Release Notes - 2025-JUN-12
Added
Policy
Added support for bulk importing a policy list. Bring your existing list of policies into the Policy module with our new import feature! Don't have the Policy module yet? Contact your Customer Success Manager and/or Account Manager for more details.
See the Ability to link/unlink policies from controls in bulk idea in the Ideas portal.
See the help center article for more information.
Tracking a bunch of policies using labels today? Export them to CSV and import them right into the Policy module.
Policy templates are now available for download in the Help Center.
See Policy templates in the Help Center for more information.
Automated testing
Added support for testing data from any system or process that can produce a CSV file.
Testing is no longer limited to just Hypersync sources! Upload CSV files manually, use the API, or use LiveSync to pull CSV files from a cloud storage app.
See the Testable CSV proof idea in the Ideas portal.
Expandable linked controls column
Added the ability to expand the column width on the 'Linked controls' table within a risk.
See the idea in the Ideas portal.
Groups and issues
Added ability for groups to be assigned to issues. This update is accompanied by all expected notifications and Activity Feed messages related to issue assignment.
See the Assigning multiple owners to an issue idea in the Ideas portal.
See Assigning a group to an object for more information.
Export update
Added support for the 'Roles' column when exporting users from Hyperproof.
Audits
Added support for editing audit membership roles while in Grid view.
See Editing user roles in an audit for more information.
Improved
Hypersyncs and integrations
New! Hypersync for JupiterOne. Proof types include: List of Users.
See the Hypersync: JupiterOne idea idea in the Ideas portal.
See JupiterOne proof types for more information.
Updated! Hypersync for Datadog. Added two new proof types: Alert Configurations and List of Incidents.
See the Alert Configurations and List of Incidents ideas in the Ideas portal.
Updated! Hypersync for JumpCloud. Added a new field for the Device List proof type: Last Contact.
Updated! Hypersync for Orca. Added new filter for Cloud Provider ID.
See the Add filter for Cloud Provider ID idea in the Ideas portal.
Updated! Hypersync for Microsoft Intune. Added new proof type: List of Configuration Policies. Note the
DeviceManagementConfiguration.Read.Allpermission is required for this proof type.See the New proof: Microsoft Intune Control Settings idea in the Ideas portal.
The Hypersyncs for Workday and BambooHR are now available for EU.
Program frameworks
EASA Part-IS is now available for US
Part-IS, introduced by Commission Implementing Regulation (EU) 2023/203 of 27 October 2022, establishes a mandatory information-security-risk-management system within the EASA regulatory framework, requiring organisations and competent authorities to identify, assess and mitigate information-security risks that could impact aviation safety. It extends across numerous existing EASA rules—Commission Regulations (EU) No 1321/2014 (continuing airworthiness), 965/2012 (air operations), 1178/2011 (aircrew licensing), 2015/340 (ATCO licensing), 748/2012 (airworthiness/environmental certification), 139/2014 (aerodromes), and Implementing Regulations (EU) 2017/373 (ATM/ANS providers), 2021/664 (U-space), 2023/1769 (ATM/ANS systems approval) and 2024/1109 (UAS continuing-airworthiness oversight)—by embedding Part-IS requirements into each, so that every segment of aviation operations and oversight systematically incorporates information-security risk management.
Does not yet include controls or crosswalk.
Not yet available in EU or GOV.
Italian ACN is now available for US
Includes over 600 requirements and 300 controls from nearly a dozen different regulations.
Does not yet include crosswalks.
Not yet available in EU or GOV.
Updated framework: French HDS has been updated to version 2.0
This version aligns HDS with ISO 27001:2022 and includes an update map from v1.1 and all new controls. Note that this version does not yet include crosswalks.
Updated framework: Microsoft SSPA DPR has been updated to v11
Microsoft has updated this program with the following changes: two (2) new requirements, five (5) removed requirements, and six (6) updates requirements. Note that Microsoft does not use a consistent requirement naming conventions, so you may wish to update the ids of any controls linked to this program. Includes an update map from v10. Any organization currently using v10 will see an update notice that v11 is now available.
Includes the same jumpstart capabilities as v10.
Includes controls (see the note above about naming conventions).
Updated framework: Sarbanes Oxley (SOX)
The COSO requirements of this framework have been updated to more directly match the content of COSO Internal Control - Integrated Framework 2013.
Maintains the same controls and crosswalks.
Includes update map. Organizations using the current version will receive a notification that the new version is available.
Addressed issues
Fixed an issue with Generic SAML that caused SSO to not work. (Case # 00009594)
Fixed an issue with controls where, when in Grid view, the proof column count was inaccurate. (Case # 00009891)
Fixed an issue with custom fields that occurred when exporting an assessment DOCX report. (Case # 00009798)
Fixed an issue where, when unarchiving scope assignment controls, an unexpected error occurred. (Case # 00009971)
Fixed an issue that allowed the deletion of vendors when updating the vendor status via the Hyperproof API. (Case # 00010018)
Fixed latency issues in the Risk Register module. (Case # 00010039)
Fixed an issue that caused the organization administrator to receive an 'Access denied' error when unarchiving an issue. (Case # 00010079)
Fixed an issue where a group was not added to the facepile when importing a list of controls or requests with group assignees. (Case # 00010138)
Fixed an issue that caused an error when linking back proof in an assessment. (Case # 00010144)
Fixed an issue that caused an empty control_issues table in Snowflake. (Case # 00010163)
Fixed an issue where limited access viewer status on audits and contributor status on requests couldn't assign a request. (Case # 00010157)
Fixed an issue where proof linked to assessment evaluations was not shown to the user. (Case # 00010032)
Fixed an issue that caused incorrect date formatting in email notifications for EU customers. (Case # 00010178)
Fixed an issue where proof files linked to assessment evaluations "flickered" when the Proof drop-down menu was expanded and the user toggled to another evaluation with linked proof. (Case # 000101032)
Fixed an issue that caused an error during vendor export. (Cases # 00010212, 00010209)
Fixed an exporting issue with the Hypersync for Tenable. (Case # 00010269)
Fixed a latency issue when adding proof via Confluence. (Case # 00009844)
Fixed an issue that caused external auditors to not see the correct status values in an audit. (Case # 00010220)
Fixed an issue with the Overview tab where the filter didn't work for issues with linked custom fields. (Case # 00010225)
Fixed a string error in the Hypersync for Tenable. (Case # 00010094)
Fixed an issue that prevented a user from syncing proof files from the Box integration. (Case # 00010217)
Fixed an issue that caused a notification fail with error, 'The given key was not present in the directory'. (Case # 00010276)
Fixed an issue where a customer could not pull files from the Box integration. (Case # 00010217)