February 2024
Assessments
A new risk level of Low-High (10) was added to fine-tune the scoring of our Assessment report questions.
Content
The Personal Information Protection and Electronic Documents Act (PIPEDA), a Canadian data privacy and security framework was added to our Catagories library. If you want to add it to your account, please contact us at support@complyassistant.com or submit a ticket from the Knowledge Base.
The Health Industry Cybersecurity Practices (HICP) framework 2023 updates have been captured in updated Question Libraries available to our clients for Small, Medium, and Large organizations. If you want to add it to your account, please contact us at support@complyassistant.com or submit a ticket from the Knowledge Base.
Contracts and Documentation
Version control has been added to the Contracts and Documentation functions.
DocuSign
ComplyAssistant has partnered with DocuSign to bring our clients the ability to request and review signatures through ComplyAssistant’s Contracts function. For additional information on how to set up the DocuSign integration, please refer to our DocuSign Integration Setup Guide through ComplyAssistant’s Knowledge Base.
June 2023
Risk Register
A search option has been added to the Control and Threat Libraries under Account Settings.
The Threat description now appears on Exports and the Risk Register’s main page when hovering over a Threat with a corresponding description.
An Activity Log will be populated for all Risk Register revisions. This process will occur automatically each time a Control or Threat is updated.
Account Settings
If a logo has been added to an account, it will appear at the top of email notifications.
An Authenticator App can now be used for ComplyAssistant’s two-factor authentication verification. Users can locate their unique QR code within their profile page.
Threat types have been added to the Dynamic Fields section of Account Settings. You will now have the ability to Add/Edit/Delete Threat types in one location.
SMS consent has been added to the User’s profile.
Password Update
In recent months, NIST has changed its stance on password requirements. NIST now recommends using long passwords/passphrases instead of requiring frequent resets. Frequent password resets have been shown to be ineffective and actually make passwords less secure. A study by Microsoft found that users who were required to reset their passwords frequently were more likely to use weak passwords and reuse them across multiple accounts.
ComplyAssistant’s password requirements will be changed on June 1, 2023, to align with the latest NIST password guidance:
- The password reset requirement option will be removed
- Passwords will have a minimum of 8 characters with a maximum of 64 characters
- 1 upper case, 1 lowercase, 1 number
For additional information on NIST’s password guidelines, please view NIST 800-63B.
Assessments
Labels have been added to Assessment PDF exports.
Contracts
Contract types show the older versions of the Contract.
A Contract Owner filter has been added.
Documentation
All Related Documents from a Document record will be copied over to the new version of a Document by default.
February 2023
Assessments
Previous answer columns have been added to Excel and CSV exports allowing for comparison between the assessment answerings.
Documentation
Version control has been added to match the workflow of Contract Management.
Risk Register
Additional updates have been made to the Risk Register based on feedback from December’s 2022 Lunch and Learn. Click here to watch the recording.
Regulation Management
A new export to PDF action button has been added to each location under Regulation Management. The detailed information entered into each rule section (for the location) will be included in a structured PDF.
Categories
The SAFER Guides Category and Question Library has been updated to the most recent version provided by HealthIT.gov. If you are interested in adding it to your account, please contact us at support@complyassistant.com or submit a ticket from the Knowledge Base.
October 2022
Risk Register
ComplyAssistant Threats have been automatically mapped to Controls across the platform for easier set-up.
A select-all checkbox has been added to the Threats and Controls modal.
Controls and Threats have been added to the Account Settings menu. Under this menu, users have the option to upload a custom set of Controls and Threats for use in the Risk Register.
A Lunch and Learn session will be scheduled for October or November 2022. All of our client contacts will receive an invite to the webinar.
Categories
We have added the following categories to ComplyAssistant. If you are interested in adding it to your, please contact us at support@complyassistant.com or submit a ticket from the Knowledge Base.
- PCI DSS v4.0
- Requirements for States and Long Term Care Facilities, Physical environment – ASHE-K-Tag-Crosswalk
- CIS 8.0
- CMMC 2.0
June 2022
Risk Register
The second version of ComplyAssistant’s Risk Register was released on June 1, 2022. If you are a current client and do not have access to the Risk Register, please contact support@complyassistant.com to request access. A summary of the updates is listed below:
- A console to manage Controls was added to the landing page
- The overall management of controls and threats can now be accomplished through Account Settings
- Inherent impact and likelihood were added to the Risk Register export
Events
The incident graph now reflects all types.
