💡 Feature requests

Feature Request Ability to filter and display Manual Evidences and Controls by their connected Policies in the Frameworks page. Description Clients currently struggle to understand which Manual Evidence or Control is linked to which Policy within their dedicated Frameworks page. For example, if POL-99 is connected to Control XYZ and Manual Evidence XYZ, there is no clear or direct way for the client to see this relationship. Current Limitation For Controls: It is technically possible to see the connected Policy, but only by manually opening each Control one by one. This is time-consuming and not scalable. For Manual Evidences: The connection to Policies is not visible at all, meaning clients have no way of knowing which Policies are linked without switching context or guessing. Proposed Solution Introduce a POL-filtering function to display Manual Evidences and Controls grouped by or connected to their respective Policies. Example: Selecting POL-99 should immediately show all associated Controls and Manual Evidences (in their own pages) without requiring the client to open each item manually. This would extend the existing filtering functionality for Controls to include Evidences, and make the Policy–Control–Evidence relationships fully transparent. Value for Clients Improves transparency and usability when navigating Frameworks. Reduces manual effort and prevents clients from having to open every single Control individually. Provides a clearer understanding of how Policies, Controls, and Manual Evidences are interconnected. Ensures consistency and completeness in the platform, aligning Controls and Evidences with Policy connections.

Allowing custom tags for all the list items (vendors, access, risks, etc) would make working with them much easier and flexible. possible uses: mark as WIP, missing DPA, asset type, assigned team, and much more

Some policies are interdependent and closely related in terms of content. It would be helpful if the system could recognize these connections and automatically ensure consistency across all affected documents when one of them is updated. Maybe it can be supported using AI.

Currently we are not able to add auditors manually to the platform. We would like to be able to add auditors on our own, when they are in the auditing process until they were able to finish writing the audit report.

Based on selected controls within the standard, it'd be great if Secfix could automatically generate policies that match our context.

Currently, each policy must be manually selected or deselected when assigning them to employee groups. With 20+ policies, this is time-consuming and not user-friendly. Certain groups like for e.g. the ISMS governance council needs to read all policies, which is not optimal. Proposal: Add "Select all" and "Deselect all" buttons to quickly assign or remove all policies with one click. This would save time, reduce errors, and significantly improve the user experience.

In the past, you were able to complete your access review using Secfix Access Management Google Sheet prototype (see screenshot). However, some of you left the task open for quite a while and didn't come back to it to complete the review. To repeat access review, you needed to go through a long process of updating the access lists for each tool. What we can change Once Access Page is automated and shows a list of accesses in the most critical software you use you could add the access tasks and conduct a proper access review directly on the platform. It allows to keep access page and access reviews up-to-date and see the Access Review history for your audits. Loom Video https://www.loom.com/share/0464141d05f049149affacf47244c24f

It'd be great if working on the PSR & supporting docs was available in the app (e.g. marking tasks as done in the app itself and not in sheets)

When it comes to approving policies, many of our areas consist of just one person, and creating lots of groups just to approve policies disrupts the other functions that the groups have. It might be possible to give the option of approving policies by user/person rather than by group.

RFP questionnaire filling, It will be more helpful and timesaving if trustcenter guide the sales teams to fetch answers for security related questions during RFP phase during deal closure