Changelog

A new risk level of Low-High (10) was added to fine-tune the scoring of our Assessment report questions.

The Personal Information Protection and Electronic Documents Act (PIPEDA), a Canadian data privacy and security framework was added to our Catagories library. If you want to add it to your account, please contact us at support@complyassistant.com or submit a ticket from the Knowledge Base.

The Health Industry Cybersecurity Practices (HICP) framework 2023 updates have been captured in updated Question Libraries available to our clients for Small, Medium, and Large organizations. If you want to add it to your account, please contact us at support@complyassistant.com or submit a ticket from the Knowledge Base.

Version control has been added to the Contracts and Documentation functions.

ComplyAssistant has partnered with DocuSign to bring our clients the ability to request and review signatures through ComplyAssistant’s Contracts function. For additional information on how to set up the DocuSign integration, please refer to our DocuSign Integration Setup Guide through ComplyAssistant’s Knowledge Base.

A search option has been added to the Control and Threat Libraries under Account Settings.

The Threat description now appears on Exports and the Risk Register’s main page when hovering over a Threat with a corresponding description.

An Activity Log will be populated for all Risk Register revisions. This process will occur automatically each time a Control or Threat is updated.

If a logo has been added to an account, it will appear at the top of email notifications.

An Authenticator App can now be used for ComplyAssistant’s two-factor authentication verification. Users can locate their unique QR code within their profile page.

Threat types have been added to the Dynamic Fields section of Account Settings. You will now have the ability to Add/Edit/Delete Threat types in one location.

SMS consent has been added to the User’s profile.

In recent months, NIST has changed its stance on password requirements. NIST now recommends using long passwords/passphrases instead of requiring frequent resets. Frequent password resets have been shown to be ineffective and actually make passwords less secure. A study by Microsoft found that users who were required to reset their passwords frequently were more likely to use weak passwords and reuse them across multiple accounts.

ComplyAssistant’s password requirements will be changed on June 1, 2023, to align with the latest NIST password guidance:

• The password reset requirement option will be removed
• Passwords will have a minimum of 8 characters with a maximum of 64 characters
• 1 upper case, 1 lowercase, 1 number

For additional information on NIST’s password guidelines, please view NIST 800-63B.

Labels have been added to Assessment PDF exports.

Contract types show the older versions of the Contract.

A Contract Owner filter has been added.

All Related Documents from a Document record will be copied over to the new version of a Document by default.

Previous answer columns have been added to Excel and CSV exports allowing for comparison between the assessment answerings.

Version control has been added to match the workflow of Contract Management.

Additional updates have been made to the Risk Register based on feedback from December’s 2022 Lunch and Learn. Click here to watch the recording.

A new export to PDF action button has been added to each location under Regulation Management. The detailed information entered into each rule section (for the location) will be included in a structured PDF.

The SAFER Guides Category and Question Library has been updated to the most recent version provided by HealthIT.gov. If you are interested in adding it to your account, please contact us at support@complyassistant.com or submit a ticket from the Knowledge Base.

ComplyAssistant Threats have been automatically mapped to Controls across the platform for easier set-up.

A select-all checkbox has been added to the Threats and Controls modal.

Controls and Threats have been added to the Account Settings menu. Under this menu, users have the option to upload a custom set of Controls and Threats for use in the Risk Register.

A Lunch and Learn session will be scheduled for October or November 2022. All of our client contacts will receive an invite to the webinar.

We have added the following categories to ComplyAssistant. If you are interested in adding it to your, please contact us at support@complyassistant.com or submit a ticket from the Knowledge Base.

• PCI DSS v4.0
• Requirements for States and Long Term Care Facilities, Physical environment – ASHE-K-Tag-Crosswalk
• CIS 8.0
• CMMC 2.0

The second version of ComplyAssistant’s Risk Register was released on June 1, 2022. If you are a current client and do not have access to the Risk Register, please contact support@complyassistant.com to request access. A summary of the updates is listed below:

• A console to manage Controls was added to the landing page
• The overall management of controls and threats can now be accomplished through Account Settings
• Inherent impact and likelihood were added to the Risk Register export

The incident graph now reflects all types.

