Changelog

February 2024

Assessments

A new risk level of Low-High (10) was added to fine-tune the scoring of our Assessment report questions.

Content

The Personal Information Protection and Electronic Documents Act (PIPEDA), a Canadian data privacy and security framework was added to our Catagories library. If you want to add it to your account, please contact us at support@complyassistant.com or submit a ticket from the Knowledge Base.

The Health Industry Cybersecurity Practices (HICP) framework 2023 updates have been captured in updated Question Libraries available to our clients for Small, Medium, and Large organizations. If you want to add it to your account, please contact us at support@complyassistant.com or submit a ticket from the Knowledge Base.

Contracts and Documentation

Version control has been added to the Contracts and Documentation functions.

DocuSign

ComplyAssistant has partnered with DocuSign to bring our clients the ability to request and review signatures through ComplyAssistant’s Contracts function. For additional information on how to set up the DocuSign integration, please refer to our DocuSign Integration Setup Guide through ComplyAssistant’s Knowledge Base.

June 2023

Risk Register

A search option has been added to the Control and Threat Libraries under Account Settings.

The Threat description now appears on Exports and the Risk Register’s main page when hovering over a Threat with a corresponding description.

An Activity Log will be populated for all Risk Register revisions. This process will occur automatically each time a Control or Threat is updated.

Account Settings

If a logo has been added to an account, it will appear at the top of email notifications.

An Authenticator App can now be used for ComplyAssistant’s two-factor authentication verification. Users can locate their unique QR code within their profile page.

Threat types have been added to the Dynamic Fields section of Account Settings. You will now have the ability to Add/Edit/Delete Threat types in one location.

SMS consent has been added to the User’s profile.

Password Update

In recent months, NIST has changed its stance on password requirements. NIST now recommends using long passwords/passphrases instead of requiring frequent resets. Frequent password resets have been shown to be ineffective and actually make passwords less secure. A study by Microsoft found that users who were required to reset their passwords frequently were more likely to use weak passwords and reuse them across multiple accounts.

ComplyAssistant’s password requirements will be changed on June 1, 2023, to align with the latest NIST password guidance:

  • The password reset requirement option will be removed
  • Passwords will have a minimum of 8 characters with a maximum of 64 characters
  • 1 upper case, 1 lowercase, 1 number

For additional information on NIST’s password guidelines, please view NIST 800-63B.

Assessments

Labels have been added to Assessment PDF exports.

Contracts

Contract types show the older versions of the Contract.

A Contract Owner filter has been added.

Documentation

All Related Documents from a Document record will be copied over to the new version of a Document by default.

February 2023

Assessments

Previous answer columns have been added to Excel and CSV exports allowing for comparison between the assessment answerings.

Documentation

Version control has been added to match the workflow of Contract Management.

Risk Register

Additional updates have been made to the Risk Register based on feedback from December’s 2022 Lunch and Learn. Click here to watch the recording.

Regulation Management

A new export to PDF action button has been added to each location under Regulation Management. The detailed information entered into each rule section (for the location) will be included in a structured PDF.

Categories

The SAFER Guides Category and Question Library has been updated to the most recent version provided by HealthIT.gov. If you are interested in adding it to your account, please contact us at support@complyassistant.com or submit a ticket from the Knowledge Base.

October 2022

Risk Register

ComplyAssistant Threats have been automatically mapped to Controls across the platform for easier set-up.

A select-all checkbox has been added to the Threats and Controls modal.

Controls and Threats have been added to the Account Settings menu. Under this menu, users have the option to upload a custom set of Controls and Threats for use in the Risk Register.

A Lunch and Learn session will be scheduled for October or November 2022. All of our client contacts will receive an invite to the webinar.

Categories

We have added the following categories to ComplyAssistant. If you are interested in adding it to your, please contact us at support@complyassistant.com or submit a ticket from the Knowledge Base.

  • PCI DSS v4.0
  • Requirements for States and Long Term Care Facilities, Physical environment – ASHE-K-Tag-Crosswalk
  • CIS 8.0
  • CMMC 2.0

June 2022

Risk Register

The second version of ComplyAssistant’s Risk Register was released on June 1, 2022. If you are a current client and do not have access to the Risk Register, please contact support@complyassistant.com to request access. A summary of the updates is listed below:

  • A console to manage Controls was added to the landing page
  • The overall management of controls and threats can now be accomplished through Account Settings
  • Inherent impact and likelihood were added to the Risk Register export
Events

The incident graph now reflects all types.

Assessments

Exports to PDF from the Assessment definition level now include a legend to highlight answer selections.

Third Parties and Contacts

The third part import template Add default assessment frequencies within the third party import template.

Categories

We have added the following categories to ComplyAssistant. If you are interested in adding any of these to your account, please contact us at support@complyassistant.com or submit a ticket from the Knowledge Base.

