Product Update - 2024 Q1

On this page:ROAR Quarter 1 Updates: Key Innovations: Technical Advancements: User-Centric Additions: Miscellaneous Enhancements: ZenGRC Quarter 1 Updates: Notable Updates: Integration and Management: Enhancements for Efficiency: User Experience Focused: Want More Details? ROAR: ZenGRC   ROAR Quarter 1 Updates:Key Innovations:Custom Dashboards and Views: Dive into a world of data at your fingertips, with the new drag-and-drop functionality, expanded download options, custom colors, and new chart types. Elevate Your Risk Management: Utilize Custom Risk Objects and Risk Registers to integrate risk management practices deeper into your business strategy, allowing for precise risk analysis and robust mitigation strategies. Policy Approvals: This new workflow is designed to automate policy approvals. You can schedule tasks to start on a future date and set up a recurring schedule, complete with automatic notifications, escalations, and dynamic due dates! Automated Gap Analysis: Get a clear picture of your cybersecurity controls against new compliance frameworks with our automated gap analysis tool. Our comprehensive backend automation reveals how your controls match up with any other SCF-supported framework, giving you a reliable estimate of your existing coverage. Control Assessments: Utilize control assessments to evaluate how effective a control is in satisfying all mapped requirements. Aligning controls with the underlying business objects and applicable requirements solidifies an organization's compliance and security posture.  Technical Advancements:Security Scorecard & GitHub Custom Fetchers: Starting with Security Scorecard and GitHub, we expanded our suite of integrations to include Custom Fetchers. Fetchers introduce a targeted approach to data collection, focusing on precision, enhanced security, and unmatched scalability. AI Authoring Assistant: Using information about each Framework combined with our internal expertise in GRC, we’re leveraging the power of Artificial Intelligence to provide tailored implementation descriptions, ensuring controls are well-documented and properly written to satisfy applicable requirements. Expanded Jira Integration: Our Jira connector now supports Jira Data Center, broadening our integration capabilities. In addition, the connection process for Jira Cloud was streamlined to improve the user experience.  User-Centric Additions:Streamlined Evidence Management: Our latest updates make gathering, accessing, and reusing evidence more intuitive than ever before, ensuring consistency and eliminating the need to repeatedly collect the same evidence for various audits. Evolution in Evidence Handling: We've introduced editing capabilities right within the evidence library, along with advanced search functionalities to swiftly pinpoint the exact piece of evidence you need. Elevated Task Management: Assignees and Owners can now update tasks directly via email, streamlining communication and ensuring the ROAR system stays up to date without the need to log in. Customize and Save Your Views: No more resetting your list view every time you navigate away. With 'My Views', you can now save your customized settings on business objects, including column visibility, order, width, filters, and sorting. Reference Controls: Access an internal library of Secure Controls Framework (SCF) controls to explore detailed information about each control.  Miscellaneous Enhancements:Rich Text Comments and @ Mentions: Communicate more effectively with our new commenting capabilities. The rich text functionality and @mentions foster clear, collaborative discussions directly linked to your workflows. Streamlined Navigation (Left-Hand Navigation Update): Our updated navigation interface aligns perfectly with your primary workflows, offering an intuitive experience that simplifies the management of your GRC activities. Enhanced Task Management (Task List Grid Update): Manage your tasks with unprecedented ease thanks to our improved task list grid, now with powerful searching and sorting that puts you in control. Workflow Updates: To reduce the number of automatic notifications and to increase customization, we are no longer creating automatic tasks by default for evidence review and implementation assessments. Instead, we’ve empowered organization admins to choose when these tasks should be created and sent out to other platform users. In summary, Q1 of 2024 was a period of rapid-innovation and solution enhancements, making risk management and compliance not only more efficient but also more integrated and customizable to specific organizational needs.  ZenGRC Quarter 1 Updates:Notable Updates:Questionnaire Scoring: Elevate your questionnaire analysis with our new Answer Scoring feature. This addition brings a structured and color-coded evaluation system directly into the questionnaire response table, allowing for an intuitive and immediate assessment of each response. Integration and Management:Bidirectional Sync for Attachments and Comments: Attachments and comments between Jira and ZenConnect now sync in both directions, ensuring seamless communication and documentation flow. Enhanced "Tasks" and “Risks” Integration: Synchronize both standard and custom attributes, and manage "Requests," "Risks," and "Tasks" with bidirectional creation, deletion, and synchronization between Jira and ZenConnect. Enhancements for Efficiency:Introducing 'Request' as a New Workflow Object Type: Dive into even more customization with the ability to add "Request" as an object type in the "Object" dropdown for Workflow Steps. This enhancement allows for greater flexibility and specificity in managing your workflow tasks, allowing you to add workflows when Request transition to Complete, Review, or Submit statues. New Workflow Action - Send Email: Say hello to seamless communication with our 'Send Email' action! Automate your workflow communications with custom templated emails. This new feature enables you to trigger emails for any workflow action, perfectly blending efficiency with user engagement. Whether it's status updates, reminders, or follow-ups, keep your team informed and connected with ease. Elevated Task Management: Assignees can now update tasks directly via email, streamlining communication and ensuring ZenGRC stays up to date without the need to log in. User Experience Focused:Default Homepage is Now Audit! To enhance your ZenGRC navigation experience, we've updated the default homepage to focus on audits, placing critical oversight at the forefront of your entry into the platform. Users with previously set custom homepages will see no change, ensuring your tailored ZenGRC experience remains intact. Enhanced Group Filtering: When filtering by owner, you can now include groups, providing a more comprehensive view of risk ownership across different segments of your organization. ZenGRC's updates in Q1 of 2024 underscore its dedication to evolving with user needs, enhancing flexibility, integration, and overall user experience in the GRC arena.  Want More Details?ROAR: ZenGRC