Exports to PDF from the Assessment definition level now include a legend to highlight answer selections.

The third part import template Add default assessment frequencies within the third party import template.

We have added the following categories to ComplyAssistant. If you are interested in adding any of these to your account, please contact us at support@complyassistant.com or submit a ticket from the Knowledge Base.

• Operational Continuity – Cyber Incident (OCCI)

A closing status option (substantiated/unsubstantiated) has been added to all Event records.

The breach questionnaire, which was once triggered by an Event Type of Incident and a Category of HIPAA, can now be launched with an input field entitled “Potential breach” on the Event form. Select Yes to deploy the questionnaire and No to keep the questionnaire hidden.

An API to create events programmatically has been added.

The Assessment landing page will now include completions.

The Assessment landing page includes a visual representation breakdown of the location answers.

All Published assessments (regardless of the number of questions answered) are considered complete with regards to reassessment.

Customize Risk Definitions and Graph colors when creating an Assessment definition.

Ability to add default answers to survey questions, which allows for faster completion of an assessment where the same answer applies across multiple questions.

Ability to set the default assessment frequency in the third party import tool.

Display the full citation of regulations when items are related to regulation management framework sections. For example, a Document record will show the full citation not just the level attached (organization→facility→department).

A foundation to make the web application functional in a mobile web browser (responsive) has started and is coming soon.

We have added the following categories to ComplyAssistant. If you are interested in adding any of these to your account, please contact us at support@complyassistant.com or submit a ticket from the Knowledge Base.

• Federal Information Security Management Act (FISMA)
• NIST 800-53 Rev. 5
• NY Hero Act

Version one of ComplyAssistant’s Risk Register function was deployed. If you would like additional information on how to review and test this function, please contact support@complyassistant.com and/or refer to our webpage.

Assessment answering attachments have been redesigned for an improved user experience. Select the Manage Attachments icon to prompt the attachments model.

The Assessment Report’s Export Summary PDF has now includes the Assessment Description.

The Assessment Report’s full version Export to PDF now includes a Risk Level and Compliance Level section.

Group settings have been updated in the following ways:

• Limited rights and dynamic content have been moved from the user creation form to Groups
• Locations rights have been added to the user creation form and also remain in Groups

A filter for Notification Date has been added to the Events Dashboard.

The Health Information Cybersecurity Practices (HICP) Final Rule hierarchy and corresponding Question Library are now available in ComplyAssistant upon request. In addition to the HICP Question Library, ComplyAssistant’s Risk Register will include HICP’s five risks and ten best practices.

ComplyAssistant along with our partners have created an Information Blocking Decision Tree. Information Blocking will not be enforced until 2022 but investigating the rule will be vital to your organization. Please contact us at support@complyassistant.com for more information.

An option for two-factor authentication was added under Login Settings.

The Read option under Groups has been made customizable as opposed to mandatory for a selected function.

When setting up a Question Library you have the option to include a custom/reusable set of multiple choice answers. Once you submit the customized set of answers within your question, those answers will be populated within the current Question Library if multiple choice is selected again.

You have the ability to add guidance to all questions within a Question Library but, we have added the option to include checklist items for this guidance as well. To submit guidance for multiple answer choices, complete the guidance and checklist items for one answer choice, and Submit the information. You can then choose to add guidance and checklist items for another answer choice using the interface below.

Compliance level percentages have been added to assist in the breakdown of each assigned level.

When creating a Task from an Assessment report’s answer, the question number will display within the “Related to:” task field.

Reports exported to PDF will display the filters chosen at the top of the page. An example of a filtered Task list is PDF export shown below.

The Events function breach workflow has been updated to include recent additions from the OCR’s Breach Portal. You will notice several updates both within our standard fields and the Breach Questionnaire.

A Breach Status filter has been added to the Events function to easily identify Potential, Incomplete, and/or Complete Breaches.

Filter names have been added to the Events function export to PDF. All selected filters displayed at the top of the PDF.

The Substitute Notice and Media Notice options have been given a date field for increased tracking of their distribution. To enter a date, you must select “Yes” for the field to appear.