  • Operational Continuity – Cyber Incident (OCCI)

February 2022

Events

A closing status option (substantiated/unsubstantiated) has been added to all Event records.

The breach questionnaire, which was once triggered by an Event Type of Incident and a Category of HIPAA, can now be launched with an input field entitled “Potential breach” on the Event form. Select Yes to deploy the questionnaire and No to keep the questionnaire hidden.

Events API

An API to create events programmatically has been added.

Assessments

The Assessment landing page will now include completions.

The Assessment landing page includes a visual representation breakdown of the location answers.

All Published assessments (regardless of the number of questions answered) are considered complete with regards to reassessment.

Customize Risk Definitions and Graph colors when creating an Assessment definition.

Question Libraries

Ability to add default answers to survey questions, which allows for faster completion of an assessment where the same answer applies across multiple questions.

Third Parties and Contacts

Ability to set the default assessment frequency in the third party import tool.

Regulation Management

Display the full citation of regulations when items are related to regulation management framework sections. For example, a Document record will show the full citation not just the level attached (organization→facility→department).

Mobile Web Application

A foundation to make the web application functional in a mobile web browser (responsive) has started and is coming soon.

Categories

We have added the following categories to ComplyAssistant. If you are interested in adding any of these to your account, please contact us at support@complyassistant.com or submit a ticket from the Knowledge Base.

  • Federal Information Security Management Act (FISMA)
  • NIST 800-53 Rev. 5
  • NY Hero Act

May 2021

Risk Register

Version one of ComplyAssistant’s Risk Register function was deployed. If you would like additional information on how to review and test this function, please contact support@complyassistant.com and/or refer to our webpage.

Assessments

Assessment answering attachments have been redesigned for an improved user experience. Select the Manage Attachments icon to prompt the attachments model.

The Assessment Report’s Export Summary PDF has now includes the Assessment Description.

The Assessment Report’s full version Export to PDF now includes a Risk Level and Compliance Level section.

Account Settings

Group settings have been updated in the following ways:

  • Limited rights and dynamic content have been moved from the user creation form to Groups
  • Locations rights have been added to the user creation form and also remain in Groups
Events

A filter for Notification Date has been added to the Events Dashboard.

Regulatory Content

The Health Information Cybersecurity Practices (HICP) Final Rule hierarchy and corresponding Question Library are now available in ComplyAssistant upon request. In addition to the HICP Question Library, ComplyAssistant’s Risk Register will include HICP’s five risks and ten best practices.

ComplyAssistant along with our partners have created an Information Blocking Decision Tree. Information Blocking will not be enforced until 2022 but investigating the rule will be vital to your organization. Please contact us at support@complyassistant.com for more information.

November 2020

Login Settings

An option for two-factor authentication was added under Login Settings.

Two factor authentication

Groups

The Read option under Groups has been made customizable as opposed to mandatory for a selected function.

ComplyAssistant Groups

Question Libraries

When setting up a Question Library you have the option to include a custom/reusable set of multiple choice answers. Once you submit the customized set of answers within your question, those answers will be populated within the current Question Library if multiple choice is selected again.

Multiple choice re-use

You have the ability to add guidance to all questions within a Question Library but, we have added the option to include checklist items for this guidance as well. To submit guidance for multiple answer choices, complete the guidance and checklist items for one answer choice, and Submit the information. You can then choose to add guidance and checklist items for another answer choice using the interface below.

ComplyAssistant add guidance checklist items ComplyAssistant guidance checklist items

Categories

Compliance level percentages have been added to assist in the breakdown of each assigned level.

Compliance level percentages

Assessments

When creating a Task from an Assessment report’s answer, the question number will display within the “Related to:” task field.

GRC Software screenshot

PDF Exports

Reports exported to PDF will display the filters chosen at the top of the page. An example of a filtered Task list is PDF export shown below.

GRC Software screenshot

May 2020

Events

The Events function breach workflow has been updated to include recent additions from the OCR’s Breach Portal. You will notice several updates both within our standard fields and the Breach Questionnaire.

A Breach Status filter has been added to the Events function to easily identify Potential, Incomplete, and/or Complete Breaches.

Filter names have been added to the Events function export to PDF. All selected filters displayed at the top of the PDF.

The Substitute Notice and Media Notice options have been given a date field for increased tracking of their distribution. To enter a date, you must select “Yes” for the field to appear.

Categories

We have added the following categories to ComplyAssistant. If you are interested in adding any of these to your account, please contact us at support@complyassistant.com or submit a ticket from the Knowledge Base.

  • CIS v7.1
  • CMMC
  • GDPR
  • Mitre PRE-ATT&CK
  • Mitre Enterprise
  • SOC 2

April 2020

Account Settings

SAML Single Sign-on (SSO) with user provisioning is available for all ComplyAssistant accounts. To set up your Identity Provider, select Account Settings and click the SSO option.

