May 2025 Updates

Looking for product updates delivered directly to your inbox? Be sure to subscribe to our bi-weekly customer newsletter.

v. 2025.5.0 & 2025.5.1

• Risk Cloud API: Access Audits with Productivity Entitlement: Until May 2025, Access Audits via API has been restricted to those with the Build entitlement. As of this release, users with the Productivity Entitlement can also now perform this Access Audit. This will allow you to delegate user management without granting full Build access across the platform. Please see Risk Cloud API: Viewing Users for further details.
  
  
• Automated Assessment Scoping Section: We are excited to announce a more efficient and effective way to scope, create, and assign assessments. The new Assessment Scoping Section allows end users to bulk create child and grandchild assessments in a single click. The scoping process leverages an intuitive data tree visualization that displays the selected entity's related Records based on a pre-selected data hierarchy configured by a Builder. Please see Automate Assessment Scoping for further details.

• Field Value Duplicate Prevention: Duplicate prevention is a field-level validation that checks to see if the field value already exists for another Record in the Workflow. The option is designed for fields that should not be duplicated within a workflow (eg; Tax IDs, Vendor IDs, etc). Please see Create Fields for further details. This enhancement is only available on the Reimagined Record Experience (UXRI).

• Text Concatenations - Record Name, Record ID, and Sequence Number: Previously, System Fields were not permitted to be used as field inputs in Text Concatenations. We have made enhancements to Text Concatenations to allow the following System Fields to be utilized: Record Name, Record ID, and Sequence Number. Please see Text Concatenation Fields for further details. 

• Automated Evidence Collection - File Storage Sources: Automated Evidence Collection (AEC) now supports file storage sources, enabling automated evidence collection from Google Drive, SharePoint, OneDrive, Box, and Dropbox. You can now set up automations to pull files—such as existing evidence stored in your repository or the latest policy documents—from your cloud storage, either on demand or on a recurring schedule. Please see Setting up Evidence Source: File Storage for further details.
• Populate User Groups via Roles: Simplify the management of User Groups by syncing with a Role’s membership. This feature will directly support an upcoming release, allowing a user’s field selection to automatically grant the appropriate Record-level access.

• Spark AI in Subsection Guidance: When using Subsection Guidance within a Step, you can now utilize our Spark AI tool to supplement your content! Please see Adding Subsection Guidance to a Step for further details.

• Preview Panel Icon within Table Reports: You can now choose to open the Preview Panel when viewing Table Reports by accessing the Preview Panel icon. If you would like to open the Preview Panel, you can now click the icon to the right of the Record name to do so, as well as access Record pages by clicking the Record Name.
  
• Linked Workflow Step Builder Improvements: We've made some changes to the Linked Workflow Step Builder in order to make it easier to navigate. Some Fields have been renamed for clarity, and other Fields have been grouped together based on logic for similar categories.

[Upcoming] New naming convention for attachments downloaded from Table Reports

Starting in July, the default naming convention for attachments downloaded from a Table Report will be updated to a new, simplified format. Other extraneous information previously added to file names, including the Attachment ID and version number, will no longer be included. Using the old naming convention, file names looked like this:
6gDir9lz_Information Security Policy.docx_v1.docx
dWP1hd5v_Mitigation Plan.pdf_v1.pdf

With the new naming convention, these files will have the following names instead:
CC1.2_Information Security Policy.docx (Primary Field example)
Mitigation-12_Mitigation Plan.pdf (Record Name example)

Please take note of this upcoming change and prepare to adjust any existing processes which may have relied on the old naming convention. Reach out to your account team with any questions.

New and Updated Content

GRC Content

• CCPA: Our update reflects the minor modifications made to the CCPA Civil Code by two Bills signed into law in July and September 2024 respectively. Request the latest version through this form.

Integrations

• Microsoft Entra ID - Employee Repository: Automatically keep Risk Cloud employee Records up to date with the latest information from Entra ID, including the creation of brand new employee Records and updates to the terminated employees repository.