Skip to main content

2025 Q4 Release Notes

Katie
Updated

December 3 Release

What's New

  • Maintaining Request Data Access - Moving forward, new assessment and validation requests will be approved and delivered without manual intervention when prior delivery exists for the same customer, request type, and framework (or same control cohort in a different framework). This reduces manual third party workload and accelerates customer access to data.  
  • Accept AI Answers at the Single Question Level – Users who generate AI answers with the Assessment Autofill tool can now accept them directly on the individual question page. This adds flexibility beyond the existing holistic review and bulk accept options in the Questions Review table and ensures consistent acceptance and document linkage, regardless of the method chosen.

  • Ability to Re-Confirm Existing Questionnaire Answers – Controls and metric questions with previously confirmed answers can now be re-confirmed. This ensures the existing answer is maintained while updating the ‘Answered By’ username and date for refresh purposes.

November 25 Release

What's New

  • Added support email to self-view Monitoring tab - integrationsupport@processunity.com email was added to the self-view Monitoring tab. This support email will persist on page for users to access for any questions regarding their Risk Recon or Recorded Future data.
  • Action Center tab update - Rearranged the “Complete Your Questionnaire” and “Update Your Profile” Action Center tabs by placing the questionnaire section before the update profile section. This will guide users to complete, or update, their assessment which has a greater impact on their overall Risk Index score.
  • Framework Scoring Precision and Consistency - Reviewed all the places framework and control scores are presented and ensured consistency in the decimal precision display.
    • The following scores will be presented in the following manner:
      • Overall Framework Score: whole number, no decimals
      • Group Framework Score: up to 2 decimals
      • Framework Control Score: up to 2 decimals
      • Cyber Control Score:  up to 2 decimals
    • These framework and controls scores are presented in various places:
      • Risk Profile -> Risk Navigator -> User Interface / Spreadsheet Download / PDF Download
      • Risk Navigator APIs
        • get /v2/portfolio/third-parties/{company_id}/risk-navigator/{framework_id} 
        • get /v2/portfolio/third-parties/{company_id}/risk-navigator/{framework_id}/summary
      • Portfolio Insights -> Portfolio Risk Findings -> User Interface / Spreadsheet Download
      • Portfolio Risk Findings APIs
        • get /v2/reporting/priority-third-parties/{framework_id}
        • get /v2/reporting/risk-registry-priorities/{framework_id}

November 19 Release

What's New

  • Session Based Saved Views in Tables - We’ve introduced session-based persistence for table filters to improve usability and enhance the user experience. This update ensures that any filters, column selections, search criteria, etc applied to a table remain intact for the duration of a users session (filters will reset if window/tab is closed or user has logged out).  
    • This has been applied to the following tables:  
      • Questions Review table on the Questionnaire Dashboard
      • Outstanding Requests table on the Questionnaire Dashboard
      • Controls Review table on the Risk Profile tab
      • Framework View table on Company Profile Pages
      • Document Repository

November 11 Release

What's New

  • Addition of Third Party Industry Data to Relationships Export – The export now includes the third-party relationship specific industry when available; otherwise, it shows the company’s industry. This provides a more complete view of relationship metadata in one centralized file.

 

November 5 Release

What's New

  • Transparency in platform into Assessment Autofill supported file types –  Assessment Autofill currently supports only PDF files. We’ve improved transparency by clearly communicating this limitation at relevant points in the feature workflow, so users are aware before uploading files.

  • Action Button Color Changes – Improved visibility of action buttons that can be taken by users. Action buttons (deny, approve, share, and request) are now blue buttons with white text.
  • Self-Registration Link Added to Exchange Login Page - The self-registration page is now linked within a footer on the Exchange login page for additional accessibility. 

 

 

November 3 Release

What's New

  • Risk Index: Introduction of the ProcessUnity Risk Index, a dynamic, data-driven risk rating that unifies Global Risk Exchange data components – security controls, vulnerability resiliency, perimeter scanning, and threat intelligence – to provide summarized insight into an organization’s cybersecurity risk posture.
  • Risk Domain Index: Introduction of Risk Domain Index, a dynamic, data-driven risk rating that unifies Global Risk Exchange data components – security controls and vulnerability resiliency – providing targeted insight into a specific area of an organization’s cybersecurity risk posture. Each Domain Index is independently calculated based on domain related data.
  • Risk Index Self View: A redesigned “Risk Profile” tab containing a company’s own Risk Index (L1), Risk Domain Index (L2) and a focused Cyber Controls Review (L3) view. The Cyber Controls Review table will also provide a supporting “Improve my Risk Index” quick sort for a company viewing their own Risk Profile on the Exchange
    • All companies on the Global Risk Exchange will have a Risk Index and will be able to view it when on their Risk Profile either from the “My Company” icon in the left-hand navigation or the “Manage my company profile” from the Account top right dropdown menu
    • A new field “Weakness Count” is part of the Controls Review table and shows the number of Common Weakness Enumerations related to each control. The higher the Weakness Count, the higher the weight the control score has on the Risk Index and associated Risk Domain Index
    • A new field “Improvement Rank” is part of the Controls Review table to designate attested controls that would have the biggest impact on your Risk Index if you were to improve the Control Score
      Ranking is primarily driven by lower Attested Control Scores with higher Weakness Count of related Common Weakness Enumerations. 
    • The Risk Navigator table, with the ability to view your own controls through the lens of a selected framework, has been moved from the “Risk Profile” tab to a new “Framework View” tab
  • Action Center: Introduction of a new Action Center to highlight tasks a Company can complete to influence the accuracy of their Risk Index and other Exchange scores
  • Tuned Predictive: Enhancement to our Predictive Analytics adding support for “Tuned” Predictive which refines predictive scores after a company has completed and attested to the Essential 60 Critical Controls and dramatically improves the accuracy of the predictive scores for the remaining controls
    • Predictive tuning is an extension of the existing predictive model that provides a “tuned” version of the standard predictive output. Both the standard and tuned output utilize the same foundational inputs such as firmographic data, network scans, and threat intelligence, but the tuned version also incorporates any attested (submitted) assessment answers provided by a company. 
    • These attested answers act as fixed evidence within the Bayesian network, anchoring certain variables and influencing the downstream predictions of related controls, indirectly influencing controls even further along in the network graph. 
    • These attested answers are not used to alter the model or its sampling process; instead, they are simply treated as additional inputs when generating the predictive control scores. 
      The result is a new version of predictions that reflects what the model estimates when it also considers the company’s self-reported answers, not just solely based on firmographic or external data. 
    • This enhancement was done in support of Risk Index and allowing companies to be able to greatly influence their Risk Index by only completing 60 controls

