Secure File Evidence, Report Status and some comfort enhancements

Secure File Evidence, Report Status and Sign-off, Topic Sort in Assessments and more.

Secure File Evidence

We worked hard on providing a highly secure, resilient and comfortable feature to attach file evidence to Assessment responses. After a thorough analysis, we went with the top notch capabilities Amazon Web Services (AWS) have to offer for encryption and storage of confidential file data: Hardware Security Modules.

Technically in brief: Each Alyne customers gets an individual Master Key that lives inside a Hardware Security Module and cannot leave it - nobody knows the key, neither Alyne nor AWS. A separate blog post and a Technical Whitepaper will go into more detail.

  • When a file is attached to an Assessment Response, the Hardware Security Module crafts an individual encryption key for that very file and encrypts it.
  • Alyne does not know these individual encryption keys either. This is called envelope encryption.
  • When downloading or deleting these encrypted files, the Alyne backend grants temporary credentials for using these encryption keys limited to the files requested.
  • Each credential and download link in our web application is only valid for 15 minutes.

Access is only granted for the Alyne users that are either Expert users or Responders to the Assessment. A Responder cannot see or modify evidence of another Responder. Expert Users cannot delete evidence provided by a Responder.

Being technically complex, the user interface is super simple. As an responder you just click on the upload button of an Assessment response, select the files from your computer and you are all set. After an Assessment is closed you can still download files, but cannot delete them.

We offer each customer the choice between 12 locations around the world where these files should be encrypted and stored:

  • Mumbai, India
  • Tokyo, Japan
  • Seoul, South Corea
  • Singapore
  • Sydney, Australia
  • Frankfurt, Germany
  • Ireland
  • São Paulo, Brasil
  • N. Virginia, US
  • Ohio, US
  • N. California, US
  • Oregon, US

Alyne Secure Evidence is a paid addon, please get in contact.

Report status and sign-off

A customer asked for a status concept for Reports and we said yes. Reports can now be moved from status Draft to In Review to Signed off. These status changes by whom and when are logged in an audit history right at the report. It's easy, you just need to slide from status to status. When signed off, you cannot make any changes to the Report anymore.

Topic sort in Assessments

Another customer request was the ability to change the sort order of Assessment questions while setting up an Assessment. We implemented this in our Topic Navigator where you can move around questions topic-wise.

Comfortable multi-language

Alyne has had international customers right from the beginning. That's why we put emphasis on frictionless functionality of multi-language content such as Controls, Control Sets, Assessments, Funnels and more. In case you are very sure that one language will be enough you can enforce an organisation-wide language: Every user sees content in the same predefined language.

If you do not have the time to fill in titles and descriptions in any language offered in our interface, we now automatically fill up the language versions that have been left empty. This works now for Control Sets, Assessments, Funnels, Objects and to a fair degree for Controls.

Export of custom standards in Assessment response exports

Another customer request we followed: When exporting Assessment responses, custom standards mapped to your Assessment questions/Controls are included in the export as well. Needs only a check mark in the export popup.

Contracts quota/ limits

As we moved to subscription model, we of course would like to give you transparency about your current usage and the limits of your plan. Don't be afraid, we will be fair in interpreting if you exceeded your limit or not...

Explicit comment save button

We saw that in rare cases users can get confused in determining if a comment is already submitted or not. Comments are an essential part of Assessments and in the alynement of Controls and Control Sets. So we introduced subtle buttons and a mini confirmation.


Bug Fixes

  • We fixed some rather annoying visual issues on Internet Explorer 11. For instance, Risk graphs tend to to flicker when hovered. No offense, but IE 11 does things differently sometimes.
  • In a very limited set of views on Chrome and Safari, the user saw massive scrollbars. Looked stylish, but not our favourite choice. Chrome and Safari do scrollbars differently.
  • We are now prohibiting sending empty comments. No need for it.
  • We modified some screens in order to improved usability on very small screens or resolutions. No, I don't mean tablets or phones, but notebook screens. Screen real estate is a thin.
  • In rare cases, we did not show the save button when you change target maturities while setting up Assessments. Made no sense. Fixed.
  • We missed a translation in the org log. No big deal.
  • We did not show the full Reactions view while viewing Control Favourites. Fixed.
PreviousNext
Manuel Reil

Related Posts

Blog thumbnail

Introducing Alyne’s Monte Carlo Simulation

Alyne's Monte Carlo Simulation capabilities enables Users to perform simulations in a matter of a seconds, across different organisational segments, on tens of thousands of risks.
Blog thumbnail

July New Features

This July, we have new and improved product features within Alyne that include Risk Versioning and Workflow, updates to Risk and Funnel Campaigns, Dynamic Assessments as Funnel triggers and a Risk Loss Potential Estimator.
Blog thumbnail

June New Features

Alyne's latest features includes improved user experience such as connecting Risk Tags with the Object Library and allowing Attachments for Mitigation Tasks. Users can also enjoy various file formats for export and many more product improvements.