Product Update - 2023 Q4

 ROAR Quarter 4 Updates:ROAR's Evolution Continues: Q4 of 2023 marked a significant stride in ROAR's journey as a leader in the GRC industry. This period was characterized by impactful enhancements and innovations, tailored to enrich user experience and streamline compliance management. Key Innovations:Evidence Review: This new feature simplifies the audit process by enabling team members to easily review and approve evidence items, enhancing workflow efficiency. Customization at its Core: Custom Frameworks, Controls, and Attributes enables personalized compliance management, offering flexibility and customization to align with unique organizational needs. Additional functionality through user-created fields, allowing for more personalized data collection. Asset Management: A newly introduced tool for asset-based risk management, providing enhanced visibility, efficient vulnerability management, and prioritization of critical assets. Technical Advancements:Customer API: Introduction of an API for workflow automation, data extraction, and custom interactions, further enhancing ROAR's interoperability and user experience. User-Centric Additions:Vendor Assessment: Advanced categorization and risk assessment tools for insights into service providers and regulatory compliance. Data Request Audit Workflow: A new audit workflow offering intuitive data request lists and automatic notifications for a more efficient auditing process. Continuous Compliance Program Improvements: A built-in compliance program creation wizard for streamlined setup and use. Mappings: A feature for dynamically mapping objects to various other objects and findings, providing a comprehensive view of compliance impact. In summary, Q4 of 2023 for ROAR has been a period of robust innovation and user-centric enhancements, making risk management and compliance not only more efficient but also more integrated and customizable to specific organizational needs.  ZenGRC Quarter 4 Updates:Notable Updates:Agile Auditing: The new Audit Requirement Flexibility enables requests creation independently from audits, fostering an agile compliance environment. Workflow Integration: Integration of questionnaire responses into workflows marks a significant move towards continuous compliance. Integration and Management:ZenConnect Sync: Experience seamless synchronization between Jira and ZenGRC with Bidirectional Sync for Requests. Effortless Task Transitioning: Bulk Reassignment offers efficient management transitions and task tracking. Enhancements for Efficiency:Recurring Task Upgrade: Recurring tasks now auto-populate data, streamlining task management. Expanded Data Handling: Enhanced import/export capabilities include the Recurrence field for comprehensive data analysis. User Experience Focused:Advanced Filtering: New filtering options provide finer control over data analysis. Customizable Homepages: Non-admin users can now personalize their dashboard, enhancing their user experience. ZenGRC's updates in Q4 of 2023 underscore its dedication to evolving with user needs, enhancing flexibility, integration, and overall user experience in the GRC arena.  Want More Details? Check Out the Full Release Notes Here:ROAR: ZenGRC: 

