New Feature

Gap Analysis

The Gap Analysis feature is an AI feature powered by Claude. The feature evaluates how well existing controls address linked requirements and risks, summarizing whether the requirement or risk is fully covered, partially covered, or not covered, including a gap analysis summary and identifying gaps. The summary will also include a list of recommended actions: 

• Refined Control: The feature will suggest improvements to a control already linked to the parent object.

• Suggested Control: The feature will suggest a similar control in the library that is not yet linked (powered by the same text-embedding similarity model used by Requirement Similarity and Control Recommendation).

• Generated Control: The feature will create a brand-new AI-drafted control to fill an identified gap, with a rationale for why it is needed.

Users can also edit a suggestion before adding it to the parent object. Suggestions created by the AI Agent will be tagged as AI-Generated, and edited suggestions will be tagged as AI-Assisted.

Users can Export the full analysis as a PDF or Word document or copy it to the clipboard.

Note: The Gap Analysis feature has a daily limit of 500 per org.

Feature Enhancements

AI Generate Button Replaced with View Gap Analysis for Control Generation

We are replacing the AI Generate button with the View Gap Analysis button on the Create a New Control pop-up, since the new Gap Analysis feature includes the Control Generation feature as part of its workflow, making the Control Generation AI Generate button redundant.

• The Control Generation feature can be re-enabled by support per org, replacing the View Gap Analysis feature for the selected org without deployment.

• The View Gap Analysis feature will automatically be enabled for existing Control Generation feature users.

• The Control Generation is hidden from the Feature Access screen by default.

Intake Agent - Nested Form Configuration Validation

The Intake Agent Config Validation will include nested form configurations, which are used to traverse relationships and create objects during chat interactions while using Intake Agent. This will prevent missing entities, incorrect question counts, and runtime failures. Invalid configuration errors will appear on the Portal URL Settings: Edit Portal URL screen.

The following validations will occur on the nested form configurations:

• Checks to ensure the Intake Agent configuration does not exceed the supported relationship depth of 2. 
• Checks to ensure when a relationship has been configured and Create is enabled, a nested form has been set. 
• Checks to ensure when a relationship has been configured and Create is enabled, the nested form has Chat Interface enabled.

Allow Scope Selection Using Grandparent Nodes when Filters are Applied

On the Scope Assessment screen, scope selection checkboxes on a filtered nav tree now behave consistently across all levels. Selecting a grandparent (or higher ancestor) selects all parent and child nodes beneath it.

Bug List

• The AI-Identified Similar Requirements pop-up will display similar requirements when the Find Similar Requirements AI action is selected.

• The Intake Agent will recognize permissions granted through User Groups, ensuring safer object rollbacks by validating delete permissions across all relevant object states.

• The Intake Agent Chat provides an error message when the configuration exceeds two nested object types, ensuring users understand the specific setup error instead of receiving a generic system error.

• System reliability and error reporting was improved by standardizing how internal services communicate, providing clearer information when troubleshooting is required.

• Resolved an issue where scoped objects were not visible in the navigation tree view after scoping an assessment until the page was manually refreshed.

• The Search field in the Add Existing Controls and Add Existing Issues pop-ups now correctly displays "Search…" as the placeholder text.

• Fixed an issue where viewing the AI-generated summary for records created via email would cause a 500 internal server error when the "Created By" field was included in the Data Definition.

• After an Org import users can successfully select values from dropdown menus as dropdown menu options will populate correctly.

• When messages are sent from contact-only objects, configured email addresses are maintained as the From address, and external users successfully receive emails.

• The message service now supports processing HTML-only emails, ensuring that content is correctly extracted for object creation when a plain text version is unavailable.

• Fixed an issue where the dashboard deployment auto-retry feature was not processing failed messages and was preventing auto-retries.

• Fixed an issue where concurrent file attachment operations could incorrectly merge metadata.

• Improved the performance and stability of navigation forms by preventing redundant data from loading.

• Improved the resilience of search indexing so that brief network interruptions no longer cause search updates to be permanently dropped, reducing the likelihood of stale or missing search results.

• Resolved a vulnerability by adding HTML escape characters (e.g., <, &, >, etc.) to user-provided content (e.g., object names, descriptions, and comments) so that the escape characters are not treated as HTML characters.

New Content Translations

Please review the attached file for all new content translations added to the system.

If your organization is utilizing the Language Translation feature, please download a new Language template (for your required language) and filter the Language column (last column) by empty cells, indicating new content. Any empty cells in the Language column must be translated, and the Language Template file must be uploaded to the system for changes. For further information, please refer to the Add a Language article.