v1.4.2

Isora v1.4.2

April 11th, 2025

What's New

HECVAT 4.0 Managed Question Set

• Added HECVAT 4.0 as a managed question set to ensure standardized use across assessments.

• Managed question sets are not editable to maintain consistency.

• Coming Soon: Users will be able to subscribe to question sets, allowing automatic updates to the latest version without needing to contact support.

People Inventory Table

• The People Inventory provides a centralized location to create, manage, and assign roles to users within the system. It includes a searchable, sortable table of users, a sidebar for user management, and options to define roles and permissions at different organizational units.

• Access Control:
  • Superusers can access and manage all users, roles, and permissions.

  • Assessment Managers can manage only the roles within their assigned units (specific roles TBD).

  • If hide_admin_settings in /api/config is set to true, only Superusers can access and manage the People Inventory.

Assessments

• Enabled App Roles with the "assess" attribute to both answer and finalize App surveys.

• Added the ability to enable or disable App Enrichment within surveys.

• Added the ability to disable App Categorization for App surveys.

• Updated the User Agreement link on the Vendor welcome page to point to: https://www.saltycloud.com/terms/

• Converted the "Assessments" tab in the navigation to a dropdown menu with the following options: Units, Applications, Third-Parties.

Risk Register

• Introduced a searchable and manageable table for Risks.

• Search by Name, Description, or Category.

• Deletion rules for Risk Statements:
  • If not in use: system prompts for confirmation and deletes upon confirmation.

  • If in use: deletion is blocked, and a message explains that active associations must be removed first.

• Updated tooltip text in the Risk Register for clarity.

• Added a “Manage” button in the sidebar for Risk Category management.
  • Features include:
    • Add, edit, search, upload (via CSV), and delete Risk Categories.

    • CSV upload prevents duplicates.

    • Deletion rules for Risk Categories:
      • If not in use: system prompts for confirmation and deletes upon confirmation.

      • If in use: deletion is blocked, and a message informs the user that active associations must be removed first.

Headings

• Updated inventory page headings for consistency:
  • “Assets Inventory” → “Asset Inventory”

  • “Applications Inventory” → “Application Inventory”

  • “Third-Parties Inventory” → “Third-Party Inventory”

Bug Fixes & Improvements

Assessments

• Fixed a bug that threw the error “This question has already been answered” when attempting to bulk save questions.

• Fixed a bug in the HECVAT Uploader that prevented importing responses with legacy response groups.

Applications Inventory

• Updated the help documentation link label to “Working with Applications.”

API Updates

Risk Register

• api/riskscores: Refactored to use Category Name and Description.

• Example:

            "risk_info": {
                "id": "string",
                "risk_category_code": "string",
                "risk_category_id": "string",
                "risk_category_name": "string",
                "name": "string",
                "description": "string"
            },

• api/risks: Refactored to use Category Name and Description.

• Example:

            "risk_category_info": {
                "id": "string",
                "code": "string",
                "name": "string"
            },

• api/riskcategories: Refactored to use Category Name and Description.

• Example:

        {
            "id": "string",
            "created_date": "string",
            "code": "string",
            "name": "string",
            "links": {
                "self": "string"
            }