Product Update - 2023 Q3

In Q3, RiskOptics' ROAR has emerged as an even more formidable tool for risk management and compliance, signaling a pivotal shift towards smarter, seamless, and more collaborative solutions.A highlight is the new "External Auditor" role, marking a watershed moment for organizations that collaborate with external consulting firms. This role acts as a linchpin, connecting the intricate web of internal compliance management with external auditing. Tailored for the auditors' needs, it narrows their focus to just the essentials, simplifying complex processes and ensuring accuracy.  This quarter also sees the unveiling of smart data gathering techniques via new "Questionnaires," making it easier to navigate the intricate world of third-party vendor risk. Coupled with the platform's "Vulnerability Management" features, organizations now have a two-pronged approach to not just identifying but also mitigating risks effectively.  Integrations have received a significant boost with task management connectors for Jira and ServiceNow. These connectors act like bridges, making it easier for different departments within an organization to collaborate. Task management has never been this streamlined, emphasizing the platform's commitment to inter-departmental collaboration and efficiency.  Evidence management also gets a facelift with user-friendly features designed to save time and effort. Need all your framework and audit evidence in one place? A simple click downloads everything, which complements the updated, credible, and trustworthy request emails, and the ability to manage evidence request tasks more efficiently!  The system of record and framework monitors have not been left behind. New frameworks are continuously being added, and the system of record now offers more granularity in role categorization and services listing. This keeps organizations on their toes, ensuring they are always a step ahead in compliance and risk management.C5 2020 - Compliance Controls Catalogue (C5) Program CSA CAIQ v4.0.2 EU-U.S. and Swiss-U.S. Privacy Shield Frameworks FedRAMP LI SaaS Gramm-Leach-Bililey Act (GLBA): 2021 Part 314 ISO 14001:2015 - Environmental Management Systems ISO 27002 ISO 27018:2019 - Information Technology Security Techniques New York State Department of Financial Services (NYDFS) 23 NYCRR 500 - Cybersecurity Requirements for Financial Services North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) SOC 1® - SOC for Service Organizations: Internal Control over Financial Reporting (ICFR) Trusted Partner Network (TPN v5.1) US DOJ / FBI - Criminal Justice Information Services (CJIS) Security Policy  So, the third quarter has clearly been a bustling period of innovation for ROAR. Whether it's making external audits a breeze, gathering data smartly, integrating seamlessly with other platforms, or enhancing user experience, RiskOptics has shown that it's heavily invested in making risk management and compliance not just necessary but efficient and user-friendly.  ZenGRC Quarter 3 Updates:Custom Homepage for Non-Admin Roles: This page has been restored and fully functional! "Recurrence" Attribute in Requests: Newly compatible with both data import and export functionalities. Enhanced Filter Operators: Filters now support "Does Not Contain" and "Does Not Equal" conditions, providing greater flexibility.  Want More Details? Check Out the Full Release Notes Here: 

Product Update - October

We are excited to share enhancements to the following areas in the Reciprocity ROAR platform:Organizational Onboarding & Profile Page: You can now quickly create & edit an organizational profile and, from that data, implement ROAR’s expert-recommended Programs curated specifically for your organization. ROAR Recommended / Curated Programs: Administrators now receive a curated selection of Programs - presented by priority and rank - after completing ROAR Organizational Onboarding. Organization Level Navigation: Users can now quickly access authoritative Org-level information within ROAR by choosing from the key features statically located in the top banner of each page.  Program Context & Purpose: Programs offer additional context and purpose to users with the addition of a new priority assignment and financial value feature.  Control Scoping Logic: During program creation and when launching recommended programs, the control scoping logic has been updated Findings and remediation plans: Audit managers and control assessors can now add a priority status and assign an owner to findings in ZenComply.  Audit workflow: Audits no longer depend on a finding’s creation and closure in order to mark an Audit complete. Risk scoring: Risks and threats are pre-scored and automatically populated with GRC Expert values. Reciprocity Community single sign on (SSO) is now enabled for all ROAR users. Controls within a Program’s Library records will now only show requirements in scope for that specific Program.

