Skip to main content

2025 Q3 Release Notes

Courtney McNamara
Updated

Releases that occurred throughout the Third Quarter of 2025.

September 2025

 

September 29 Release

What’s New

  • ‘Not Applicable’ (NA) Controls Now Require External Comments - To improve the relevance and clarity of assessment data for customers, any control marked as ‘Not Applicable’ (NA) in an assessment questionnaire must now include an external comment. This comment should explain why the control does not apply to your organization.
  • System-Generated Placeholder Comments for Existing NA Controls - For existing assessments where NA controls lacked external comments, the system has inserted placeholder comments to prevent submission blocks. However, teams are encouraged to replace these placeholders with meaningful explanations that clarify why the control is not applicable to their organization.

 

September 24 Release

What’s New

  • What’s New
  • Enhanced Firmographics Page Experience – We’ve refreshed the Firmographics page within Third Party Profiles to improve usability and reduce redundancy:
    • Self-View Improvements: When viewing your own company profile, you’ll now see a streamlined form interface that allows you to update multiple fields and save changes in one go.
    • Simplified External View: When viewing another company’s profile, the layout is now simplified to reduce repetitive data and focus on key information.

  • Streamlined Validation Submission Journey – We’ve redesigned the validation submission flow to make the process clearer and more intentional for third-party users. Key updates include:

    • Clearer Button Labels: The button for beginning validation now explicitly indicates that clicking it will send your data to our assessors for review.

    • Linked Documents Scenario: When documents are linked to controls, the “Initiate Validation” button clearly communicates that a formal validation round will begin.

    • Unlinked Documents Scenario: If documents are uploaded but not linked to controls, the acknowledgment checkbox has been revised for clarity and conciseness.

    • No Documents Scenario: If no documents are uploaded, the page now features reduced copy and emphasizes the implications of proceeding without documentation—ensuring users understand the action is deliberate.

     

  • Metrics Banner Copy Update – We’ve updated the banner messaging for questionnaire requests involving metrics:
    • With Metrics: The metrics component will now auto-expand, accompanied by updated banner copy.
    • Without Metrics: The metrics component will remain collapsed, with banner messaging tailored to this view.

Screenshot 2025-09-24 at 12.51.14 PM.png

 

 

September 17 Release

What’s New

  • Bounceback Email Transparency – When a request email fails to reach a selected recipient due to a hard bounce:
    • The request form now clearly displays the bounceback.
    • The requester receives an email notification with next steps.
    • Other valid contacts at the third-party company are also notified to help resolve the issue.
Screenshot 2025-08-27 at 2.35.34 PM (1).png
  • Claim Company Link on Third Party Portfolios – For unclaimed company's with active customer requests:
    • A “Claim Company” link is now available on the respective company profile page.
    • Customers can copy and share this link with third-party contacts to expedite registration.
  • Assessment Autofill Enhancements – The following enhancements were made to this recently released feature:
    • AI Analysis card now auto-expands when results are present.
    • Info icon added next to analyzed documents to explain order precedence.
Screenshot 2025-09-10 at 12 33 10 PM

 

Resolved Issues

  • Cyber Controls Questionnaire Navigation: Users can now navigate through all critical controls during validation refreshes, even when multiple validations have occurred historically.
  • Threat Intel Score Bug: Fixed an issue where threat_intel_score was incorrectly showing as zero due to a typo in the adapter logic.

 

September 9 Release

What’s New

  • Assessment Autofill Feature Availability – The Assessment Autofill feature is now available in the Exchange. This capability enables third parties to automatically generate control responses for their assessments using uploaded documentation. The feature is designed to improve response accuracy, reduce manual effort, and accelerate assessment completion timelines.
    • Functionality
      • Third parties upload supporting documentation (e.g., policies, prior assessments) and initiates the AI tool to parse those documents to identify control responses.  
      • AI-generated responses are produced with linked references and supporting rationale.
      • Users can review and confirm responses prior to submission, which automatically links the document to the control for contextual and validation purposes.
    • Benefits
      • Significant reduction in time required to complete assessment and validation requests.
      • Improved consistency and traceability of responses.
    • Related Knowledge Base Articles 

CTA Card (3).png

 

September 4 Release

Resolved Issues

  • Evidence Request Sheet Data Generation - The Evidence Request Sheet (ERS) has been updated to ensure comprehensive control validation during initial evidence collection. This update ensures that all relevant controls are re-validated during each validation cycle, maintaining accuracy and compliance across validation efforts. Now, the ERS during initial evidence collection will include:
    • All controls previously answered as "Yes", even if they were successfully validated in the past.
    • Any controls that have not yet been answered.

