UpGuard Release Notes

Learn about new features, changes, and improvements to UpGuard this month.

Shared profiles are a great way to proactively provide security information to cut down the time it takes for you to be assessed by another party. You might choose to publish a completed ISO27001 questionnaire or a SOC 2 type 2 report, and share that proactively with your customers instead of being sent another lengthy questionnaire that covers much of the same information. To ensure that these documents are accessed only by the customers you choose, you can set up access protection controls, add an NDA to be agreed to before documents can be downloaded, or a combination of both. Learn more about how to add an NDA to your shared profile here.

As part of this release we’ve made improvements to Shared Profiles. This is part of our commitment to making it easier and faster for you to assess vendors, and be assessed by vendors. The display of nested documents has been revamped, to make it easier to understand the relationship between questionnaires and their attached documents. Additionally, empty sections of your Shared Profile are no longer displayed to viewers, keeping the focus on the evidence you’ve made available.

For more information on Shared Profiles see this link.

Other improvements

• A tweak to the Vendor Summary Domains and IPs section, to make it easier to see domains and IPs separately
• This release includes a number of bug fixes

This release includes the ability to enable NDA Protection for your Shared Profile. 

NDA protection for your Shared Profile

To make it easier and faster for Shared Profile owners to ensure that the right users have access to their documents, Shared Profile owners can now upload an NDA (non-disclosure agreement) template. When enabled, visitors to the Shared Profile must accept the terms of the NDA before documents and questionnaires within the Shared Profile can be accessed. 

This feature sits alongside the existing Access Protection feature for Shared Profiles. Shared Profile owners can manage their NDA settings, see which organizations have agreed to the NDA, request an NDA from existing customers, or revoke access to the Shared Profile. 

Learn more about how to implement NDA protection for a Shared Profile.

Other improvements

• This release also includes a number of bug fixes.

This release includes some exciting enhancements to make it easier to manage and assess your vendors.

Vendor summary page redesign

We’ve redesigned the vendor summary page to make it easier to see all the information that’s critical to understanding and assessing the security posture of your vendors. This includes consolidating all risk assessment activities and evidence together under the risk assessment framework to help you quickly determine the assessment state of the vendor, manage your workflow, and follow up on any outstanding activities.

To learn more about this change and how to use the risk assessment framework check out using the risk assessment framework within the UpGuard platform.

Invite vendors to access their full security profile

UpGuard Vendor Risk customers can now provide their vendors with 14 days of access to the UpGuard Platform. This will give them free access to proactively review and improve their cyber security posture, and help you to build stronger and safer business partnerships with your vendors.

To learn more check out Inviting a vendor to access their full security profile in UpGuard

Other improvements

• When business email addresses are found in the analysis of documents leaked from ransomware blogs, they will now be published through the Identity Breaches module. Access to this information can help identify the impact of breaches of third or fourth parties. To learn more check out Identity breaches from ransomware leak blogs.
• This release includes UI improvements to Shared Profile settings and Shared Profile access pages. This includes a new status pill that indicates whether the existing Access Protection option is on or off, and an expanded Settings page replacing the old slide-out modal.
• We’ve added detection of CVE-2022-36804, a critical severity command injection vulnerability in Atlassian BitBucket Server and Data Center.
• This release also includes a number of bug fixes.

‍

Learn about new features, changes, and improvements to UpGuard this month.

‍

This release includes two brand new features which will help accelerate and streamline your vendor management and risk assessment processes.

Custom Attributes

Store additional structured information to help manage the relationship with your vendors and easily sort and group them by common characteristics. This will enable more effective vendor management within the UpGuard platform.

You can define the custom attributes you need, so you can store the information that’s important to your organization. For example, use custom attributes such as Internal Owner, Contract End Date and Cost Center to help manage your vendor relationships within the UpGuard platform.

Check out How to use Custom Vendor Attributes for help setting up and getting the most out of this feature.

Questionnaire Autofill

Filling out questionnaires can be a time-consuming and repetitive task. To greatly reduce the time involved, we are introducing a Questionnaire Autofill feature that scans previous questionnaire responses from a vendor’s organization and suggests autofill answers. Respondents can then easily review previous responses and use them in the current questionnaire where relevant. This will help your vendors respond to questionnaires faster, making it quicker and easier for you to complete vendor risk assessments. 