GRC Software screenshot

Assessments

Assessment questions can now be answered in any order when accessed through the Assessment report.

GRC Software screenshot

Documentation

When creating a new document, you will have the ability to add custom Document Types to your organization’s picklist.

GRC Software screenshot

Within Documentation, you have the ability to archive outdated documents but keep them for reference. These archived documents are notated with an icon under the Status column and can easily be located with the new Archived filter.

GRC Software screenshot

Events

When creating an Event Task, Priorities can now be chosen. In the past, Event Tasks inherited the Priority of the Event.

GRC Software screenshot

Breach Type and Breach Location filters have been added to the Events landing page.

GRC Software screenshot

Question Libraries

In addition to the standard set of Answer Types available when creating a Question Library, you now have the ability to implement a custom set of Multiple Choice answers. To create your custom set of answer choices, select the Multiple Choice answer type, and enter your answer choices on any question. Once the question is submitted, your answer options automatically populate when Multiple Choice is selected again.

GRC Software screenshot

March 2020

Categories & Libraries

We have added the following categories and question libraries to ComplyAssistant. If you are interested in adding any of these to your account, please contact us at support@complyassistant.com or submit a ticket from the Knowledge Base.

Categories:

  • NIST 800-171A
  • NIST 800-171r2
  • NIST Privacy Framework v1.0
  • COVID-19

Question Libraries:

Assessments

When reviewing an assessment in consecutive years, the previous years’ response will appear when clicking the history icon near the answer on the Assessment Report. This summary will include the previous answer, risk rating, and documented evidence finding.

GRC Software screenshot

When answering a question from the Assessment Report, all standard navigation options on the question/answer interface (Back, Skip, and Next) will be present for the user.

GRC Software screenshot

An Unassigned filter has been added for Evidence Documentation and Risk Level on the Assessment Report.

GRC Software screenshot

Audits

Walkthrough statements are shown on the Task index page when assigned from a statement on the Audit report.

GRC Software screenshot

ComplyAssistant Mobile

Version 1.7 of ComplyAssistant Mobile is available for all users. Please update to the latest version through the App Store or Google Play if you have not already done so.

Documentation

ComplyAssistant has added a Documentation Picker to areas of the software where a document can be uploaded. This upgraded functionality will allow users to upload a new document and/or select from documents that have already been uploaded.

GRC Software screenshot

Sub Accounts

An Admin user at the parent account level will now only need to credential into the parent account to access all sub-accounts. Select the correct URL from the parent account and the sub-account will open to the Dashboard.

GRC Software screenshot

2019 End of Year Summary

Audits

The Audits function landing page will now display Audit Reports with their associated identification number and corresponding attachment total. The attachment column will also include statement images from ComplyAssistant’s mobile application.

GRC Software screenshot

A summary of Audit locations has been added to the Audit Report page.

GRC Software screenshot

Tasks

All line spaces in the task description field will be respected once submitted. Previously, line spaces were negated when viewing the task outside of the edit function.

The bottom right task model has been added to all the main pages where tasks can be created.

GRC Software screenshot

Documentation

An archive filter has been added to the Documentation function to properly search for archived files.

GRC Software screenshot

Assessments

The Assessments question and answer interface now allows users to create Tasks associated with a question.

GRC Software screenshot

Add comments to the Assessments question and answer interface. These comments are then synced to their corresponding number on the Assessment report.

GRC Software screenshot

Regulation Management

Compliance and risk level scores are now averaged at the non-risk manageable levels for an increased summary view.

The Compliance Level filter has been updated to highlight gaps instead of conformities.

GRC Software screenshot

Dashboard

The Sub Accounts tab on the dashboard has been updated to prioritize creating, finding, and launching accounts.

GRC Software screenshot

Account Settings

An improved sub-accounts user interface

GRC Software screenshot

Added ability to manage Sub-Account users and permissions (e.g. Audit Templates, Categories, Functions, Question Libraries, and Project Templates) inherited from the parent account. Users can locate this screen by selecting the Sub Account name from the landing page above.

GRC Software screenshot

Added deactivation of Sub-Accounts.

GRC Software screenshot

Events

A filter for Event Source has been added.

GRC Software screenshot

A Breach Indicator has been added to the Events show page.

GRC Software screenshot

Close and Open Events from the Events show page as opposed to the Events Edit page.

GRC Software screenshot

July 2019

Assessments

The Assessments function has been completely refreshed to provide improved workflow for the user.

GRC Software screenshot

Content

For all PCI users, we have updated PCI DSS from version 3.2 to 3.2.1. You should see this version update reflected in your account.

Account Settings

The Locations section of Account Settings has been enhanced to provide a better look and feel for the user. The original organizational graphics were replaced with an organizational tree for an easier view into your locations (see below).

GRC Software screenshot

ComplyAssistant’s visual update was accompanied by a technical one that includes the ability to Deactivate unused/closed locations. This functionality is available by selecting one of the locations from the organizational tree and choosing the Deactivate option (see below). Once a location has been Deactivated, you will no longer be able to assign items to these locations within your account but the integrity of your previous use of that location will remain intact. If you would like to reactivate a location after it has been Deactivated, follow the same process, and select the Activate option.

GRC Software screenshot

June 2019

Dashboard

The Dashboard’s sub-account tab functionality has been enhanced with the ability to create new sub-accounts.

GRC Software screenshot

Audits / ComplyAssistant Mobile

The Audit report’s dashboard has been refreshed for improved user experience.

Audit report exports to PDF have been updated to include a department column and supporting photographs. Easily identify your selected statement, department, and corresponding picture on an exportable PDF.

The Mobile application user interface has been updated to hold your previous spot in the checklist after interacting with a statement. Conformity and exception-based audits should both become more efficient.

GRC Software screenshot

Events

Event types are now customizable by the user. In addition to the Complaint, Issue, and Incident event types, you can now add as many event types as your organization requires.

GRC Software screenshot

April 2019

Audits / ComplyAssistant Mobile

Picture taking capability has been added to ComplyAssistant Mobile’s functionality. Your application will utilize the camera on your mobile device to take real-time photographs once a statement has been chosen for answering. Don’t worry, no photos are stored on your mobile device after the walkthrough has been submitted to ComplyAssistant’s web application. Our second ComplyAssistant Mobile update should reduce the amount of time needed to work through your statements. Once a statement is selected, answered, and noted, ComplyAssistant will take you back to the position in your checklist where you left off, not bring you back to the top of your statement list.

Audit report exports now include departments to easily identify the final location of your findings. The Audits dashboard has been updated to include new visualizations of conformities and exceptions identified within a report.

grc software screenshot

Events

The Event function’s Breach Questionnaire now includes a scoring system for all four Low Probability of Compromise questions. ComplyAssistant will add up your breach score for these questions and give an overall recommendation for answering the questionnaire’s final inquiry, “Taking into consideration the LOW PROBABILITY SCORE and any other important facts and circumstances surrounding the Breach, it is likely that the Breach would present a “low probability” that the PHI is or will be compromised?”

GRC Software screenshot

March 2019

Dashboard

The dashboard has been completely updated with new graph styling for each function. We have recognized the need for exception management within our Dashboard graphs and completed our redesign with this in mind.

Regulation Management Dashboard

Contract Management

The ability to assign multiple locations to a contract is now available within Contract Management.

Filtering

A “Select All” choice is now available under the Category and Sub Category filtering options.

Audits / ComplyAssistant Mobile

A new version of ComplyAssistant Mobile has been released. Make sure to complete the application update on all Android and iPhone devices.

The audit report graph entitled “Findings by type” has been duplicated at the audit definition level to provide a roll-up of information across audit report findings. This graph will update when its corresponding filters are chosen.

Regulation Management

Regulation progress indicators have been added to the regulation management graphs on the dashboard.

February 2019

Dashboard

Regulation Management graphs have been refreshed to display the overall Risk and Compliance Level for each active Category within your account.

Regulation Management Dashboard

Regulation Management

The landing page for Regulation Management has been updated to display all active locations within a Category. Each location graph breaks down the overall status of completion, Compliance Level, and Risk Level. To drill down further into these locations, select the location name.

In addition to the updated graphs, a new feature was added to the top right section of the Regulation Management landing page entitled, “New Regulation Management.” This new feature allows the user to start managing a new regulation without leaving the page.

Lastly, all risk ratable notation sections within each Category have been reformatted. The update should make for better user experience when documenting the various rule sections of each Category.

Regulation Management Software

January 2019

Regulation Management

The Risk Management function received several updates before the end of 2018 starting with its name. Since factors other than risk are managed within the function, Risk Management was renamed Regulation Management. Along with the name change, several user interface enhancements were made including, but not limited to, the elimination of Category/Location selection, new graphs to illustrate risk/compliance level and overall Category management progress, and the redesign of Action Buttons within a Category section drill-down. Screenshots are placed below for visual reference.

Regulation Management Software Regulation Management Software

Documentation

Documents saved throughout the application now have the option to link with multiple Regulation Categories and sub-sections. This enhancement is most easily seen when editing an item from the Documentation function.

Events

An Event ID number has been added to all Events within the application. The ID can be seen from the Events dashboard and when selecting an individual Event.

Audits / ComplyAssistant Mobile

ComplyAssistant Mobile’s Instruction Manual is available for your reference by Clicking Here.