 

September 3 Release

What’s New

  • Request/Share Form Updates – Simplified the user interface of the request/share form.
    • Visual simplification of form for show 3 easy steps to request/share
    • Introduction of questionnaire scope options to replace tiers for most common requests.
      • Essential - Focuses on the most essential controls necessary for standard security hygiene. (ProcessUnity Critical Cyber Risk Questionnaire)
      • Core - Covers the full set of all cybersecurity control questions to provide broad insight into a third party's risk posture. (ProcessUnity Cyber Risk Questionnaire)
      • Complete - Adds performance metrics for each control to support deeper analysis and regulatory requirements. (ProcessUnity Cyber Risk Questionnaire + Metrics)
    • More clarity on Data Available on the Exchange
    • Outstanding third party steps to provide more visibility on the impact of selections on delivery
    • Descriptions added throughout form to provide better context for selections
    • Please see knowledge base updates for more details
  • Predefined filter values now available in Risk Navigator - Users can choose from predefined values when filtering columns in Risk Navigator so that they don’t have to manually type in key words for fields that have a static set of values. this is now supported for the following columns:
    • Answer
    • Control Type
    • Max Impact
    • Finding Severity
    • Evidence Type
    • Score Basis

Resolved Issues

  • "Approval Pending" Reminder Email Displaying TP Company  - The new Approval Pending email sent to TPs with requests that are only pending approval to deliver was displaying the Third Party's name instead of the name of the requesting customer(s). This has been corrected, so the email now provides the intended visibility to which Customers have an outstanding request. 

 

August 2025

 

August 21 Release

What’s New

  • Ability to Accept Legal Agreements from on Agreements & Policies Page: Previously, users could only view legal agreements on the ‘Agreements and Policies’ page. Now users can also accept unsigned legal agreements on this page for ease-of-use purposes.

August 13 Release 

Resolved Issues

  • AIR Response Not Populating in API - For some third parties, the "auto_impact_response_value" was not populating in the API. This value informs the user the auto impact response driving the AIR, Auto Inherent Risk, calculation. This was due to several missing industry mappings in the database.
    • get /v2/portfolio/third-parties/{company_id}/impact-questionnaire

August 6 Release 

Resolved Issues

  • Metric Question Prompts Consistency - Metric question prompts (36 in total) render properly with bold font to match the text formatting as found in the questionnaire review table.  
  • Clarified Document Upload State - Small sized, singular document uploads no longer appear to be stuck in an uploading state

 

July 2025

 

July 30 Release 

What’s New

  • Expandable Page Width Throughout Platform - The platform will now be more responsive to varying window sizes and expand horizontally according to the user’s window size. This better supports the various tables on the Exchange platform that have many columns, which can now be more easily viewed by adjusting window size.
  • Optimized Questionnaire Table Filters - Updated custom filtering for Questionnaire review table for the following columns to be more user friendly and valuable: Comments, Attachments, and Validation Requested
  • Comment Delete Functionality - Previously once a comment was created for a control, it could only be edited, it could not be deleted. Now third party users can delete their own comments, which was a high priority ask directly from Third Parties in need of deleting historical comments that were no longer relevant. Users with Account Admin or Assessment Owner permissions have the ability to delete comments created by others. (PI-344)

Resolved Issues

  • Risk Domain Column Truncating – The new Risk Domain column found in the Questionnaire review table lacked proper truncating, as found across the Exchange when the name in the row exceeds the column width. This has been modified to be consistent with the existing pattern.

July 28 Release 

What’s New

  • Risk Domain Now Available in Questionnaire Table – The relevant Risk Domain per control has been added to the Questionnaire table found both on the ‘Questionnaire Dashboard’ and the ‘Review and Submit’ pages. 

Resolved Issues

  • ‘No Comment’ Filtering Optimized - Within the Questionnaire table is a Comment column that had undesired filtering functionality when specifically isolating those controls without comments. This has been corrected so that when filtering for controls with ‘No Comment’, only controls lacking comments are provided. Previously metric questions without comments were being displayed, however comments are not possible on metric questions. 