 

 

  • Control Plus Metrics “Effectiveness” Scoring: Enhancement to the Control “Effectiveness” scoring algorithm for Controls with Supporting Metrics Responses. Metrics are a scale of the Effectiveness of a Control within an environment. Effectiveness is defined as strength, coverage and timeliness.
    • Adjusted “effectiveness” scoring of a control so that completing metric questions with adequate responses should generally improve the control score over simply answering only the control, and allows companies with very good metric responses to get a control score of 100
    • Adjusted “effectiveness” scoring also ensured that the control score would not decrease to 0, even with very poor metric responses, in order to not penalize companies for completing metrics
    • Adjusted “effectiveness” scoring also ensured the weight for each metric answer option was leveraged correctly
    • Companies with adequate metric responses will see control effectiveness scores that remain constant or improve
    • This enhancement was done in support of Risk Index and allowing companies who answer metric questions and therefore show high control effectiveness to be able to drive up their Risk Index
    • Action Recommended: Companies with completed Metrics should re-attest to the Cyber Controls Questionnaire to trigger the updated scoring, which in turn will re-trigger and improve Risk Index

 

October 29 Release

What's New

  • Request Form Updates - 'Complete' default request option updated to be referred to as 'Core Plus'
  • Third Party Portfolio Requests Export - We’ve added an excel download option on the third party portfolio request page.
    • Users can now export the full portfolio in an excel format and filter within the download.  

  • New API Endpoint - Third-Party Contacts & Recipients - We’ve added a new GET endpoint in API V3:  /v3/portfolio/third-parties/{company_id}/recipients 

    • This endpoint provides a complete list of request recipients and third-party contacts for a given relationship. It also provides insights into whether or not a request recipient has had an email bounceback event.  

October 23 Release

What's New

  • Annual Assessment and Validation Cycle Enhancements - We’ve updated backend logic to ensure third-party assessments and validations align with true 12-, 24-, and 36-month review cycles, reducing delays and supporting calendar-based regulatory requirements. In order to submit for validation, a validation request must be present where auto-fulfilling the request is not possible. 
    • Key changes:
      • Early Submission Window: Third parties can now submit for validation earlier:  
        • 10 months after prior attestation for 12-month cycles
        • 22 months for 24-month cycles
        • 34 months for 36-month cycles
      • Automatic Refresh Triggers: If requested data is within 2 months of going out of recency, a refresh is required before fulfillment.
      • Backend Recency Adjustments
        • “Up to 12 months” → refresh at 10 months
        • “Up to 24 months” → refresh at 22 months
        • “Up to 36 months” → refresh at 34 months 

 

October 15 Release

What's New

  • Questions Review Table Quick Filter Updates – The following updates were made to the Questions Review table found on the Questionnaire Dashboard and the Review and Submit page:
    • The existing ‘Incomplete’ quick filter has been updated to 'Required Unanswered' to be more explicit. By clicking this chip it filters the table to only those unanswered questions that are required per a request/share. 
    • A new quick filter ‘AI Answered Yes’ has been added to support filtering only those questions with a ‘Yes’ AI derived answer.

 

October 9 Release

What’s New 

  • Guide Sheet Added to Relationship Download – Users downloading Relationship data from the Third Party Portfolio “Relationships” tab now receive an integrated guide sheet that contextualizes the data provided throughout. This enhancement provides clear instructions and context for interpreting exported data, streamlining onboarding and improving usability for all stakeholders.

 

October 8 Release

What’s New 

  • Company Email Claim Enhancement – The claim company email sent to third parties that do not yet exist on the Exchange so they can proceed with registration, now includes the name of the company attempting to claim, providing greater transparency and context during the verification process.

Resolved Issues

  • Autofill Summary Refresh Fix - The autofill card summary data did not refresh immediately after accepting AI-generated answers. The summary now updates in real time for consistency.
  • Role Management Fix - An issue was resolved where platform user managers were able to provision and de-provision account admins. They can now only modify permissions for other user roles, ensuring proper access control.

 

October 1 Release

What’s New

  • Smarter Domain Matching for Company Claims - We’ve improved the domain matching logic to help users more easily claim their company, even when their email domain differs slightly from the company’s registered domain. Previously, users could only claim a company if their email domain matched the company’s domain exactly. This strict requirement often blocked legitimate claims due to minor public suffix differences (e.g., abc.com.uk vs. abc.com). With this update:
    • We now use a public suffix list (e.g., .com, .co.uk, .com.au) to intelligently match domains.
    • This allows users with closely related domains to successfully claim their company without compromising security.

Was this article helpful?

0 out of 0 found this helpful
Return to top

Related articles