Assessments
Exports to PDF from the Assessment definition level now include a legend to highlight answer selections.
Third Parties and Contacts
The third part import template Add default assessment frequencies within the third party import template.
Categories
We have added the following categories to ComplyAssistant. If you are interested in adding any of these to your account, please contact us at support@complyassistant.com or submit a ticket from the Knowledge Base.
- Operational Continuity – Cyber Incident (OCCI)
February 2022
Risk Register
A closing status option (substantiated/unsubstantiated) has been added to all Event records.
The breach questionnaire, which was once triggered by an Event Type of Incident and a Category of HIPAA, can now be launched with an input field entitled “Potential breach” on the Event form. Select Yes to deploy the questionnaire and No to keep the questionnaire hidden.
Events API
An API to create events programmatically has been added.
Assessments
The Assessment landing page will now include completions.
The Assessment landing page includes a visual representation breakdown of the location answers.
All Published assessments (regardless of the number of questions answered) are considered complete with regards to reassessment.
Customize Risk Definitions and Graph colors when creating an Assessment definition.
Question Libraries
Ability to add default answers to survey questions, which allows for faster completion of an assessment where the same answer applies across multiple questions.
Third Parties and Contacts
Ability to set the default assessment frequency in the third party import tool.
Regulation Management
Display the full citation of regulations when items are related to regulation management framework sections. For example, a Document record will show the full citation not just the level attached (organization→facility→department).
Mobile Web Application
A foundation to make the web application functional in a mobile web browser (responsive) has started and is coming soon.
Categories
We have added the following categories to ComplyAssistant. If you are interested in adding any of these to your account, please contact us at support@complyassistant.com or submit a ticket from the Knowledge Base.
- Federal Information Security Management Act (FISMA)
- NIST 800-53 Rev. 5
- NY Hero Act
May 2021
Risk Register
Version one of ComplyAssistant’s Risk Register function was deployed. If you would like additional information on how to review and test this function, please contact support@complyassistant.com and/or refer to our webpage.
Assessments
Assessment answering attachments have been redesigned for an improved user experience. Select the Manage Attachments icon to prompt the attachments model.
The Assessment Report’s Export Summary PDF has now includes the Assessment Description.
The Assessment Report’s full version Export to PDF now includes a Risk Level and Compliance Level section.
Account Settings
Group settings have been updated in the following ways:
- Limited rights and dynamic content have been moved from the user creation form to Groups
- Locations rights have been added to the user creation form and also remain in Groups
Events
A filter for Notification Date has been added to the Events Dashboard.
Regulatory Content
The Health Information Cybersecurity Practices (HICP) Final Rule hierarchy and corresponding Question Library are now available in ComplyAssistant upon request. In addition to the HICP Question Library, ComplyAssistant’s Risk Register will include HICP’s five risks and ten best practices.
ComplyAssistant along with our partners have created an Information Blocking Decision Tree. Information Blocking will not be enforced until 2022 but investigating the rule will be vital to your organization. Please contact us at support@complyassistant.com for more information.
November 2020
Login Settings
An option for two-factor authentication was added under Login Settings.
Groups
The Read option under Groups has been made customizable as opposed to mandatory for a selected function.
Question Libraries
When setting up a Question Library you have the option to include a custom/reusable set of multiple choice answers. Once you submit the customized set of answers within your question, those answers will be populated within the current Question Library if multiple choice is selected again.
You have the ability to add guidance to all questions within a Question Library but, we have added the option to include checklist items for this guidance as well. To submit guidance for multiple answer choices, complete the guidance and checklist items for one answer choice, and Submit the information. You can then choose to add guidance and checklist items for another answer choice using the interface below.
Categories
Compliance level percentages have been added to assist in the breakdown of each assigned level.
Assessments
When creating a Task from an Assessment report’s answer, the question number will display within the “Related to:” task field.
PDF Exports
Reports exported to PDF will display the filters chosen at the top of the page. An example of a filtered Task list is PDF export shown below.
May 2020
Events
The Events function breach workflow has been updated to include recent additions from the OCR’s Breach Portal. You will notice several updates both within our standard fields and the Breach Questionnaire.
A Breach Status filter has been added to the Events function to easily identify Potential, Incomplete, and/or Complete Breaches.
Filter names have been added to the Events function export to PDF. All selected filters displayed at the top of the PDF.