July 23 Release

What's New

  • Clarification of Various Options to Enter Questionnaire – Third party users completing the questionnaire will now see on the dashboard that the two primary methods to enter the questionnaire, being the ‘Outstanding Request and Shares’ table and the ‘GRX Risk Controls’ Table, have more contextual information to drive which path users can take, and what the benefit is of either approach. The ‘Outstanding Request and Shares’ entry point drives completing only the customer requested dataset, whereas the ‘GRX Risk Controls’ entry point is aimed at completing the entire questionnaire for completeness purposes.
  • Third Party Portfolio Relationships Download Enhancements - Additional fields added to the download along with formatting enhancements for usability. Download metadata added on a separate tab. Performance optimizations to improve download speed and ensure scalability
    • Registered: True / False indication if a third party has at least one user registered on the Exchange
    • Access in Portfolio Cyber Controls: total count of unique cyber controls the Customer is approved to view and the Third Party has attested
    • Access in Portfolio Cyber Metrics: total count of unique cyber metrics the Customer is approved to view and the Third Party has attested
  • Assessment Availability Metadata - Provides a clear way to view and differentiate what assessment data is available for a third party versus what assessment data the customer has access to view
    • Available in Exchange: When viewing a Third Party or Company profile, users will see if that company has Predictive, Attested, and Validated data on the Exchange. If the data exists, the latest update date will be displayed.  
    • Access in Portfolio: When viewing a Third Party profile, users will also see whether they have Access in Portfolio to the Predictive, Attested and Validated data on the Exchange. 

Resolved Issues

  • Incorrect Attested Controls Count in Risk Navigator Spreadsheet - The Risk Navigator Spreadsheet was incorrectly displaying the same number in the "Attested Controls" field as the "Total Referenced GRX Controls" field, located on the Risk Overview tab in the "Framework Info" section. The "Attested Controls" count has been corrected. 

July 17 Release

Resolved Issues

  • Third Party Progress API Errors - the /v2/portfolio/third-parties APIs would error when looking up a third party who opened a new cyber controls questionnaire but did not complete any questions, this has been fixed. The progress calculation for cyber controls questionnaires was also resolved.

July 16 Release

What's New

  • Separate Comment Column on Questionnaire Dashboard - The Questionnaire Dashboard table, that is also found on the Review and Submit page, has a new ‘Comment’ column that indicates whether a given control has a comment present. This allows for filterability of this table using the presence of a comment on a control. A warning icon was also added when a control answered NA is missing an external comment, in that customers often require explanation of why a control is not applicable.
  • Potential Risk Alerts Contact Email - Updated the contact email for the Monitoring -> Potential Risk Alerts widget if a user needs additional information or to dispute the data.
    • integrationsupport@processunity.com
  • “Access in Portfolio” Controls and Metrics Fractions - Backend enhancements to consolidate functions that calculate the “Access in Portfolio” Controls and Metrics. Access in Portfolio shows the assessment data that is authorized and can be accessed in a customer's portfolio. No frontend changes to the values displayed in the following locations and fields:
  • Recorded Future Third Party Info API Updates - Optional input (rf_rule_id) added to filter the returned results on a company in a third party portfolio to a specific Recorded Future rule. Also added "company_id" into the array results for each rule returned. This allows the Workflow to use the API in the daily sync to update the Rule record.
  • Common Vulnerability and Exposure API - New API endpoint to view companies in a third party portfolio potentially impacted by a CVE - Common Vulnerability and Exposure - including information about which products used by the Third Party relate to the products associated with the CVE and their weakness scores.

Resolved Issues

  • External assessor comments not being depicted in Questionnaire Dashboard table - This was fixed so that when external assessor comments are present for a control, this is clearly indicated in the table that a comment exists. 

July 9 Release

What's New

  • Company Search Relationship Status – When using company search and the company already exists in the portfolio, added text with the relationship status of ‘Active Relationship’ or ‘Archived Relationship’. In addition, if making a request on a company with an ‘Archived’ relationship status, user is notified that the company will be unarchived and updated to ‘Active’ relationship status.
  • Question Prompt on Questionnaire Dashboard – Addition of a ‘Question Prompt’ column to the Questionnaire review tables found on the Questionnaire Dashboard landing page and on the Review and Submit page. This column replaced the prior existing column titled ‘Question Name’.

Resolved Issues

  • Industry Code Mismatch – API was updated to show the industry group description of the NAICS code rather than the industry group description of the TRBC code. This aligns the API with the data and user interface in the Exchange.
    • The industry group description, portfolio_industry: {label}, will change in get /v2/portfolio/third-parties and get /v2/portfolio/third-parties/{company_id}
  • Inherent and Residual Risk Calculation Timeouts – For companies included in many Third Party Portfolios, the query to recalculate Inherent and Residual Risk was timing out. This meant that scores were either out of date or not all scores were displayed. The query was optimized and all calculations retriggered.

Was this article helpful?

0 out of 0 found this helpful
Return to top

Related articles