Versions Compared

Old Version 32

changes.mady.by.user Eduardo Gonzalez

Saved on

compared with

New Version Current

changes.mady.by.user Theresa Trevino

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Isora v1.

...

1.2

What's New 

  • Added Vertical Score to Categorical Overview: Introduced the vertical score in the Categorical Overview of assessment reports, showcasing how the target performed relative to the Assessment Mean in each category. Category scores are calculated by averaging the question scores within each category. 

    • API endpoint: api/report/<uuid> 

  • CSV Uploader for Vendors and Vendor Products: Implemented the capability to upload Vendors and Vendor Products using a CSV uploader in the Inventory/Third Parties tab.

    • Import API endpoints: api/vendors/csv and api/vendorproducts/csv 

    • Template API endpoints: api/vendors/csv/template and api/vendorproducts/csv/template 

  • Third-Party Report Header in PDF Exports: Added the Third Party Report header and deployment details to the PDF export for completed assessments. 

  • Read-Only Comment History: Enabled read-only comment history in report responses. 

Bug Fixes & Improvements 

  • Third-Parties Inventory Download: Fixed a bug when downloading the Third-Parties Inventory that was missing the Vendor URL field. Downloads of Third-Party Inventory are now seamless. 

  • Third-Party Vendors Search Bar: Further optimized the search functionality within the Third Party Vendors section. 

  • Vendor Score Calculation: Fixed a bug that affected the calculation of the vendor score average by product latest score. The average is now correctly calculated based on the most recent score. 

API Updates 

  • Enhanced Reporting Capabilities: 

    • api/reports/all?assessment_id=<assessment_uuid>

      • Enabled the ability to pass the Assessment ID to the reports/all endpoint. 

    • api/reports/<report_uuid>

      • Added the vertical score to the Categorical Overview in a report. 

      • Example:

      • Code Block
        "vertical": {
                "current": [
                    {
                        "name": "01. Documentation",
                        "parent": "parent_uuid",
                        "mean": 100.0
                    },

Isora v1.1.1

Bug Fixes & Improvements

Survey Comment Threads 

  • You now have the ability to add/edit comments, search comments and replies, and delete a comment or comment thread. 

  • Access the comment functionality through the chatbox icon next to a survey question or at the top right of the survey page to search comments. 

  • Filter comments to show only your own by clicking “Your Threads.” 

  • API Endpoint: api/commentthreads 

Ability to Disable the Settings Tab for Non-Admins 

  • Admins can now hide the “Settings” tab in the navbar for non-admin users. Non-admin users will only see their own Profile in the Settings tab. 

  • Contact the support desk to enable this setting. 

Default the Third-Parties Tab to Display Only My Deployments 

  • This feature queries vendors with my_deployments=True. 

  • Contact the support desk to enable this feature. 

Vendor Report Public Option Default 

  • If set to True (default setting), users can view reports only within their organization. 

  • If set to False, users can view reports across any organization. 

  • Contact the support desk to change this to False. 

Vendor Report Public Option Disabled 

  • If set to True, the vendor report public option is shown and disabled. 

  • If set to False (default setting), the option is shown and enabled. 

  • Contact the support desk to change this to True. 

Updated Permissions for the Vendor Requester Role 

  • Users with the Vendor Requester role can now create and delete Third-Party Vendor Deployments and Third-Party Assessments for their organizational unit. 

Third-Party Searchbar

  • Enhancements and bug fixes have been made to the Third-Party search bar for more seamless vendor and product searches. 

Assign a User to a Risk Register Entry 

  • You can now assign a user to a Risk Register entry. This field can be hidden if not needed. 

  • API Endpoint: /api/riskscores 

API Updates 

  • api/vendorproducts/csv/template 

    • Enhanced the CSV files by adding the “vendor_url” field to the vendor product CSV template. 

    • New vendor names inserted into the CSV that do not exist will be automatically created. 

  • api/commentthreads 

    • Added functionality to add comments, search comments and replies, and delete a comment or comment thread. 

  • api/reports 

    • Added a summary of NIST CSF Policy Scores for a NIST CSF survey report. Example snippet for the “Detect” policy:

Isora v1.1

May 10, 2024

Bug Fixes & Improvements:

  1. NEW Third-Parties Enhancements are now launched in the New UI:

    1. NEW and improved Third-Parties View

      1. Nested Table: Manage third-party vendors, their products, and associated deployments within their organization. 

    2. Search Functionality: 

      1. Search by Vendor and Product name in the search bar. 

    3. "Mine" Filter 

      1. Description: View deployments that are deployed by your org unit, owned by your org unit, or where you are listed as the owning user. 

