Isora v1.1.1
Bug Fixes & Improvements
Survey Comment Threads
You now have the ability to add/edit comments, search comments and replies, and delete a comment or comment thread.
Access the comment functionality through the chatbox icon next to a survey question or at the top right of the survey page to search comments.
Filter comments to show only your own by clicking “Your Threads.”
API Endpoint: api/commentthreads
Ability to Disable the Settings Tab for Non-Admins
Admins can now hide the “Settings” tab in the navbar for non-admin users. Non-admin users will only see their own Profile in the Settings tab.
Contact the support desk to enable this setting.
Default the Third-Parties Tab to Display Only My Deployments
This feature queries vendors with my_deployments=True.
Contact the support desk to enable this feature.
Vendor Report Public Option Default
If set to True (default setting), users can view reports only within their organization.
If set to False, users can view reports across any organization.
Contact the support desk to change this to False.
Vendor Report Public Option Disabled
If set to True, the vendor report public option is shown and disabled.
If set to False (default setting), the option is shown and enabled.
Contact the support desk to change this to True.
Updated Permissions for the Vendor Requester Role
Users with the Vendor Requester role can now create and delete Third-Party Vendor Deployments and Third-Party Assessments for their organizational unit.
Third-Party Searchbar
Enhancements and bug fixes have been made to the Third-Party search bar for more seamless vendor and product searches.
Assign a User to a Risk Register Entry
You can now assign a user to a Risk Register entry. This field can be hidden if not needed.
API Endpoint: /api/riskscores
API Updates
api/vendorproducts/csv/template
Enhanced the CSV files by adding the “vendor_url” field to the vendor product CSV template.
New vendor names inserted into the CSV that do not exist will be automatically created.
api/commentthreads
Added functionality to add comments, search comments and replies, and delete a comment or comment thread.
api/reports
Added a summary of NIST CSF Policy Scores for a NIST CSF survey report. Example snippet for the “Detect” policy:
Isora v1.1
May 10, 2024
Bug Fixes & Improvements:
NEW Third-Parties Enhancements are now launched in the New UI:
NEW and improved Third-Parties View
Nested Table: Manage third-party vendors, their products, and associated deployments within their organization.
Search Functionality:
Search by Vendor and Product name in the search bar.
"Mine" Filter
Description: View deployments that are deployed by your org unit, owned by your org unit, or where you are listed as the owning user.
Access: See the profile icon on the top right.
API Endpoint: api/orgs/all?mine=true
Assessments Sidebar
Function: View all assessments related to the Vendor Product within a dedicated tab.
Vendor Details Sidebar:
Create and Delete Vendor
Create Vendor: Added a “Create Vendor” button.
Delete Vendor: Enabled the ability to delete a Vendor.
Product Details Sidebar:
Create and Delete: Enabled the ability to create and delete a Vendor Product in the sidebar.
API Endpoint: api/documentation endpoint enabled in the Vendor Product sidebar.
Deployment Details Enhancements
Deployment Details sidebar
Function: Displays editable fields from the api/vendorproductdeployments endpoint.
Can now delete a Deployment.
Can view the Contacts tab.
Column Management: Enabled the ability to show/hide columns.
Vendor Product and Deployment Table View
Overview: Provides an overall view of important details about the Vendor Product/Deployment in a table format.
Add Deployment: Enabled the ability to add a new Deployment in the Vendor Product sidebar.
Risk Register CSV upload.
There was a bug with the Risk Register CSV upload, but it now correctly creates a new risk register entry with the existing Risk Category and Risk (from Settings).
We added support for Hidden Attributes in the Risk Register settings:
Hidden Attributes options you can choose to keep hidden:
'Inherent_impact',
'Inherent_likelihood',
'Inherent_score',
'Target_impact',
'Target_likelihood',
'Target_score',
'Target_mitigation_control',
'Notes'
We enabled the ability to edit these Risk Register field labels:
Inherent Impact
Inherent Likelihood
Current Impact
Current Likelihood
Target Impact
Target Likelihood
Notes
Target Mitigation Control
Current Mitigation Control
...