The Substitute Notice and Media Notice options have been given a date field for increased tracking of their distribution. To enter a date, you must select “Yes” for the field to appear.
Categories
We have added the following categories to ComplyAssistant. If you are interested in adding any of these to your account, please contact us at support@complyassistant.com or submit a ticket from the Knowledge Base.
- CIS v7.1
- CMMC
- GDPR
- Mitre PRE-ATT&CK
- Mitre Enterprise
- SOC 2
April 2020
Account Settings
SAML Single Sign-on (SSO) with user provisioning is available for all ComplyAssistant accounts. To set up your Identity Provider, select Account Settings and click the SSO option.
Assessments
Assessment questions can now be answered in any order when accessed through the Assessment report.
Documentation
When creating a new document, you will have the ability to add custom Document Types to your organization’s picklist.
Within Documentation, you have the ability to archive outdated documents but keep them for reference. These archived documents are notated with an icon under the Status column and can easily be located with the new Archived filter.
Events
When creating an Event Task, Priorities can now be chosen. In the past, Event Tasks inherited the Priority of the Event
Breach Type and Breach Location filters have been added to the Events landing page.
Question Libraries
In addition to the standard set of Answer Types available when creating a Question Library, you now have the ability to implement a custom set of Multiple Choice answers. To create your custom set of answer choices, select the Multiple Choice answer type, and enter your answer choices on any question. Once the question is submitted, your answer options automatically populate when Multiple Choice is selected again.
March 2020
Categories & Libraries
We have added the following categories and question libraries to ComplyAssistant. If you are interested in adding any of these to your account, please contact us at support@complyassistant.com or submit a ticket from the Knowledge Base.
Categories:
- NIST 800-171A
- NIST 800-171r2
- NIST Privacy Framework v1.0
- COVID-19
Question Libraries:
- NIST 800-171A
- COVID-19 Hospital Preparedness Checklist – CDC
- COVID-19 Planning Checklist – HHS ASPR
- COVID-19 Readiness Checklist – PAHO
- Telehealth Security Self-Assessment
Assessments
When reviewing an assessment in consecutive years, the previous years’ response will appear when clicking the history icon near the answer on the Assessment Report. This summary will include the previous answer, risk rating, and documented evidence finding.
When answering a question from the Assessment Report, all standard navigation options on the question/answer interface (Back, Skip, and Next) will be present for the user.
An Unassigned filter has been added for Evidence Documentation and Risk Level on the Assessment Report.
Audits
Walkthrough statements are shown on the Task index page when assigned from a statement on the Audit report.
ComplyAssistant Mobile
Version 1.7 of ComplyAssistant Mobile is available for all users. Please update to the latest version through the App Store or Google Play if you have not already done so.
Documentation
Sub Accounts
An Admin user at the parent account level will now only need to credential into the parent account to access all sub-accounts. Select the correct URL from the parent account and the sub-account will open to the Dashboard.
2019 End of Year Summary
Audits
The Audits function landing page will now display Audit Reports with their associated identification number and corresponding attachment total. The attachment column will also include statement images from ComplyAssistant’s mobile application.
Tasks
All line spaces in the task description field will be respected once submitted. Previously, line spaces were negated when viewing the task outside of the edit function.
The bottom right task model has been added to all the main pages where tasks can be created.
Documentation
An archive filter has been added to the Documentation function to properly search for archived files.
Assessments
The Assessments question and answer interface now allows users to create Tasks associated with a question.
Add comments to the Assessments question and answer interface. These comments are then synced to their corresponding number on the Assessment report.
Regulation Management
Compliance and risk level scores are now averaged at the non-risk manageable levels for an increased summary view.
The Compliance Level filter has been updated to highlight gaps instead of conformities.
Dashboard
The Sub Accounts tab on the dashboard has been updated to prioritize creating, finding, and launching accounts.
Account Settings
An improved sub-accounts user interface
Added deactivation of Sub-Accounts.
Events
A filter for Event Source has been added.
Close and Open Events from the Events show page as opposed to the Events Edit page.
July 2019
Assessments
The Assessments function has been completely refreshed to provide improved workflow for the user.
Content
For all PCI users, we have updated PCI DSS from version 3.2 to 3.2.1. You should see this version update reflected in your account.
Account Settings
The Locations section of Account Settings has been enhanced to provide a better look and feel for the user. The original organizational graphics were replaced with an organizational tree for an easier view into your locations (see below).
