We completed our next release, it will be made public on Monday 13th of March, the update is rather large so please have this in mind:

  • Backup files and DB before you run it 🙂
  • Clear Cache (System / Settings / Clear Cache) right after you completed the update
  • Update your ACLs after you complete updates (System / Settings / Access Lists)

The following functionalities and bugs have been addressed:

Access Lists (System / Settings / Access Lists)

  • We cleaned it up so it runs faster, now before the access lists are presented, you need to select which groups you want to set filters for. This makes the page load a lot faster.
  • IMPORTANT: please clean your cache (System / Settings / Clear Cache) after you update the system.


  • We included tags, custom fields and notifications to all three types of exceptions (Risk, Compliance and Policy Exceptions)

Incident Management (Security Operations / Incident Management)

  • By default, incidents automatically “close” once all stages have been tagged as completed.You can un-flag this option while creating incidents.


  • We corrected a few reported bugs on filters (risk, Third party, security services audits, Etc)
  • We improved queries to make them run faster
  • Settings (drop-downs) for filters were “forgotten” once they run, we got that fixed too.

General Fixes

  • Tags with apostrophes would crash the form / section they were being used, this got fixed.
  • The “helper” text under each form field was reviewed on the entire system, this should make easier for users to understand what each field does and if its optional or not.
  • Risk tags were disappearing after edits, this got fixed.
  • We updated the Risk Calculation documentation to cover in detail how the math is used.
  • Our password policy was ill enforced, this meant eramba was accepting local passwords without the alphanumeric rule (it was looking at length alone).
  • Uploaded NIST_Cybersecurity_Framework compliance package (Thanks Yan from Canada!)

Compliance Findings (Compliance Management / Compliance Analysis Findings)

  • We created a new feature that allows you to keep track of your compliance findings (issues found by external audits) so answering the question: what findings we got on our last PCI audit? is a lot easier. You have notifications, filters, custom fields, etc on the new section. We have documented the functionality as part of our compliance documents..

Core Fixes

  • This is invisible for users, but we strengthen the core of eramba a ton and a half to make it ready for new workflows. For you to have an idea, this update is 41Mb in size – by far our biggest.

On our next release (end of March) we’ll do a few important changes you need to be aware of:

  • We’ll remove old workflows from most of the system, this means you wont be presented anymore with a window every time you edit something or being careful about objects being left in “draft”.
  • We’ll implement new workflows, bulk-edits, versioning, trash on the following key sections:
    • Control Catalogue / Security Service
    • Control Catalogue / Security Services / Audits
    • Control Catalogue / Security Services / Maintenances
    • Control Catalogue / Policy Management
    • Control Catalogue / Policy Management / Reviews
    • Asset Management / Asset Identification
    • Asset Management / Asset Identification / Reviews
    • Risk Management / Asset Risk Management
    • Risk Management / Asset Risk Management / Reviews
    • Risk Management / Third Party Risk Management
    • Risk Management / Third Party Risk Management / Reviews
    • Risk Management / Business Impact Analysis
    • Risk Management / Business Impact Analysis / Reviews

Thank you!