We have added the following categories to ComplyAssistant. If you are interested in adding any of these to your account, please contact us at support@complyassistant.com or submit a ticket from the Knowledge Base.

• CIS v7.1
• CMMC
• GDPR
• Mitre PRE-ATT&CK
• Mitre Enterprise
• SOC 2

SAML Single Sign-on (SSO) with user provisioning is available for all ComplyAssistant accounts. To set up your Identity Provider, select Account Settings and click the SSO option.

Assessment questions can now be answered in any order when accessed through the Assessment report.

When creating a new document, you will have the ability to add custom Document Types to your organization’s picklist.

Within Documentation, you have the ability to archive outdated documents but keep them for reference. These archived documents are notated with an icon under the Status column and can easily be located with the new Archived filter.

When creating an Event Task, Priorities can now be chosen. In the past, Event Tasks inherited the Priority of the Event.

Breach Type and Breach Location filters have been added to the Events landing page.

In addition to the standard set of Answer Types available when creating a Question Library, you now have the ability to implement a custom set of Multiple Choice answers. To create your custom set of answer choices, select the Multiple Choice answer type, and enter your answer choices on any question. Once the question is submitted, your answer options automatically populate when Multiple Choice is selected again.

We have added the following categories and question libraries to ComplyAssistant. If you are interested in adding any of these to your account, please contact us at support@complyassistant.com or submit a ticket from the Knowledge Base.

Categories:

• NIST 800-171A
• NIST 800-171r2
• NIST Privacy Framework v1.0
• COVID-19

Question Libraries:

• NIST 800-171A
• COVID-19 Hospital Preparedness Checklist – CDC
• COVID-19 Planning Checklist – HHS ASPR
• COVID-19 Readiness Checklist – PAHO
• Telehealth Security Self-Assessment

When reviewing an assessment in consecutive years, the previous years’ response will appear when clicking the history icon near the answer on the Assessment Report. This summary will include the previous answer, risk rating, and documented evidence finding.

When answering a question from the Assessment Report, all standard navigation options on the question/answer interface (Back, Skip, and Next) will be present for the user.

An Unassigned filter has been added for Evidence Documentation and Risk Level on the Assessment Report.

Walkthrough statements are shown on the Task index page when assigned from a statement on the Audit report.

Version 1.7 of ComplyAssistant Mobile is available for all users. Please update to the latest version through the App Store or Google Play if you have not already done so.

ComplyAssistant has added a Documentation Picker to areas of the software where a document can be uploaded. This upgraded functionality will allow users to upload a new document and/or select from documents that have already been uploaded.

An Admin user at the parent account level will now only need to credential into the parent account to access all sub-accounts. Select the correct URL from the parent account and the sub-account will open to the Dashboard.

The Audits function landing page will now display Audit Reports with their associated identification number and corresponding attachment total. The attachment column will also include statement images from ComplyAssistant’s mobile application.

A summary of Audit locations has been added to the Audit Report page.

All line spaces in the task description field will be respected once submitted. Previously, line spaces were negated when viewing the task outside of the edit function.

The bottom right task model has been added to all the main pages where tasks can be created.

An archive filter has been added to the Documentation function to properly search for archived files.

The Assessments question and answer interface now allows users to create Tasks associated with a question.

Add comments to the Assessments question and answer interface. These comments are then synced to their corresponding number on the Assessment report.

Compliance and risk level scores are now averaged at the non-risk manageable levels for an increased summary view.

The Compliance Level filter has been updated to highlight gaps instead of conformities.

The Sub Accounts tab on the dashboard has been updated to prioritize creating, finding, and launching accounts.

An improved sub-accounts user interface

Added ability to manage Sub-Account users and permissions (e.g. Audit Templates, Categories, Functions, Question Libraries, and Project Templates) inherited from the parent account. Users can locate this screen by selecting the Sub Account name from the landing page above.

Added deactivation of Sub-Accounts.

A filter for Event Source has been added.

A Breach Indicator has been added to the Events show page.

Close and Open Events from the Events show page as opposed to the Events Edit page.

The Assessments function has been completely refreshed to provide improved workflow for the user.

For all PCI users, we have updated PCI DSS from version 3.2 to 3.2.1. You should see this version update reflected in your account.

