Product changelog · Updated regularly

What's new.

A chronological record of new features, improvements, security updates, and fixes shipped to Infosec Tools.

May 2026 17 entries
24 May New

Privacy & GDPR module

New Privacy & GDPR module — a single area for everything GDPR your organisation has to manage: Impact Assessments, Records of Processing, personal data breaches and data-subject requests. Each artefact gets a structured review covering scope, lawful basis, data categories and safeguards, signed off by the people accountable for it. Designed to demonstrate, at audit time, that the full scope of GDPR obligations is being managed in one place, with an immutable trail for the supervisory authority. Aligned with ISO/IEC 27001 A.5.34 (Privacy and protection of PII), A.5.24 and A.5.26 (Information security incident management).

24 May Improved

Project security management enhancement

Enhanced the existing Project Management module to support information security throughout the project lifecycle, ensuring that security requirements are identified, assessed, approved and monitored from project initiation to delivery. The enhancement introduces structured security governance within projects, helping organisations demonstrate that information security is consistently integrated into project activities and decision-making processes. Designed to support compliance with ISO/IEC 27001 control A.5.8 (Information security in project management), while also supporting secure application and development practices where applicable.

19 May New

Development Reviews module

New Development Reviews module — a dedicated place to record the security review of every in-house development task. Each task gets a structured review covering secure coding, access and authorisation, logging and traceability, and testing, signed off by the people accountable for it. Designed to demonstrate, at audit time, that the security posture of every change to the team's code has been assessed, approved, and kept on file. Aligned with ISO/IEC 27001 A.8.26 (Application security requirements) and A.8.28 (Secure coding).

18 May New

Application Reviews module

New Application Reviews module — a dedicated place to record the security review of every application your organisation acquires or operates. Each application gets a structured review covering security requirements, access and data, secure coding and operation, signed off by the people accountable for it. Designed to demonstrate, at audit time, that the security posture of every application in your scope has been assessed, approved, and kept on file. Aligned with ISO/IEC 27001 A.8.26 (Application security requirements) and A.8.28 (Secure coding).

17 May New

A new Governance area lists the COBIT processes

Your organisation can now adopt COBIT processes within its ISMS. A new Governance area presents every process end-to-end and exports each one as a PDF for an audit pack.

16 May New

Procedures module

A dedicated Procedures module is now available alongside Policies, sharing the same structured authoring experience but carrying its own lifecycle — drafting, approval, acknowledgement and reminders — so operating procedures live as first-class documents rather than annexes of policies. Aligned with ISO/IEC 27001 A.5.37 (Documented operating procedures).

16 May Improved

User manuals for Policies and Procedures

Two new in-app user manuals — one for Policies, one for Procedures — guide authors through the concepts, the authoring workflow and the approval and acknowledgement flows, with a one-click PDF export ready to attach as evidence of staff awareness in ISO/IEC 27001 audits.

14 May Improved

Risk exposure heat map on the dashboard

A new 5×5 heat map on the dashboard shows how risks are distributed across likelihood and impact, with bubble size proportional to volume and colour coded by severity. Clicking a cell drills through to the matching risks, so attention is directed to the corners that need it most. Supports ISO/IEC 27001 6.1.2 (Information security risk assessment) and the day-to-day prioritisation work it implies.

13 May Improved

In-app user manuals across critical modules

Risk Management, Business Continuity (BIA), Joiner-Mover-Leaver, Privileged Access, Asset Inventory and Security Exceptions now ship with a built-in user manual and one-click PDF export. Manual views are recorded in the audit log, so they can be attached as evidence of staff awareness in audits and certifications.

13 May Improved

Tenant-configurable brand palette

Each workspace can now adopt a custom brand colour from an 8-swatch palette, with a per-tenant default set in Application Settings. The selection propagates consistently across components — buttons, badges, charts, pagination, links and form controls — so partners and resellers can present Infosec Tools in their own visual identity.

