Release Date |
Description |
December 2021 |
|
November 2021 |
|
October 2021 |
- We've added a Notes widget to the View Risk page. You can use the Notes widget to communicate information about your risks. For more information about viewing and editing your risks from the View Risk page, see our KCM GRC Risk Management: Risk Register article.
- We've added the Consensus Assessment Initiative Questionnaire (CAIQ) v4.0.2 questionnaire template to the Vendor Risk Management module.
-
We’ve released control guidance for our SSAE18 Trust Services Criteria managed template. This template is commonly used for customers preparing for their System and Organization Controls (SOC) 2 certification. KCM’s control guidance feature helps you create adequate controls so your organization can meet its requirements or other compliance efforts. To learn more about our control guidance, see these articles:
- We’ve improved the controls CSV export to include the control notes from your account. For details, please see the Exporting Controls section of our KCM GRC: How to Export Data in the Compliance Management Module.
- We've improved the scoped requirements CSV export to include the requirement notes from your account. For details, please see the Exporting Scoped Requirements section of our KCM GRC: How to Export Data in the Compliance Management Module.
- We’ve improved the tasks CSV export to include the task notes from your account. For details, please see the Exporting Tasks section of our KCM GRC: Data Exports Guide.
- We’ve improved the Risk Register CSV export to include affected asset details for your risks. To learn more, please see the Exporting Risks section of our KCM GRC: Risk Management: Risk Register article.
- We've improved the Create Control window when you create controls from scoped requirements. Now, you will see a full Create Control for Requirement page that includes the requirement's Requirement Details and Guidance, when applicable. For more information about creating controls, see our KCM GRC: Creating and Importing Controls article.
- The following new Managed Templates are now available. Contact your Customer Success Manager to have additional templates added to your account:
- CAIQ v4.0.2
- Web Content Accessibility Guidelines (WCAG) v2.1
|
September 2021 |
- Now, when you disable a user in your account, the user will be removed from the user groups that you've created for controls, when applicable. For more information about disabling users, please see the Disabling User Accounts and Transferring Responsibilities section of our KCM GRC: How to Create and Manage User Accounts article.
- When importing vendors into your account, we've made the following headers optional: mail_address, city, state, postal_code, country, phone, and status. Please see our KCM GRC: How Do I Import Vendors Into My Account With a CSV File? article for more information.
- If you have archived controls in your account that were previously mapped to risks in your risk register, as of September 13, 2021, you will notice a change in the residual risk score for these applicable risks. This is due to the following change:
- We resolved an issue where the residual risk score was not updating after a control was archived. Now, when you archive a control, all residual risk scores that were associated with an archived control will update. To learn more about risk scores, please see KCM GRC Risk Management: Risk Scoring.
- The following new Managed Templates are now available. Contact your Customer Success Manager to have additional templates added to your account:
- Customs Trade Partnership Against Terrorism - Consolidators v3.2020
- Customs Trade Partnership Against Terrorism - US Customs Brokers v3.2020
|
August 2021 |
- We've added an Affected Asset field to the risks in your Risk Register. Now, you can describe any assets that your risks may affect.
- We've added several Data Exports to your platform for the Policy Management module. To learn more, see KCM GRC: How to Export Data in the Policy Management Module.
- We've added the option to delete scope exports from your platform. For more information about deleting scope exports, please see the Creating and Downloading a Scope Export section of our KCM GRC: Scope Exports article.
- We've fixed the following report that you can find on your Metrics page: Compliance Report by User. To learn more about this report, please see the Additional Reports section of our Metrics Reports article.
- We added a Date Created column to the Risk Dashboard, and Risk Register, and View Risk pages. Now, you can sort your risks by how recently they were created. Please see KCM GRC Risk Management: Risk Register for more information about this column.
- We resolved an issue where the residual risk score was not updating after a control was deleted. Now, when you delete a control, all risk scores that are associated with the control will update. To learn more about risk scores, please see KCM GRC Risk Management: Risk Scoring.
- You can now automatically create a control using a scoped requirement’s name and description. See Creating Controls from Requirements to learn more about this new feature.
- Based on customer feedback, we improved the Risk Management module by removing the Risk ID column from the Risk Dashboard, Risk Register, and Risk Exports pages. To learn more about the Risk Management module, please see Risk Management Overview.
- The following updated Managed Templates are now available. Contact your Customer Success Manager to have additional templates added to your account:
- Bank Secrecy Act Examination Procedures v2014 to v2021
|
July 2021 |
- We resolved an issue where you were prompted to transfer responsibilities when disabling a Vendor User. You are no longer prompted to transfer responsibilities for the Vendor User user role. To learn more, see Disabling Users and Transferring Responsibilities.
- You can now send questionnaires to vendors when the Vendor Status is "Pending Approval". Previously, the Vendor Status had to be "Active" to send questionnaires. To learn more, please see Sending Vendor Questionnaires.
- The following updated Managed Templates are now available. Contact your Customer Success Manager to have additional templates added to your account:
- California Consumer Privacy Act Final Text v12.2020 to v3.2021
- IRS Publication 1075 v9.2016 to v8.2020
- OWASP v4.0 to v4.0.2 (all levels)
- Technology Risk Management Checklist Framework - Monetary Authority of Singapore v6.2013 to v1.2021
|
June 2021 |
- We've added several CSV exports to your platform. You can now export information about the scoped requirements, controls, and vendors that you've added to your account.
- We've also added the Data Exports page to your account. When you create a new CSV export, you will download the CSV file from the Data Exports page. To learn more, see our Data Exports Guide.
