaborative development, customers participating in joint projects. These entities are currently not clearly represented in the Vendors section, although they are relevant from a risk and compliance perspective. Proposed solution Rename Vendors to Vendors & Partners, or extend the section to explicitly support different third-party types (e.g. vendor, partner, customer, infrastructure provider). Benefits More accurate representation of third-party relationships Better coverage of non-software and collaborative partners Improved clarity and usability for customers

One of the biggest challenges I face is getting employees engaged in security awareness. People don’t realize the importance of security until something goes wrong. I’d love to see a Security Awareness Hub in Secfix that helps make security training more interactive. This could include: Phishing simulations (with real-time reporting), Security quizzes with gamification elements It would also be useful to have a section for real-world case studies and alerts to keep employees informed about emerging threats. Having these features within Secfix would simplify security engagement and help drive a stronger security culture in the company.

It would be nice, if the pages for Automated Checks and Manual Evidences could remember the personal filter settings at least during a user session. Currently, if you leave these pages and return again, the selections are gone.

It would be great to have a simple and automated assignment of line managers for each employee in the Inventory > Employees module. Current Challenge: In the Employee Inventory section, we currently need to manually assign the “Reports to” or “Owner” field for each employee. Since we are using a HRIS (like CharlieHR), this data already exists within the tool (line manager/manager relationships), leading to double work and potential inconsistencies. Requested Functionality: Enable the system to automatically pull and assign line manager data (i.e., the "Reports to"/"Owner" field) directly from the connected HRIS (starting with CharlieHR). Auto-sync the "line manager" field for each employee upon HRIS integration. Keep the field up to date via periodic sync or manual refresh. Allow override or manual assignment if needed, but default should come from the HRIS. This would help us save immense amounts of time, through eliminating manual work. It reduces human error in assigning responsible persons. It aligns Inventory more tightly with source-of-truth systems like our HRIS.

In the current workflow, we can only upload a policy and then approve it. I'd like to review it first before approving it.

Currently whenever I need to find anything, I go to google docs and use the search bar there, and then find all the policies that are mentioning my keyword or term. There might be a bottle neck if we forward all the employees always to /policies page, and they need to open all the pdfs separately and use cmd F function, do more manual searching.

As an Information Security Officer I'd like to see known CVEs from public sources, which refer to the vendors and software listed within Secfix for our tenant. This would support the vulnerability check/non-conformities for the continuous tracking. The premium version would mark computers with identified vulnerabilitites, although this is quite operational and goes far beyond a certification tool.

Even though I connected Linear as part of the ticketing integrations, Jira seems to be the only available options to automatically create and links tasks from SecFix.

After receiving an email with tasks assigned to them(via manual tasks), the user would like to log into Secfix and see their specific tasks to do in one view - in a Notifications tab.