All ideas

In product's roadmap will there be interactions between IT Risk and IT Compliance Modules. For eg: Failure of a control and the creation of an issue in the IT compliance module does not change the Risk score in the IT Risk module. As this is suppo...

Very often customers have threat data they want to upload/use, but do not have a threat vector defined for them. Can we make this field optional, or perhaps add values of Other or TBD.

Raiffeisen as part of it's use-case testing would like to • Identify risks which aren’t covered by any control• Identify assets which are not affected by a dedicated risk I tried Orphans - but the Assets are related to the Orgs and the Risks relat...

Want to be able to define and track KRIs for Threats and Vulnerabilities

Adidas would like the Evidence Management (Project) to have a recurring Frequency - this can be useful for evidence that needs to be gathered once a quarter or once a year for example - they can then setup the project just once and the request rec...

Adding all vulnerability detail pulled from tenable or other connectors to Vulnerability scan results report Otherwise, provide different reports for different connectors

PIF use Tenable as Connector and we should pull Asset Library data from the connector only and to create GRC library - Asset for it like UCF instead of asking users to create asset in GRC library as well

Adding Vilnerability Ageing to the Rule Wizard and Calculate & Fetch the First Identified Date and Last Scanned date from tenable-to configure the automation for items that are not compliant as per the risk appetite Customer use Tenable ...

There should be an import status progress report The object levels should be added to Framework Referece object Imported Questions and Procedures should be mapped to the respective controls

If there are more number of questions in assessment secion, when assessor click on response then customer need to know for which question, they need to provide response.