We've had a busy lead up the middle of the year, with the release of a number of useful new features. Users can now change the Owner of a Control Set, allocate alternative Control IDs, disable Comments, format Control Set and Assessment descriptions, create private records by default, and hide navigation bar icons.
Change the Owner of a Control Set
Expert Users can now change the Owner of a Control Set from one User (User A) to another User (User B). To do this, simply click on "Edit Control Set" and then select a new Owner. Note: if access to the Control Set is restricted (in the Access Management settings) and User B does not have access to the Control Set, they will still not have access to the Control Set even after they are made the Owner of the Control Set.
Alternative Control ID
Custom Controls are automatically allocated an ID, eg C1254 or C0979. When creating a Custom Control, an Expert User can now select its own Alternative Control ID, e.g. Banking61956. This is extremely useful where, for example, you wish to link a Custom Control to your organisation's policy document or internal control, and mapping the document in the list of Standards is not an option.
Disable Comments for Specific User types
In the Organisation Settings, Admin Users can now enable and disable comments for the following: Control Sets, Controls, Reports, Risks, and Incidents. Admin Users can completely enable/disable comments, or they can define the minimum User type who is allowed to add comments (e.g. an Admin User can say that only Expert Users and higher can add comments to Control Sets and Controls, but Business Users and higher (i.e. all Users) can add comments to all other items that they have access to).
Markdown support (formatting) in descriptions
When entering a description for a Control Set or an Assessment, you can now apply formatting, including:
> Quote one sentence
>>> Quote multiple sentences
4. Inline code:
`Format one word or one line`
```Format blocks of text```
By entering "-" or "*", for bullet points, or "1.", for a numbered list.
Private records by default
In Settings>>Manage Organisation>>General Settings, Admin Users can now select "New records are accessible to the creator only". This means that by default, access rights are limited to the creator of the record only. With the option selected, access rights will be automatically limited to the creator of the following records: Control Sets, Assessments, Campaigns, Reports and Risk Tags.
If the option is not selected, then the default access settings apply - i.e. access rights are not limited for any record.
Hide navigation bar icons
In "Manage Organisation", Admin Users can now enable and disable certain icons and/or limit specific icons to be visible by specific types of Users. For example, you could disable the Funnels icon if Funnels are not being used by your organisation (by deselecting Funnels); or you could make the Risk Management icon visible to only Expert Users; or you could even hide the Objects icon from all Business Users (by removing them from the list of User types).