- The following updated Managed Templates are now available. Contact your Customer Success Manager to have additional templates added to your account:
- Australian Privacy Act v12.2018 to v2.2021
- Australian Government (ASD) Information Security Manual v3.2019 to v4.2021
- CIS Critical Security Controls (all groups) v7.1 to v8
- Cloud Computing Compliance Controls Catalogue v9.2017 to v2020
- Cloud Security Alliance - Cloud Controls Matrix v3.0.1 to v4.0.1
- Connecticut Insurance Data Security Law v7.2019 to v10.2020
- Secure Software Lifecycle Requirements and Assessment Procedures v1.0 to v1.1
- Singapore Personal Data Protection Act v11.2012 to v06.2021
- UK Cyber Security Essentials v2.1 to v2.2
- UK Ministry of Defense - Defense Standard 05-138 Issue 2 High Profile to UK Defence Cyber Protection Partnership v6.2020 High Profile
- UK Ministry of Defense - Defense Standard 05-138 Issue 2 Moderate Profile to UK Defence Cyber Protection Partnership v6.2020 Moderate Profile
- UK Ministry of Defense - Defense Standard 05-138 Issue 2 Low Profile to UK Defence Cyber Protection Partnership v6.2020 Low Profile
- VDA - Trusted Information Security Assessment Exchange (TISAX) v4.1.1 to v5.0.4
|
May 2021 |
- We've added Policy Templates under your Policy Management module! Visit the Policy Templates page to download templates and customize policies for your organization. To learn more, see KCM GRC: Policy Templates.
- In addition to KCM GRC's policy templates, our customers are eligible for a 25% discount when purchasing the Altius IT Policy Collection. See the Policy Templates page in your account to learn more.
- We've added two new Standardized Information Gathering (SIG) questionnaire templates for you to use when creating a questionnaire in your Vendor Risk Management module:
- 2021 SIG Core
- 2021 SIG Lite
Please note, KCM GRC pre-defines the "correct" answers for the questions in our questionnaire templates. The KCM GRC system has defined "N/A" as the correct answer for questions in both SIG 2021 templates:
- There are 37 N/A answers in 2021 SIG Core.
- There are 23 N/A answers in 2021 SIG Lite.
Please refer to this guide to learn more about these questions and why KCM GRC has defined N/A as the correct answer.
|
April 2021 |
- We've made enhancements to our scope export feature. Now, each scope that you export will include all of its requirements and the controls that they are mapped to. For more information please see our Scope Exports article.
- Previously, scope exports only contained the requirements and controls where one or more tasks had been created for the control.
|
March 2021 |
- We've improved scope exports by adding task names to the folders that contain evidence files, within your scope export folder. To learn more see the Understanding the File Structure section of our Scope Exports article.
- The following updated Managed Templates are now available. Contact your Customer Success Manager to have additional templates added to your account:
- FedRAMP High Baseline Controls v8.2018 to v6.2020
- FedRAMP Moderate Baseline Controls v8.2018 to v6.2020
- FedRAMP Low Baseline Controls v8.2018 to v6.2020
- FedRAMP LI-SaaS Baseline Controls v8.2018 to v6.2020
- Standardized Information Gathering (SIG) Core Full v2020 to v2021
|
February 2021 |
- The following new Managed Templates are now available. Contact your Customer Success Manager to have additional templates added to your account:
- NIST 800-53 High Baseline Rev 5
- NIST 800-53 Moderate Baseline Rev 5
- NIST 800-53 Low Baseline Rev 5
- NIST 800-53 Privacy Baseline Rev 5
|
January 2021 |
- We've added a robust guide to our knowledge base for your users who are assigned to approve tasks for controls: Monitoring and Approving Tasks (a Guide for Approving Managers). This guide will explain the following for users who are assigned to a task as an Approving Manager, Second-level Approving Manager, or Group Lead:
- How do I know if I need to approve a task?
- How do I monitor my upcoming tasks?
- How do I navigate my account?
- Understanding task requirements
- Reviewing evidence and approving tasks
- As of January 15, 2021, the 192.254.121.248 IP address is no longer being used to send emails from the KCM GRC platform. If you have whitelisted notifications from KCM GRC, please see our Whitelisting Notifications from KCM GRC article for the latest whitelisting information.
- We've added a Templates column to the Map Requirement to Scope window (click to view example). When a new version of a managed template is released, this column can simplify the process of updating your scope.
- The following new Managed Templates are now available. Contact your Customer Success Manager to have additional templates added to your account:
- NERC CIP Cyber Security — BES Cyber System Categorization CIP-002-5.1a
- NERC CIP Cyber Security — Security Management Controls CIP-003-8
- NERC CIP Cyber Security — Personnel & Training CIP-004-6
- NERC CIP Cyber Security — Electronic Security Perimeters CIP-005-6
- NERC CIP Cyber Security — Physical Security of BES Cyber Systems CIP-006-6
- NERC CIP Cyber Security — Systems Security Management CIP-007-6
- NERC CIP Cyber Security — Incident Reporting and Response Planning CIP-008-6
- NERC CIP Cyber Security — Recovery Plans for BES Cyber Systems CIP-009-6
- NERC CIP Cyber Security — Configuration Change Management and Vulnerability Assessments CIP-010-3
- NERC CIP Cyber Security — Information Protection CIP-011-2
- NERC CIP Cyber Security — Supply Chain Risk Management CIP-013-1
- NERC CIP Physical Security CIP-014-2
- Payment Application Data Security Standard
- Standardized Information Gathering (SIG) Core Full v2020
- The following updated Managed Templates are now available. Contact your Customer Success Manager to have additional templates added to your account:
- Secure Controls Framework v2020.3 to v2021.1
|
Comments
0 comments
Article is closed for comments.