Dear Customers,

We want to share with you the details of our new release (106.013) and (106.014).  Let’s go bit by bit:

Notifications (watch the introductory video or read the documentation)

  • Allowing you to define your own notification email (subject, body) in which you can also include macros that “pick up” data from the object (like the date the audit expires, Etc)
  • We included many (more than 20) new notifications (details at the notification documentation)
  • When you create a notification you can tell eramba to apply it to all new objects in the section (before you had to manually associate it)

We wanted to include but did not have time for it yet: notifications include the object (risk, etc) as a PDF attachment, iCal events on the notification so gmail, Outlook, Etc can read them, a new type of notification that sends saved filters as attachments in regular periods of time.

Third Party Audits (Vendor Assessments) – (watch the introductory video or read the documentation):

  • You have new notifications (when an audit finding is due, created, audit deadline, etc)
  • You can customise the subject and body of the email sent to the Auditees, with the use of macros you can include on the email Third Party attributes such as the auditor name, the title, etc.
  • You can customise a header title and body text of the page auditees (people submitting you with evidence) are visiting so your own instructions can be shown. We also improved the user interface of what was shown to the auditee when it logged in to provide answers.
  • At the time of creating a new third party audit you can “force” common settings to all your requirements (like who needs to provide evidence, feedback, Etc). This saves you a ton of time configuring third party audits.
  • When you create an audit finding, you can associate it with a Third Party Risk or Risk Exception.
  • You can now export in PDF audit findings and the entire Third Party Audit
  • You can now “Start” or “Finish” an audit to control auditee access to the Third Party Portal

We wanted to include but did not have time for it yet: apply advanced filters.

Risk Management (read the documentation):

  • You can now mitigate Risks with policies (not just controls or risk exceptions)
  • We re-organised the look and feel of the “Treatment” tab to make the risk score more clear
  • We included incident containment procedures to all three risk types. When you create an incident, if you choose to link the incident with a known risk, the incident module picks up the information from the Risk and shows you the list of incident containment procedures.

Security Policies (read the documentation)

  • You can now use an URL to point to the policy content (previously only attachments or the built in editor was possible)
  • Before it was required to have LDAP to enable the Policy Portal, we now have an option that you can enable the portal without LDAP (only Public policies are shown)

CSV Imports (Watch the introductory video or read the documentation)

  • You can now mass upload Policies, Assets, Security Services in one shot using CSV files.
  • Many of you will hate us we put this feature this late, we truly apologize but we simply could not get this done earlier.


  • Although we have not included it on this release, we have built the engine for REST APIs for the Incident Management module. We have started to document the API examples in this document and all APIs will be in detail documented at the portal
  • On our next release we will include a demo where Splunk is used to automatically create an incident every time a creeping account is detected on our Active Directory.


  • The documentation got refreshed (once again)
  • We have hired an Irish lady that will be reviewing all our “English”
  • By September / October we will offer all of you webex training sessions on each of the core use cases.

General Fixes:

  • A few bugs here and there…
  • Allow PNG uploads
  • Security Contracts can now change the associated Third Parties and also include notifications
  • Timezone settings (System / Settings / Timezone) now show the local time
  • Corrected some warning issue when creating security services
  • Performance issues when using custom fields (this is actually release e106012)

What we plan for August:

  • Awareness Program Module – quite a re-engineering needed as it has some flaws with certain Windows AD architectures.
  • Expand advanced filters and include “Mass Actions” (Deletions, Etc).
  • New workflows (this is a big one) – we don’t think we will complete it in one month.

We will most likely do a release by the end of the month as the team deserves some time off on holidays.

Kind Regards !

The team at eramba