      2. Access: See the profile icon on the top right. 

      3. API Endpoint: api/orgs/all?mine=true 

    4. Assessments Sidebar

      1. Function: View all assessments related to the Vendor Product within a dedicated tab. 

    5. Vendor Details Sidebar: 

      1. Create and Delete Vendor 

        1. Create Vendor: Added a “Create Vendor” button. 

        2. Delete Vendor: Enabled the ability to delete a Vendor. 

    6. Product Details Sidebar:

      1. Create and Delete: Enabled the ability to create and delete a Vendor Product in the sidebar. 

      2. API Endpoint: api/documentation endpoint enabled in the Vendor Product sidebar. 

    7. Deployment Details Enhancements

      1. Deployment Details sidebar

        1. Function: Displays editable fields from the api/vendorproductdeployments endpoint. 

        2. Can now delete a Deployment.

        3. Can view the Contacts tab.

        4. Column Management: Enabled the ability to show/hide columns.

    8. Vendor Product and Deployment Table View 

      1. Overview: Provides an overall view of important details about the Vendor Product/Deployment in a table format.

      2. Add Deployment: Enabled the ability to add a new Deployment in the Vendor Product sidebar. 

  2. Risk Register CSV upload.

    1. There was a bug with the Risk Register CSV upload, but it now correctly creates a new risk register entry with the existing Risk Category and Risk (from Settings). 

  3. We added support for Hidden Attributes in the Risk Register settings:

    1. Hidden Attributes options you can choose to keep hidden:

      1. 'Inherent_impact',

      2. 'Inherent_likelihood',

      3. 'Inherent_score',

      4. 'Target_impact',

      5. 'Target_likelihood',

      6. 'Target_score',

      7. 'Target_mitigation_control',

      8. 'Notes'

  4. We enabled the ability to edit these Risk Register field labels:

    1. Inherent Impact

    2. Inherent Likelihood 

    3. Current Impact 

    4. Current Likelihood 

    5. Target Impact 

    6. Target Likelihood 

    7. Notes 

    8. Target Mitigation Control 

    9. Current Mitigation Control

API Updates:

  1. api/vendors: Added Vendor Hierarchy filters:

    1. Deploying unit

      1. /api/vendors?deployed_org_name=<org_name>

      2. /api/vendors?deployed_org_code=<org_code>

    2. Owning unit(s)

      1. /api/vendors?deployed_owners_orgs_code=<org_code>

      2. /api/vendors?deployed_owners_orgs_name=<org_name>

    3. Owning user(s) 

      1. /api/vendors?deployed_owners_people_username=<username>

  2. api/vendorproducts: Added ‘most_recent_score’ field to api/vendorproducts endpoint.

    1. This field calculates the most recent score from the report data associated with the Vendor Product instance.

  3. api/riskscores: Added ‘assigned_users’ and ‘assigned_users_info.’ Both are saved in a list.

    1. ‘assigned_users’: [‘username’]

    2. ‘assigned_users_info’: [

"username": "username", 

"first_name": "first_name", 

"last_name": "last_name", 

"email": "user_email"

]

  1. api/orgs/all: Enabled a “mine” filter option that allows you to view deployments that are deployed by your org unit, owned by your org unit, or where you are listed as the owning user. 

    1. api/orgs/all?mine=true

  2. api/apps: Added filtering options:

    1. api/apps?last_assessed_date_gt=<YYYY-MM-DD>

    2. api/apps?last_assessed_date_lt=<YYYY-MM-DD>

    3. api/apps?deployed=<true/false>

Isora v1.0.4

April 12, 2024

API Updates

  1. The /api/documentation endpoint now offers new fields and filtering options that provide additional details about the documentation and allow you to filter the documentation by inventory types and records:

    1. New fields:

      1. ‘name’

      2. ‘description’

      3. ‘uploaded_at’

      4. ‘uploaded_by_info’ : {

      ‘username’

      ‘firstname’

      ‘lastname’

      ‘email’

      }

      1. ‘Expiration’

      2. links.download_URL

    2. Filtering options:

      1. /api/documentation?survey_id=<survey_uuid>

      2. /api/documentation?surveys_product_id=<vendorproduct_uuid>

      3. /api/documentation?surveys_app_id=<app_uuid>

      4. /api/documentation?exceptionrequest_id=<exceptionrequest_uuid>

      5. /api/documentation?app_id=<app_uuid>

      6. /api/documentation?product_id=<product_uuid>

      7. /api/documentation?host_id=<host_uuid>

  2. We’ve upgraded the /api/config to allow customization of /api/riskscores fields

  3. For those utilizing the /api/riskscores, we've introduced qualitative labels like Insignificant, Minor, Moderate, Major, and Severe, alongside the existing integer values for 'inherent' and 'likelihood' fields. Yes, you can edit these labels too!

  4. We added a new deployment field to /api/assessments which will enable the ability to track third-party vendor assessments against vendor deployments and associate attester contacts to the specific deployments (coming in then next version).

Bug Fixes & Improvements

  • Fixed a bug where users weren't redirected correctly after logging out. Now, you'll land exactly where you're supposed to.