To learn more about how to use this feature and how it works, check out How to autofill a questionnaire based on your previous responses.

Other improvements

• This release also includes a number of bug fixes.

Learn about new features, changes, and improvements to UpGuard this month.

For this release we've focused on delivering improvements to executive/board-level reporting. You can now create reports that are specifically tailored to this audience, with the appropriate level of detail and information.

Some of these improvements include:

• Reworking the way in which you interact with the ‘Reports’ navigation menu item. You can now see a library of reports that can be generated on the platform.
• A new Board Summary report is now available. This provides a high level snapshot of key factors around your organization’s cyber security posture, including company risk rating, industry average, and severity of risks. This is a quick and easy way to share key information with your executive team and other interested parties.
• Improved Vendor Summary and Breachsight Executive Summary reports are now available. These give you the option to generate:

          - Predefined summarized versions of the original Vendor and Breachsight Reports, providing a snapshot of key information for your executives.

           - Detailed versions of the reports, which allow you to customize and display all the information your cybersecurity team might need to identify and reduce your third party risks.

For more information on the new reporting features in UpGuard, check out ‘Reporting in UpGuard Cyber Risk’.

Other improvements

• Subsidiaries are now filtered in alphabetical order, rather than the order they were added/detected.
• The visibility status of each question is now provided in the excel export of a questionnaire.
• This release includes a number of bug fixes.

We’ve added a risk matrix to the Vendor Risk Executive Summary that measures vendor security ratings by business impact. This enables you to quickly focus on the most impactful areas of your third party risk management program by visualizing your vendor portfolio risk by Security Rating and Tier.

This feature will help drive action where it matters most, highlighting the vendors of highest concern in the top right of the matrix. You can then click through on each cell to see a filtered list of these vendors and start reducing your cyber risk with maximum impact.

For help setting up tiering to get the most out of this feature, check out ‘How to tier your vendors in UpGuard’.

Other improvements

• We’ve included ‘Reassessment date’ on the vendor page Excel export. The date is set when completing a risk assessment for a vendor.
• This release includes a number of bug fixes.

Previously released only to a beta group, the vendor relationship questionnaire feature is now available to all UpGuard Vendor Risk customers. 

To streamline internal collaboration and quickly understand the level of depth required when assessing a new vendor, you can now send a vendor relationship questionnaire to the relevant members of your organization. This enables you to gather and store key information about how you work with your vendors from within Vendor Risk. 

Visit how to use vendor relationship questionnaires to learn how you can set up and use this feature. 

If you would like to join our beta program for early access to future features, please talk to your Technical Account Manager or contact support@upguard.com.

Other improvements

• You can now filter Vendor Risk questionnaires by status. This enables you to quickly filter your view – for example, to see all questionnaires that are currently in review. 
• This release also includes a number of bug fixes.

Learn about new features, changes, and improvements to UpGuard this month:

We have made it easier for you to communicate with your vendors using in-line messages and notes when sending and completing questionnaires.

To drive collaboration and streamline the process, you can now add messages to individual questions within a questionnaire, making it easier to seek clarification on any responses. You will be able to communicate directly with vendors and provide specific instruction on individual questions, allowing vendors to easily seek information from you to speed up the whole process.

This enhancement also allows you to add private notes to individual questions that are only visible to users in your organization. 

These features were previously only available at the overall questionnaire level.

To learn more about how this works you can visit Adding and viewing messages and notes in Security Questionnaires.

Features moving out of Beta

The following features, previously available in limited beta, are now more widely available to Vendor Risk customers as part of this release:

• The ‘Monitor Vendor’ page has a new look, which enables you to efficiently manage your vendors, by allowing you to review and edit vendor information, add the vendor to portfolios, add vendor tiering and labels, and trigger a vendor relationship questionnaire when onboarding a new vendor.
• Vendor portfolios, which allow you to efficiently group monitored organizations into seperate lists for easier management. You will be able to add up to 5 portfolios as part of this release (moved to open beta for all vendor risk customers on Starter, Professional, Corporate and Enterprise plans). For help setting up and using vendor portfolios, you can visit How to use portfolios to segment your vendors.

Other improvements

• This release includes a number of bug fixes