ComplyAssistant’s visual update was accompanied by a technical one that includes the ability to Deactivate unused/closed locations. This functionality is available by selecting one of the locations from the organizational tree and choosing the Deactivate option (see below). Once a location has been Deactivated, you will no longer be able to assign items to these locations within your account but the integrity of your previous use of that location will remain intact. If you would like to reactivate a location after it has been Deactivated, follow the same process, and select the Activate option.
June 2019
Dashboard
The Dashboard’s sub-account tab functionality has been enhanced with the ability to create new sub-accounts.
Audits / ComplyAssistant Mobile
The Audit report’s dashboard has been refreshed for improved user experience.
Audit report exports to PDF have been updated to include a department column and supporting photographs. Easily identify your selected statement, department, and corresponding picture on an exportable PDF.
The Mobile application user interface has been updated to hold your previous spot in the checklist after interacting with a statement. Conformity and exception-based audits should both become more efficient.
Events
Event types are now customizable by the user. In addition to the Complaint, Issue, and Incident event types, you can now add as many event types as your organization requires.
April 2019
Audits / ComplyAssistant Mobile
Picture taking capability has been added to ComplyAssistant Mobile’s functionality. Your application will utilize the camera on your mobile device to take real-time photographs once a statement has been chosen for answering. Don’t worry, no photos are stored on your mobile device after the walkthrough has been submitted to ComplyAssistant’s web application. Our second ComplyAssistant Mobile update should reduce the amount of time needed to work through your statements. Once a statement is selected, answered, and noted, ComplyAssistant will take you back to the position in your checklist where you left off, not bring you back to the top of your statement list.
Audit report exports now include departments to easily identify the final location of your findings. The Audits dashboard has been updated to include new visualizations of conformities and exceptions identified within a report.
Events
The Event function’s Breach Questionnaire now includes a scoring system for all four Low Probability of Compromise questions. ComplyAssistant will add up your breach score for these questions and give an overall recommendation for answering the questionnaire’s final inquiry, “Taking into consideration the LOW PROBABILITY SCORE and any other important facts and circumstances surrounding the Breach, it is likely that the Breach would present a “low probability” that the PHI is or will be compromised?”
March 2019
Dashboard
The dashboard has been completely updated with new graph styling for each function. We have recognized the need for exception management within our Dashboard graphs and completed our redesign with this in mind.
Contract Management
The ability to assign multiple locations to a contract is now available within Contract Management.
Filtering
A “Select All” choice is now available under the Category and Sub Category filtering options.
Audits / ComplyAssistant Mobile
A new version of ComplyAssistant Mobile has been released. Make sure to complete the application update on all Android and iPhone devices.
The audit report graph entitled “Findings by type” has been duplicated at the audit definition level to provide a roll-up of information across audit report findings. This graph will update when its corresponding filters are chosen.
Regulation Management
Regulation progress indicators have been added to the regulation management graphs on the dashboard.
February 2019
Dashboard
Regulation Management graphs have been refreshed to display the overall Risk and Compliance Level for each active Category within your account.
Regulation Management
The landing page for Regulation Management has been updated to display all active locations within a Category. Each location graph breaks down the overall status of completion, Compliance Level, and Risk Level. To drill down further into these locations, select the location name.
In addition to the updated graphs, a new feature was added to the top right section of the Regulation Management landing page entitled, “New Regulation Management.” This new feature allows the user to start managing a new regulation without leaving the page.
Lastly, all risk ratable notation sections within each Category have been reformatted. The update should make for better user experience when documenting the various rule sections of each Category.
January 2019
Regulation Management
The Risk Management function received several updates before the end of 2018 starting with its name. Since factors other than risk are managed within the function, Risk Management was renamed Regulation Management. Along with the name change, several user interface enhancements were made including, but not limited to, the elimination of Category/Location selection, new graphs to illustrate risk/compliance level and overall Category management progress, and the redesign of Action Buttons within a Category section drill-down. Screenshots are placed below for visual reference.
Documentation
Documents saved throughout the application now have the option to link with multiple Regulation Categories and sub-sections. This enhancement is most easily seen when editing an item from the Documentation function.
Events
An Event ID number has been added to all Events within the application. The ID can be seen from the Events dashboard and when selecting an individual Event.
Audits / ComplyAssistant Mobile
ComplyAssistant Mobile’s Instruction Manual is available for your reference by Clicking Here.
