Conformatix Wiki


Release Notes 1.5.5

Conformatix® v1.5.5 Release notes.

Release date: June 28th 2021 between 07:30 - 08:30 CET.

Some of the fixes and additional functionalities are related to conformatix risk module. This module makes it easy to identify and manage risks. Focus on – but not limited to – information security. If you do not use this module yet, please consider it and contact us.

We always plan new features ourselves but would like to encourage you to communicate your future wishes with us. This way your requests can be taken into consideration and perhaps taken into the next releases. For existing planned features, please scroll down to the latest page.

New functionalities / Improvements

Security

Two factor authentication (2fa)

With 1.5.5 2fa has made its debut. From the administration menu under company, we added a security tab. In the company security setting you can enable 2fa. When enabled, each user must then login with an authenticator like Google authenticator, Authy or MS authenticator. The 1st time a user should add the application to his method of choice by scanning a barcode or entering a code manually. After that each user will have to use the auth of his choice to be able to log into conformatix.

A reset per user has been made available from the admin menu to administrators in case the used method by the user is no longer possible (loss/theft/damage of phone for example). We strongly suggest your admin(s) will create an non phone bound auth account so the organization can always restore their 2fa.

In the case no admin can access the system through 2fa anymore, please contact us and we will explain the procedure to regain access.

Password

We added the possibility under the company security tab to set two password options.

The minimal password length & expiration time can now be set

Login

A timeout in seconds can be set per company upon a false login attempt (user+ip)

The frequency can be set after how many false attempts the time-out will become active.

Under the company security settings, a log is kept for false logins.

Timeout

We implemented a 15min inactivity logout timer. The user will be notified in its active browser window and has 1 minute to keep the session alive by acknowledging it in the notification window. If the user does not acknowledge, he will be logged out and redirected to the login screen.

User Based Roles

With 1.5.0 we introduced "user-based roles". We reviewed the way it was implemented and decided to change the interaction with the user interface to be more user friendly & comprehensive. Now when a role is defined you can choose & select whether that role is also used as a user based one. This change has a slight impact on the administration menu as one option has disappeared. Existing User Based Roles will be migrated to the new situation.

Tables

With extending functionalities, some tables became simply too wide. We changed some tables in a way so columns will display in a row field responsively. Whenever the viewport becomes too small, a "+" sign appears in the first column to open the other columns information.

Crucial Tasks

Any process step can be set to crucial. When this switch has been enabled, a frequency and start date must be set. An issue type crucial will be created to the process owner. Although there is an option to set a process step to crucial with a daily frequency, we strongly advice to make use of this option with great restraint. At creation of a process step with this option enabled, a new issue, type crucial, will be created immediately. Each night the system will check all process steps and will automatically generate a new issue type crucial when the frequency is met and will send out an email to the process owner.

Issues

We removed the possibility to add issues of the type crucial or risk from the manual creation "Register Issue". These two types should not be generated manually as they always should have a relation with their source. Manual creation of these types could cause issues to "float" without the required references.

Inconsistencies:

General

Sometimes the save button showed Edit instead of Save.

The calendar date picker now always shows "today" date in a color.

Bug Fixes:

Dashboard

Dashboard; My Created Issues widget was named wrong, it showed non closed issues. We renamed the title to Non Closed Issues. The issue number is now visible as 1st column (or 2nd after actions column) in most grids where issues are present. Feature releases will move all action buttons to the left screen for more consistency.

Audit planning

Wrong information was displayed (Email instead of first- & last name)

Issues

When adding a document to an issue, its save/cancel routine was executed outside the issues cancel / save routine.

HTML Parsing

In case tables were used in description fields within the application, saving them again could cause the table formatting to be lost. We also found HTML code was not always parsed correctly in the system user interface or exported documents.

Compliance

Wrong representation in Compliance related Issues, it did not show the correct follow-up date. Now it shows correctly: ISSUE Nr | Short Description | Follow up date.

Administration

Administration; Entities; Column was sometimes sorting wrong.

Processes; Process step> Crucial task

Once a process step was set to Crucial an "issue" with type "Crucial" was created. However, the frequency set did not trigger the creation of follow up steps.

Processes; Process step; Versioning

The audit trail versioning caused resources to be locked within the history. Due to this lock it was impossible to remove a role or asset. Now this is no longer the case.

Insights; Audit Report

The Fields 'Scope & Approach' and 'Global Results' are amended to better display the information.

Risk Module

We noticed and fixed an inconsistency in the creation and displaying of issues related to risk treatments.

Administration>company

We noticed saving the company profile could cause the risk module to switch off. This has been fixed.

Planned

Risk Module

Add the description to the risk assessment threat/consequence when hovering over it to display the full content.

Add to the risk treatment screen the related issues if present.

Create a risk treatment sequence number (like we have at issues now).

When an issue type risk is created from the treatment screen, add the relation to the issue and the risk to the issue screen.

Action buttons

Place all action buttons throughout the application to the left.

My User Profile

Add the user based settings tab to the user profile and display the related information.

Administration

Amend the User based setting stab with more distinguished separator, GUI improvement.

Compliance

Change the status coloring behavior. We will improve the way the compliance status change is working.

  • When in the issue one or more requirements are selected, only those requirements should change status color regardless of the process.
  • At each selected requirement related to a process, any issue should be visible as related issue in the compliance overview.
  • When the process owner assigns the issue to someone and decides to remove or change the related requirements in that issue, the changes should be reflected accordingly in compliance screen and color status as per above.
  • In case no requirement in the issue is selected and the issue type is not improvement, each requirement which is affected due to the process-requirement relation should display the related issue.
  • Issue type crucial status waterfall: Check youngest crucial task with non closed status for planned follow up date. If crucial task planned follow up date < current date then -> Status fail.

Issues

At current when a new issue is generated the process owner will get an email notifying him and urge to act. We will also add email notifications when an issue is assigned to the assignee and to the user chosen when ready for verification is switched on within the verification by selector.

Insights

We will change the insight menu and add two more reports.

A user report that will show the users first, last name, department, function, roles, user based roles, user group and status.

A compliance report that will give an insight about the compliance of the norm. A date selector 'from - to' and a norm selector will be present to populate the grid based on your choice or all if no filters are applied.

It will display a grid with the following information:

Requirements; Applicable (Y/N); Process requires (Y/N); Process Name; Audit Frequency; Audit performed(linked); Audit Date(s); Audit performed by

Multi Site Module

While expanding our client base, the need for this module has become a priority. The scope of this module is to extend the current platform for clients that have multi site certifications, locations, branches etc.

Implementation Wizard.

Implementing conformatix is easy, however as it is daily business for us, we understand that it might not be the case for you but managing compliancy should be easy. Implementing and understanding the implications of how things should be setup for the first time can be confusing. So to embrace our own slogan, we strive to make it easier and even more comprehensive while decreasing the implementation time itself.