JustProtect Blog

Version 3.2

Apr 18, 2020 8:00:00 AM / by Jamie Aquila

The JustProtect Version 3.2 release expands on how businesses are organized and how assessments are distributed. With unlimited internal nested business units, custom user groups, and detailed assessment assignments, companies of any size and complexity can make their assessment process a breeze.

JustProtect has been working tirelessly since 2017 to create the simplest and most efficient solution to regulatory compliance and risk assessments. Through hard work, and collaboration with our clients, we are proud to introduce the latest and most advanced version of our platform. Learn just how easy compliance assessments can be with JustProtect!

Here's just some of what's new:


Internal Business Units:

  • If you have segmented your business with multiple departments operating as their own business units, you can now manage them as if they are their own entity.
  • Cross-assess between business units and departments to improve your audit readiness. Ensure that your business units comply with each other’s requirements.
  • If you are a consultant or V-CISO, you can now manage your entire client portfolio using a single login.

Screen Shot 2020-05-01 at 1.16.39 PM

 


 

Monitor your relationships with Third Parties

  • JustProtect’s new Relationship Mapping feature allows for a more in-depth configuration between organizations and within business units.
  • You can now see companies that have you listed as one of their 3rd parties and can choose to create reciprocating relationships.
  • Each unit can have multiple relationships, both incoming and outgoing.

Screen Shot 2020-05-01 at 1.22.07 PM

 


 

Handle the most complex assessments.

  • With our new Template Mapping feature, you’re able to easily import and use large spreadsheet-based assessments.
  • Use our Categorization Hierarchy to organize different domains and controls into sections within the same assessment.
  • You can now Segment your Categories or Questions so that they can be allocated and assigned to specific user groups or individual users.

Screen Shot 2020-05-01 at 1.24.03 PM

 


 

Dynamic User Groups

  • Create, edit and manage as many user groups as required to organize your assessment workflow.
  • Manage your departments and subject matter experts so that the right people are answering the right questions.
  • Assign users to as many groups as necessary to facilitate their real business function.

Screen Shot 2020-05-01 at 1.25.36 PM

 


 

Manage your incoming workflow

  • You can See Incoming Assessments for individual business units.
  • Review the Questions, assign users or user groups, and distribute accordingly. Get the questions to the right people quicker so that you can see results faster.

Screen Shot 2020-05-01 at 1.27.21 PM

Details

Business Unit Overhaul

  • All Business Unit Data has been rewritten.

  • All terminologies surrounding Business Entities, Units, SubUnits and Nested Entities is now singularly referred to as a Business Unit

  • Business Units can be nested to form Organizations.

    • Organizations is a speaking term and is not part of the system

    • The highest-level Business Unit ID is referred to as the Organization ID

  • Business Unit Relationships are now many to many.

    • Company A can have multiple relationships with Company B (Vendor/Partner for example)

    • Company A can have relations with Companies B, C, and D.

    • Companies A, B, and C can have relations with Company D.

    • Business Unit Relationships have standard Categories:

      • Vendors

      • Customers

      • Partners

    • Relationships are two way non-reciprocating, meaning they work like Twitter Followers: 

      • Company A can list Company B as its Vendor. Company B has the option to list Company A as a Customer, but doesn’t have to.

    • A company can see all of its Third Parties like normal, but will now have an additional page to see Companies that have listed them in their third parties, with one-click options to reciprocate the relationship

      • Again, think Twitter Followers.

    • Admins of a Business Unit can remove an established Relationship.

    • New filtering options in the Third Party listings, such as sorting by Last Assessment Sent

  • It is no longer required to add a User to a third party when creating one.

    • This aids in the ability to import legacy assessments

    • This negates blockers during setup processes.

  • Users have the option on adding multiple users to a third party that’s Unclaimed

    • An Unclaimed Business Unit is a Business Unit with no active users, including when all users are in an invite status.

    • By default, all users in an Unclaimed Business Unit:

      • Are Public (more on this below)

      • Belong to the Admin User Group

    • Once any invited user claims a Business Unit, and new users added to the business unit are Private.

Users and Groups Overhaul

  • User Groups

    • Dynamic User Groups replaces the static Roles in the system

    • Business units can create as many User Groups as they wish

      • Combined with nested Business Units, this gives complete custom control to mange any style of organization

      • By design, it will be common to see a business unit per location and User Groups per department

      • In some cases, I can also see creating a Business Unit per department, depending on the size and scope of the enterprise.

    • By Default, we give each Business Unit 6 User Groups to start:

      • Administrators (Static)

      • Operations

      • IT

      • HR

      • Sales

      • Marketing

    • We can modify these defaults on the fly for new businesses.

    • Users set up these groups at the same place where they would normally set up Roles.

    • This schema is based largely on SAML

  • Users

    • User Data has been moving over to Auth0 in the past few releases.

    • All User Meta will live outside out platform

    • Improved interfaces for listing users

    • New detailed User view

    • Title/Occupation are now supplied from ONET

    • