Release Notes - 2024-APR-25
Improved
Simplified help menu
Removed the Need Help? button from the top of the Hyperproof user interface.
Labeled the primary Help button as Help. It launches a drop-down list of links to the release notes, Help Center, Hyperproof community, training, and general Hyperproof information.
Made the video content that was previously available in the Need Help? window available in the Help Center. See Video tutorials.
Proof preview
Added the ability to zoom in on a proof PDF in the proof viewer.
Added the option to expand the proof preview window to full screen using the expand icon in the upper right corner of the window. Press ESC to exit full screen.
See the Zoom in on proof pulled from Hypersync idea in the Ideas portal.
Access reviews - Managed rollout
Added support for Hypersyncs based on Finch-powered services. This adds 24 new applications to the access review automated user import feature, including Workday and Rippling. See HR / Payroll apps proof types and permissions for a list of the supported applications.
Email notifications
Improved handling of rich text formatting, such as better rendering of bulleted lists. (Case # 00008255)
Added the name of the user whose action initiated the email in email From addresses. For example, when @mentioning another user in a comment on the Activity Feed, the from address in the resulting email is
{User} via Hyperproof <noreply@hyperproof.io>.
Added due dates in task email Subject lines to assist in email triage. For example, due dates are included on task assignment notification emails.
See What will I see in Hyperproof email notifications? for more information.
Proof roles and permissions
Proof contributors can now edit proof names and upload new versions of proof. Based on customer feedback, this change allows users with the Contributor role to rename/update proof files submitted by task assignees as needed. (Case # 00008347)
If you have direct members on proof who are contributors and you'd like to make sure they can't edit the proof, you can switch their object permissions to the recently introduced Viewer role.
If you have program, control, and label contributors who inherit contributor access on the proof and you don't want them to edit the proof, consider switching their role on the parent object to Viewer.
Scopes import
Existing scopes on controls can be edited by importing an updated CSV.
Hypersyncs and integrations
ServiceNow task integration is now available for all Enterprise plan customers! Streamline compliance workflows with a seamless bi-directional task synchronization, ensuring that compliance end-users can manage ServiceNow tasks efficiently within Hyperproof. See Hyperproof and ServiceNow. Updates include:
Added the ability to edit and track comment edits in Hyperproof.
Synchronized the due date field and due date changes.
Updated the status settings language for clarity.
Removed the TAGS field from the task creation workflow.
Added spinners to indicate activity while loading data.
See the Tasks: ServiceNow task integration idea in the Ideas portal.
Improved Asana task integration by adding the option to filter projects by team. (Case # 00008226)
See the Tasks:Asana: Filter Project by Team idea in the Ideas portal.
Program frameworks
IEC 62443 4-1:2018 and 4-2:2019 is now available as a program - IEC 62443 4-1 and 4-2 are international standards series designed to secure industrial communication networks and systems. IEC 62443 4-1 focuses on secure product development lifecycle requirements. It outlines practices and procedures for developing and maintaining secure products, addressing aspects from specification and design to maintenance. IEC 62443 4-2 deals with technical security requirements for industrial automation and control systems components. It specifies how to secure components against unauthorized access and misuse, thereby ensuring the resilience and integrity of industrial operations. Together, these standards provide a framework for enhancing the cybersecurity of industrial environments.
Users of this framework must purchase a separate content license for this framework from the IEC website. Note that there is a checkbox in Hyperproof to confirm that you have a license. The IEC does not provide a distribution license and Hyperproof's license does not extend to our customers.
Includes controls as restatements of the requirements.
Includes crosswalk/ jumpstart based on the SCF dataset for 4-2. 4-1 is not crosswalked.
Does not include 62443 1-x, 2-x, or 3-x. These standards should be set up as custom programs.
See the Request for ISA/IEC 62443 idea in the Ideas portal.
ISO 42001 AI Management System is now available! ISO/IEC 42001 is an international standard that provides a framework for organizations to manage the ethical development, deployment, and governance of Artificial Intelligence (AI) systems. It details mandatory clauses and control requirements aimed at ensuring AI systems are developed and utilized in a manner that considers ethical implications, bias, transparency, and accountability. The standard includes guidance on organizational context analysis, stakeholder engagement, AI policy formulation, risk assessment processes, and internal audit mechanisms. Annex A of the standard further elaborates on specific requirements for AI system development and usage, covering aspects such as policies, resources, impact assessments, and data management. ISO 42001's applicability is intended for various industries and organizations aiming to adhere to responsible AI practices.
Includes controls, which are from 42001 Annex B; this is Annex A controls + supplemental guidance
Includes a crosswalk and can be jumpstarted.
The Israeli Protection of Privacy Law and Regulations is now available as a program - The Israeli privacy laws, particularly those from 1981 (Protection of Privacy Law, 5741-1981), 2001 (Regulations Under the Protection of Privacy Law, 5761-2001), 2017 (Protection of Privacy Law Amendment, 5777-2017), and 2023 (further amendments in 5783-2023), establish a robust legal framework designed to protect the privacy and personal data of individuals. The 1981 law laid the foundation, establishing basic privacy rights and creating the framework for data protection, which prohibits the misuse or unauthorized sharing of personal data. Subsequent amendments and regulations, such as those in 2001, have updated the law to include specific guidelines on data security and the responsibilities of data controllers, adapting to technological advances. The 2017 amendment further tightened data security requirements, introducing obligations for notification of data breaches. Most recently, the 2023 amendments have focused on enhancing transparency and granting individuals greater control over their personal data, reflecting global trends towards stronger data protection and privacy rights.
Includes controls as combinations of requirements (a system of regulations and laws)
Does not include crosswalk (this can be done upon request)
See the Add Framework EMEA idea in the Ideas portal.
FedRAMP rev. 5 parts and parameters, and SSP report, have now been fully updated - We've been working to align the parts and parameters of the FedRAMP rev. 5 program to exactly match the FedRAMP SSP report; this work is now completed and all clients have had the changes made directly to their programs.
Additionally, we've updated the SSP report ("Appendix A") to match the FedRAMP template.
Customers/Partners with Active rev. 5 programs were notified of this change via email over this past four weeks.
No further changes are planned at this time.
NIST CSF 2.0 is LIVE!
Hyperproof offers two versions: template controls based on the NIST CSF 2.0 sub-categories and template controls derived from NIST 800-53 rev. 5.
Includes a Framework Update map for any organization currently using NIST CSF 1.1 that would like to migrate their existing controls to this latest version
The framework is crosswalked based on SCF's 2024.1 crosswalk map.
StateRAMP rev. 5 is now available as a program - StateRAMP, short for State Risk and Authorization Management Program, is a security framework designed to enhance cloud cybersecurity across state and local government entities in the United States. It is based on the NIST 800-53, Rev. 5 standards, which are comprehensive guidelines that include best practice controls and sub-controls for cybersecurity. StateRAMP provides a structured pathway for service providers to demonstrate their compliance with rigorous security requirements through assessments conducted by Third Party Assessment Organizations (3PAOs). The program emphasizes continuous monitoring and includes a Security Snapshot feature that offers a less exhaustive, yet strategic assessment of a service provider's security posture against the NIST standards.
Includes controls from NIST 800-53 rev. 5, with StateRAMP guidance
Important: The control Id's now match NIST 800-53 and FedRAMP programs. This means that the system will automatically link any controls from FedRAMP/NIST 800-53 to StateRAMP and vice versa. Please contact your CSM if this is an issue!
Includes crosswalks
Because this framework has baselines (low and moderate), there is no framework update functionality. If this is something that would be valuable, vote for the Framework updates for all programs, including FedRAMP, SOC 2, CMMC idea for future iterations
Addressed issues
Fixed an issue where optional user fields on issues didn’t have an unassigned choice allowing you to remove an executive sponsor or a business owner. (Case # 00006053)
Fixed an issue where users couldn’t access Hyperproof or the page was blank when using the Safari browser. (Case # 00008154, 00008190)
Fixed an issue where Asana attachments were not syncing to Hyperproof if Asana had a rule to move tasks to a different area. (Case # 00008119)
Fixed an issue with the for Hypersync Qualsys where multiple proof types could not be collected due to a change in the Qualsys API. (Case # 00008215)
Fixed an issue with the proof preview display being blurry. (Case # 00008184)
Fixed an issue where uploading a custom logo for a program overwrote the organization icon. (Case # 00008242, 00008291)
Fixed an issue where control descriptions could not be edited from the Grid view. A blank page opened instead of an inline edit field. (Case # 00008254, 00008262)
Fixed an issue with the format of bulleted lists in task assignment emails. (Case # 00008255)
Fixed an issue connecting with the Hypersync for Wiz where errors similar to the following were generated: Unable to collect and/or import proofright now. Cannot read properties of null (reading 'users'). (Case # 00008250)
Fixed an issue in the proof viewer where attempting to select a different version of proof from the versions drop-down list caused the proof viewer to close. (Case # 00008252)
Fixed an issue in the Risk module where filtering by custom fields was not available. (Case # 00008292)
Improved Jira Task Integration performance and error handling when connecting to a Jira instance with a large number of Jira projects. (Case # 00008211)
Fixed an issue where proof was being downloaded as HTML.txt files, which were unusable. (Case # 00008315, 00008318)
Fixed an issue where some IP addresses were being blocked when attempting to access Hyperproof and an error similar to the following was generated: RBAC: access denied. (Case # 00008237, 00008240, 00008303)
Fixed an issue where communication errors were generated while configuring the Hypersync for Salesforce and for a Salesforce report by name. Errors were similar to the following: There was an unexpected error communicating with Salesforce. (Case # 00008322)
Fixed an issue where some users couldn’t use the Jumpstart feature from a SOC 2 program. (Case # 00008290)
Fixed an issue where configuring the Hypersync for AWS didn’t return proof and generated errors when using the S3 lifecycle buckets and selecting an individual bucket or all buckets. (Case # 00008379)
Fixed an issue where some users received an error message when accessing evaluations. (Case # 00008269)