13 May Security

Auditable email pipeline

Every outbound message — including authentication codes and scheduled reports — now passes through a central, append-only audit log, ensuring end-to-end traceability of platform communications.

12 May Improved

User absence and obligation pausing

Users can now be flagged as absent from a configurable catalogue of reasons — parental leave, sick leave, sabbatical and other long-form absences. While the user is absent, recurring obligations such as policy acknowledgements, training reminders and periodic reviews are paused automatically, and the absence history is preserved for auditable continuity. Aligned with ISO/IEC 27001 A.6.5 (Responsibilities after termination or change of employment) in spirit.

10 May New

Privileged Access management

A dedicated lifecycle module for privileged accounts — request, multi-step approval, periodic review and automatic revocation when access overstays its approved period. Aligned with ISO/IEC 27001 A.5.18 (Access rights) and A.8.2 (Privileged access rights).

10 May New

Asset inventory

A configurable asset inventory with dynamic asset types, extensible custom fields, warranty-expiry reminders and a dashboard with category and value breakdowns. Aligned with ISO/IEC 27001 A.5.9 (Inventory of information and other associated assets) and A.5.10 (Acceptable use of information and other associated assets).

10 May New

Joiner-Mover-Leaver (JML) module

An automated lifecycle module for staff onboarding, role changes and offboarding — configurable task templates per case type, scheduled reminders, dashboard alerts for open and overdue tasks, and a built-in user manual. Aligned with ISO/IEC 27001 A.5.16 (Identity management) and A.6.6 (Confidentiality or non-disclosure agreements).

9 May Compliance

Tamper-evident versioning for Risk Assessment and Statement of Applicability

Each Risk Assessment and Statement of Applicability release is now captured as an immutable snapshot, encrypted at rest and recorded with cryptographic integrity verification. Supports controls A.5.31 and A.8.34 of ISO/IEC 27001 by providing tamper-evident evidence of the organisation's position at any point in time.

9 May New

Business Continuity (BIA) module

Business Impact Analysis aligned with ISO 22301 — configurable catalogues for processes, dependencies and impact criteria; per-asset assessments capturing RTO and RPO; drill-down reports; and a built-in user manual.

April 2026 6 entries
17 Apr Improved

User impersonation (Test as user)

Authorised operators can temporarily simulate another user's session for testing and support purposes, without altering that user's profile. Every action performed during the simulation is recorded under both identities, ensuring full audit traceability. Aligned with ISO/IEC 27001 A.5.16 (Identity management), A.8.15 (Logging) and A.8.34 (Protection of information systems during audit testing). The simulation expires automatically after inactivity.

15 Apr Security

Multi-factor authentication (TOTP)

Multi-factor authentication using Time-based One-Time Passwords (TOTP) through mobile authenticator apps. Aligned with ISO/IEC 27001 A.8.5 (Secure authentication).

15 Apr Compliance

Right to erasure (GDPR Art. 17)

Right-to-erasure (GDPR Art. 17 / Lei 58/2019) requests are now managed end-to-end — registration, traceability and resolution — through anonymisation of personal data and permanent account deactivation, while preserving the audit history required for accountability.

10 Apr New

Training and awareness module

A training and awareness module for planning, assigning and tracking information security activities — video and document content, certificate issuance, and per-user progress tracking. Aligned with ISO/IEC 27001 A.6.3 (Information security awareness, education and training).

6 Apr New

Security Exceptions module

A formal Security Exceptions module for documented deviations from policies, controls and compliance obligations — each exception captures business justification, compensating controls and a risk assessment, runs through a configurable multi-step approval chain, and is tracked through its effective period with automatic expiry reminders and renewal support.

4 Apr Improved

Configurable email notifications

Email notifications across the platform are managed from a single configuration area, with per-event content customisation and a built-in test-send capability, enabling consistent communication with users across every module.

Want a guided tour?

Request a demo and we'll walk you through the latest features.