  • Fixed a bug where pagination for the third-party vendor table in the assessment wizard was not working.

Isora v1.0.3

March 22, 2024

API Updates

  • Added the following new fields to the /api/vendorproductdeployments endpoint:

    • owners_people_info: Provides information about the people associated with the vendor product deployment.

    • owners_orgs_info: Provides information about the units associated with the vendor product deployment.

    • org_info: Provides information about the deploying unit.

    • created_date: Includes the creation date of the vendor product deployment.

  • Added uploaded_by details to the /api/documentation endpoint, providing information about the user who uploaded the documentation.

Bug Fixes & Improvements

  • Fixed a bug that prevented the deletion of vendors with deleted products. Vendors can now be successfully deleted regardless of the status of their associated products.

  • Fixed a bug that caused the risk register matrix report in the old user interface to not function properly. The report now generates and displays as expected.

  • Fixed a bug that prevented users from saving edits made to risk records. Users can now successfully save their changes to risk records.

Isora v1.0.2

March 15, 2024

What's New

  • Introduced a protocol selector for URL fields to clarify protocol requirements.

  • Added additional assessment details to PDF exports.

  • Added a new endpoint /api/vendors/hierarchy that serializes vendor products and deployments to optimize search functionality.

  • Added a FEEDBACK_URL field to /api/config, allowing customers to customized the feedback URL to a custom URL if they choose.

Bug Fixes & Improvements

  • Corrected calculations in the score distribution widget and historical data switcher.

  • Improved score rounding for enhanced accuracy.

  • Resolved a bug affecting external survey link functionality in SSO environments.

  • Fixed an issue with lengthy third-party vendor product statuses not truncating correctly.

  • Addressed a bug that prevented some users from launching or publishing assessments due to assessment instruction issues.

  • Fix validation error when a vendor is added with the same name.

Isora v1.0.1.1

February 16, 2024

What's New

  • Added Isora version information to the user menu dropdown.

Bug Fixes & Improvements

  • Resolved an issue with the search bar in report responses that was not returning any results. It now correctly returns results from categories and questions.

  • Addressed a bug preventing unit assessments with asset enrichment from being launched or acknowledged.

  • Addressed a bug that was restricting users from accessing reports.

Isora v1.0.1

February 9, 2024

What's New

  • Enhanced Clarity for Assessments: Introducing the Introduced a "Partially Launched" status on the unit assessment dashboard for a more intuitive understanding of assessments with mixed "Active" and "Launched" survey states.

  • Optimized Assessment Page: We've refactored Refactored the assessment page for better performance, significantly reducing loading times, especially with large datasets.

  • Introduced a new endpoint for Vendor to serialize vendor products, enhancing search efficiency on the frontend.

  • Added a launch_all_surveys parameter and launchsurveys endpoint to AssessmentViewSet.

Bug Fixes

...

& Improvements

  • Fixed a bug where the deploying unit field was not correctly displaying the unit hierarchy tree in the setup wizard.

  • Data Accuracy in Reports: Fixed Improved the bell curve report widget to ensure data accuracy.

  • Exported Document Column Names: Corrected inaccuracies in column names within the .docx response export feature.

  • Letter Grade Calculations: Adjusted the letter grade algorithm to ensure accurate grading.

  • User Access: Addressed issues with user roles and permissions that previously restricted access to certain features.

API Enhancements

  • We've made several updates to the API to support our platform's ongoing redesignFixed a performance issue on the Settings > Assessment page by allowing the addition of ?exclude=survey_details to the assessments URL.

  • Updated the /api/unitanswers/csv to include all questions, regardless of whether they have been answered.

Version 2024.01

  • FIX: Temp fix for querying /api/questionsnapshot/<id>, if survey is in query parameters.

  • NEW: Making Isora Lite configurable from a regular instance, so Lite is easier to maintain.

  • NEW: New UI Changes: risk register, add new fields to vendorproduct and vendorproductsurvey, add new fields to app and appsurvey,  add new fields to classificationsurvey, update statuses on assessment and surveys, add new deployment environment - Evaluation, add default instructions - set it on all existing surveys,  add ability to launch all surveys from an assessment request, add ability to save launch options to surveys so users can save as draft, add ability to import previous survey responses on launch for vendorproductsurveys, adding report mean to app and vendor most_recent_report representation.

  • NEW: New UI: Adding new attribute for participants to Assessment - it's a combination of all users who might participate in the assessments surveys (ou heads, assessment managers, IT contacts, delegate users).

  • FIX: Fix Classification and App Survey Statuses.

  • FIX: New UI: Fix for final_acknowledged_date in report for when the survey is in pre-final acknowlegement phase.

  • NEW: Add filter_queryset to querysets for reports/all and reports/listdetails endpoints to honor any query parameters passed to them for the New UI.

...