We are today releasing version 41, a quite complicated piece of work that prepares ground for more strategic changes. Have a look on this post whats new and what changed in eramba.

Install Intructions

  • Backup the DB
  • Clear cache (System / Settings / Clear Cache)
  • Make sure ACLs are updated (System / Settings / Access Lists)
  • Update
  • Clear cache (System / Settings / Clear Cache)
  • Make sure ACLs are updated (System / Settings / Access Lists)

Dashboards are BETA and will update with the next hourly cron. It will take a minute or two or three to run, keep an eye on them if they exceed that mark. If we notice some issue / bug we’ll release a hotfix as soon as possible.

What was improved in this release?


  • Migrated the entire system to unified CRUD (creation, read, update, detele) in order to prepare for PHP7 migration. This is a massive change, many files have been updated.
  • We corrected multiple PDF exports, in particular in regards to Custom Fields

Control Catalogue / Security Services

  • Ad-hoc audits and maintenance can be added without the need to modify the existing schedule. This is useful if you want to add “old” audits (previous to your implementation of eramba) or you failed an audit, corrected the issue and want to state this correction with a  “Pass” audit.

Compliance Analysis / Third Party Audits

  • The auditee (the individual that responds third party questions) has now a “single select” as possible answers, before more than one answer could be selected.

Risk Management

  • We corrected the Magerit formula, under certain scenarios it would fail to save a Risk
  • Included a new Risk calculation that works as “eramba” but instead of summing factors it multiplies them.


  • Included “reference” dates, for example: “In 14 days, etc”, “The last 7 Days” on all filters where dates are an option.
  • Improved filters speed to accommodate new dashboards (which run using the hourly cron)


  • Project Task Notifications now have a “Task Owner” custom role. This would be useful to trigger notifications to Task owners when tasks are soon to expire.

Awareness Program:

  • We corrected a bug on PHP7 that would prevent the program participant to save its results.
  • We corrected some issues with multiple choice CSV
  • We recommend stoping all current awareness programs and start new ones to ensure emails will be triggered correctly.

Policy Management:

  • Uploaded policies with CSV imports would not allow to “View” them.

Incident Management

  • Included the incident ID on the index of incidents

KPI Dashboards

  • Included the first version of user and admin dashboards. This feature is beta and will keep on improving after we migrate the system to PHP7

Changes in the team

We have come super late with this release, the other day we sat and tried to think what went wrong and what we’ll do about it.

  • No one on the team works as a full time “release manager” or “scrum master”.  This sometimes leads that work is not tightly monitored. Emiliano has joined the team and will be looking at this task, we want to be more predictable.
  • We finally are all together at a single office in Bratislava, Slovakia. After 5 years of all working remotely, we think the face to face approach will change work dynamics drastically (if we dont kill each-other before).
  • We’ll make shorter releases, 3 weeks maximum. 2 weeks development, 1 testing and packaging. Long increments make it hard then to test.
  • We have decided to change the way we track stories, issues, etc to reinforce predictability on our deadlines.

We want to thank your support that is essential to keep this project alive and avoid (as we have been offered many times) becoming another GRC company that charges a ton of money for a tool to recover seed money. Our strategy is the same since day one: simple, cheap,  well supported and as enterprise and open as possible. Once again thank you for your support, renewals of licenses from 2016-2017 are at above 80%.

What is for the rest of 2017?

Originally we used eramba as  a “security” tool where no-one would have access, the “security” team would upload policy reviews, exceptions, audit results, etc.

For the next months our aim is to continue with the changes that will make of eramba a collaborative tool, one where anyone in your organisation can access and only their information (risks, exceptions, etc) will be shown (Visualisations feature to be expanded to the rest of the system), where access and roles will be improved (use groups instead of single accounts for roles) and where you will be able to define your own workflows for any section on the system.

On top of that is the extremely complicated task of migrating to PHP7, which we have started a couple of releases ago and gives us (and you, in the form of non-forced bugs) a million headaches.

Of course the endless list of “tiny” fixes and features also are part, just to mention a few: SAML auth, risk residual matrix, mandatory custom fields, etc.