Product Update - June

USEZenGRC Product UpdatesWe are hard at work developing advancements to our API functionality. This month we’ve added the ability to access Attachments and Comments via the API. This function is available for the following objects:   Objectives Controls Vendors Products Risks Markets Systems Threats We have also added Read and Write capabilities via the API on the Markets Object.  Reciprocity ROAR Platform UpdatesPlease visit the Release Notes section of the Reciprocity Community to stay up to date on the latest product enhancements, including new functionality for risk reporting charts. Secure Controls Framework UpdateThe SCF will be publishing a moderate update which includes a number of new frameworks including PCI DSS 4.0. This SCF update also includes new controls and updates to existing control language. The Digital Security Program (DSP) and Cybersecurity Standardized Operating Procedures (CSOP) will also receive corresponding updates. For more information about upgrading, please contact your Customer Success Manager.  ACTProduct Sprint Review - June 23, 2022 | 8:00 AM - 8:30 AM PDTThis month’s Sprint Review will showcase updated charts and program scoping. Grab a coffee and come learn more about all the  improvements we’ve made to the Reciprocity ROAR platform. I'LL BE THERE User Group - Recording AvailableMissed the user group session? Click here to access the full recording and learn what’s next for ROAR and how to set up common cyber assurance programs.WATCH RECORDING

Changing the Game: Introducing the Reciprocity ROAR Platform and Product Suite

 Security and risk management (SRM) leaders are under increasing pressure to both reduce risk and demonstrate and communicate the value, effectiveness, and maturity of their security program to a broad range of stakeholders with differing and evolving expectations. This includes board members who, after years of receiving quarterly reports on cybersecurity, are now asking for improved reporting on the value of security programs that provides them with a deeper understanding of their current risk posture and areas of higher risk.   Providing actionable risk insights has been difficult if not impossible for InfoSec teams, as this level of visibility isn’t realistic with the single risk register approach offered by traditional Governance, Compliance, and Risk (GRC) and Information Technology Risk Management (ITRM) tools.  But that all changes today -- with Reciprocity’s new product suite built on the Reciprocity ROAR Platform.  Reciprocity ROAR Platform The Reciprocity ROAR Platform is a game-changer, introducing an entirely new approach to IT risk management by breaking down the silos between compliance and risk and providing a real-time view of risk within the context of business activities that empowers InfoSec teams with the actionable insights they need to avoid and mitigate risk and optimize security.  The Reciprocity ROAR (Risk Observation, Assessment, and Remediation) Platform enables companies to create cyber assurance programs around critical business processes, assets, or initiatives. This provides the flexibility to choose the right mix of frameworks, risk registers, scoring methodologies, and vendor scores to get a specific and accurate risk assessment to help guide strategic decisions. The result: organizations can more easily and efficiently protect their most valuable assets, quantify the value of security investments, accelerate business initiatives, and effectively inform leadership on the levels of risk and improvements. Insight + Intelligence + Automation The Reciprocity ROAR Platform combines insight, intelligence, and automation to deliver a unified user experience while reducing complexity and driving efficiency. Using an AI-powered approach, the platform integrates IT and cyber risk activities, providing clear context into your risk posture. Continuous monitoring of your controls helps you stay ahead of threats by keeping your team connected and informed through proactive notifications.  The Platform delivers prescriptive guidance to help you select the right mix of requirements and pre-loaded content, within a single, unified solution. The result is optimized evidence, control, and data re-use which reduces the complexity and resources required for your effective risk management.  The Platform’s AI engine automatically builds relationships among business assets and processes, controls, and risks to intelligently deliver automated risk posture as well as maximize re-use, while continuously monitoring for any changes that can negatively impact that risk posture and delivering recommendations for treatment plans. Workflows within the Platform are automatically initiated when your programs are defined, and integrations to leading business systems provide automatic information access. This pervasive automation enables you to take effective action fast, driving efficiency and maximizing your team’s talent.  Powerful Cyber Risk Applications The Reciprocity ROAR Platform powers the company’s new suite of advanced risk and compliance applications to deliver integrated building blocks for cyber assurance programs.   The Reciprocity ZenComply application strengthens the role of compliance in your security program, providing a fast, prescriptive, content-rich experience that brings together expert guidance, automation, and intelligent collaboration. The AI-powered backend maps 10,000+ content objects across frameworks, threats, and risk registers, automating calculations and building key relationships.   The Reciprocity ZenRisk application provides actionable insights within the context of your business priorities to help you effectively avoid and mitigate IT and cyber risk. With expert-provided content, predefined scoring methodologies and mapped controls, risk and threats, along with continuous scoring of residual risk, your team can stay ahead of threats and prioritize activities to drive business results while optimizing security.      Actionable Insight Unlike typical risk solutions that only provide a single, high-level view of risk, the ZenRisk and ZenComply applications use the ROAR platform to provide two levels of actionable insight, the overall risk posture of your business and detailed risk insight at the business program level. At the program level, you can take direct action on what is increasing or decreasing your exposure and understand how changes in one aspect of your business may impact others that share controls and risks.  With dual-level insights, you can communicate risk in business context with the details at hand, to make smart decisions that reduce exposure, protect your information and secure your business. To learn more, don’t miss our upcoming webinar: Effective InfoSec Begins with “Reciprocity” Between Compliance & Risk.

