Summary of Changes
Changes in detail
Secure File Evidence
We worked hard on providing a highly secure, resilient and comfortable feature to attach file evidence to Assessment responses. After a thorough analysis, we went with the top notch capabilities Amazon Web Services (AWS) have to offer for encryption and storage of confidential file data: Hardware Security Modules.
Technically in brief: Each Alyne customers gets an individual Master Key that lives inside a Hardware Security Module and cannot leave it - nobody knows the key, neither Alyne nor AWS. A separate blog post and a Technical Whitepaper will go into more detail.
- When a file is attached to an Assessment Response, the Hardware Security Module crafts an individual encryption key for that very file and encrypts it.
- Alyne does not know these individual encryption keys either. This is called envelope encryption.
- When downloading or deleting these encrypted files, the Alyne backend grants temporary credentials for using these encryption keys limited to the files requested.
- Each credential and download link in our web application is only valid for 15 minutes.
Access is only granted for the Alyne users that are either Expert users or Responders to the Assessment. A Responder cannot see or modify evidence of another Responder. Expert Users cannot delete evidence provided by a Responder.
Being technically complex, the user interface is super simple. As an responder you just click on the upload button of an Assessment response, select the files from your computer and you are all set. After an Assessment is closed you can still download files, but cannot delete them.
We offer each customer the choice between 12 locations around the world where these files should be encrypted and stored:
- Mumbai, India
- Tokyo, Japan
- Seoul, South Corea
- Sydney, Australia
- Frankfurt, Germany
- São Paulo, Brasil
- N. Virginia, US
- Ohio, US
- N. California, US
- Oregon, US
Alyne Secure Evidence is a paid addon, please get in contact.
Report status and sign-off
A customer asked for a status concept for Reports and we said yes. Reports can now be moved from status Draft to In Review to Signed off. These status changes by whom and when are logged in an audit history right at the report. It's easy, you just need to slide from status to status. When signed off, you cannot make any changes to the Report anymore.
Topic sort in Assessments
Another customer request was the ability to change the sort order of Assessment questions while setting up an Assessment. We implemented this in our Topic Navigator where you can move around questions topic-wise.
Alyne has had international customers right from the beginning. That's why we put emphasis on frictionless functionality of multi-language content such as Controls, Control Sets, Assessments, Funnels and more. In case you are very sure that one language will be enough you can enforce an organisation-wide language: Every user sees content in the same predefined language.
If you do not have the time to fill in titles and descriptions in any language offered in our interface, we now automatically fill up the language versions that have been left empty. This works now for Control Sets, Assessments, Funnels, Objects and to a fair degree for Controls.
Export of custom standards in Assessment response exports
Another customer request we followed: When exporting Assessment responses, custom standards mapped to your Assessment questions/Controls are included in the export as well. Needs only a check mark in the export popup.
Contracts quota/ limits
As we moved to subscription model, we of course would like to give you transparency about your current usage and the limits of your plan. Don't be afraid, we will be fair in interpreting if you exceeded your limit or not...
Explicit comment save button
We saw that in rare cases users can get confused in determining if a comment is already submitted or not. Comments are an essential part of Assessments and in the alynement of Controls and Control Sets. So we introduced subtle buttons and a mini confirmation.
- We fixed some rather annoying visual issues on Internet Explorer 11. For instance, Risk graphs tend to to flicker when hovered. No offense, but IE 11 does things differently sometimes.
- In a very limited set of views on Chrome and Safari, the user saw massive scrollbars. Looked stylish, but not our favourite choice. Chrome and Safari do scrollbars differently.
- We are now prohibiting sending empty comments. No need for it.
- We modified some screens in order to improved usability on very small screens or resolutions. No, I don't mean tablets or phones, but notebook screens. Screen real estate is a thin.
- In rare cases, we did not show the save button when you change target maturities while setting up Assessments. Made no sense. Fixed.
- We missed a translation in the org log. No big deal.
- We did not show the full Reactions view while viewing Control Favourites. Fixed.
Photocredit: markusspiske / photocase.de