The Locations section of Account Settings has been enhanced to provide a better look and feel for the user. The original organizational graphics were replaced with an organizational tree for an easier view into your locations (see below).

ComplyAssistant’s visual update was accompanied by a technical one that includes the ability to Deactivate unused/closed locations. This functionality is available by selecting one of the locations from the organizational tree and choosing the Deactivate option (see below). Once a location has been Deactivated, you will no longer be able to assign items to these locations within your account but the integrity of your previous use of that location will remain intact. If you would like to reactivate a location after it has been Deactivated, follow the same process, and select the Activate option.

The Dashboard’s sub-account tab functionality has been enhanced with the ability to create new sub-accounts.

The Audit report’s dashboard has been refreshed for improved user experience.

Audit report exports to PDF have been updated to include a department column and supporting photographs. Easily identify your selected statement, department, and corresponding picture on an exportable PDF.

The Mobile application user interface has been updated to hold your previous spot in the checklist after interacting with a statement. Conformity and exception-based audits should both become more efficient.

Event types are now customizable by the user. In addition to the Complaint, Issue, and Incident event types, you can now add as many event types as your organization requires.

Picture taking capability has been added to ComplyAssistant Mobile’s functionality. Your application will utilize the camera on your mobile device to take real-time photographs once a statement has been chosen for answering. Don’t worry, no photos are stored on your mobile device after the walkthrough has been submitted to ComplyAssistant’s web application. Our second ComplyAssistant Mobile update should reduce the amount of time needed to work through your statements. Once a statement is selected, answered, and noted, ComplyAssistant will take you back to the position in your checklist where you left off, not bring you back to the top of your statement list.

Audit report exports now include departments to easily identify the final location of your findings. The Audits dashboard has been updated to include new visualizations of conformities and exceptions identified within a report.

The Event function’s Breach Questionnaire now includes a scoring system for all four Low Probability of Compromise questions. ComplyAssistant will add up your breach score for these questions and give an overall recommendation for answering the questionnaire’s final inquiry, “Taking into consideration the LOW PROBABILITY SCORE and any other important facts and circumstances surrounding the Breach, it is likely that the Breach would present a “low probability” that the PHI is or will be compromised?”

The dashboard has been completely updated with new graph styling for each function. We have recognized the need for exception management within our Dashboard graphs and completed our redesign with this in mind.

The ability to assign multiple locations to a contract is now available within Contract Management.

A “Select All” choice is now available under the Category and Sub Category filtering options.

A new version of ComplyAssistant Mobile has been released. Make sure to complete the application update on all Android and iPhone devices.

The audit report graph entitled “Findings by type” has been duplicated at the audit definition level to provide a roll-up of information across audit report findings. This graph will update when its corresponding filters are chosen.

Regulation progress indicators have been added to the regulation management graphs on the dashboard.

Regulation Management graphs have been refreshed to display the overall Risk and Compliance Level for each active Category within your account.

The landing page for Regulation Management has been updated to display all active locations within a Category. Each location graph breaks down the overall status of completion, Compliance Level, and Risk Level. To drill down further into these locations, select the location name.

In addition to the updated graphs, a new feature was added to the top right section of the Regulation Management landing page entitled, “New Regulation Management.” This new feature allows the user to start managing a new regulation without leaving the page.

Lastly, all risk ratable notation sections within each Category have been reformatted. The update should make for better user experience when documenting the various rule sections of each Category.

The Risk Management function received several updates before the end of 2018 starting with its name. Since factors other than risk are managed within the function, Risk Management was renamed Regulation Management. Along with the name change, several user interface enhancements were made including, but not limited to, the elimination of Category/Location selection, new graphs to illustrate risk/compliance level and overall Category management progress, and the redesign of Action Buttons within a Category section drill-down. Screenshots are placed below for visual reference.

Documents saved throughout the application now have the option to link with multiple Regulation Categories and sub-sections. This enhancement is most easily seen when editing an item from the Documentation function.

An Event ID number has been added to all Events within the application. The ID can be seen from the Events dashboard and when selecting an individual Event.

ComplyAssistant Mobile’s Instruction Manual is available for your reference by Clicking Here.