Reciprocity Delivers Immediate Insight into Compliance and Risk with Risk Intellect

New, innovative risk-assessment product enables compliance-driven cyber risk managementSAN FRANCISCO, Calif. – Nov. 3, 2021 – Reciprocity, a leader in information security risk and compliance, today announced Reciprocity® Risk Intellect, which provides organizations with a unique view of how their compliance programs are impacting their risk posture. This innovative new risk-assessment product delivers immediate, automated insight to information security teams, enabling them to easily and efficiently prioritize the right activities to both strengthen their compliance and reduce risks – including data loss, cyberattacks, system failures, and security breaches.Risk Intellect complements Reciprocity’s ZenGRC® solution, allowing companies to quickly and easily connect the dots between existing compliance programs and the company’s risk posture by providing contextual views into which controls have the greatest impact on reducing risk. This insight, combined with target risk scores and guidance provided by Reciprocity GRC Experts on how to further reduce risk, help infosec teams to prioritize, improve, and re-use compliance controls and assessments to strengthen their organization’s compliance program and reduce cyber risk.“Reciprocity Risk Intellect will make it effortless for compliance-focused companies to see their world through a risk-based lens, ensuring they have immediate insight into their risk posture – without the need to conduct inherent, residual risk assessments,” said Michael Maggio, EVP of Product for Reciprocity. “Reciprocity is committed to developing and delivering the industry’s best and most innovative governance, risk, and compliance solutions on the market. The introduction of Risk Intellect, which provides immediate, actionable insight in just minutes, will enable companies to quickly and effectively optimize their compliance programs while reducing risks.“If we’d had a product like Risk Intellect two years ago when we first set out to build our cyber risk management program here at Monster, we’d have saved ourselves immeasurable time, money, and re-work,” said Peter Fahlstrom, Senior Security Engineer for Monster. “Reciprocity has done an incredible job of building a true jumpstart for companies transitioning from compliance-focused checklists to strategic risk management.”Risk Intellect enables companies to:Gain automated insight into their risk posture by leveraging existing compliance data to get immediate insight into the impact of current compliance programs. Easily prioritize compliance remediation activities by utilizing multiple views to quickly identify controls with the greatest impact in strengthening compliance and reducing risk. Make smart decisions, faster, by leveraging expert-suggested inherent and target risk scores, as well as specific guidance to further reduce risk. Strengthen compliance programs over time by utilizing a continuously updated view of their risk posture to demonstrate quantifiable improvements. Take a proactive approach by moving beyond point-in-time audits and “check-the-box” compliance to a more proactive, quantifiable approach to compliance and risk.To learn more about Reciprocity and Risk Intellect:Check out this blog to learn how Risk Intellect helps companies move from “check-the-box” compliance to compliance-driven cyber risk management. Learn how to future-proof your compliance and risk management with Reciprocity. Download this solution brief to discover how ZenGRC helps companies easily manage compliance and risk.About ReciprocityReciprocity equips organizations with the fastest, easiest and most prescriptive information security solutions in the market. Our fully integrated and automated ZenGRC platform powers a full catalog of compliance, risk and other infosec applications. Supported by our award-winning customer service and industry-leading GRC expert teams, we help businesses realize the industry’s fastest time to value while fostering in-house expertise.###Reciprocity and ZenGRC are registered trademarks of Reciprocity. All other brands or product names are the property of their respective holders.

I'm not ready yet X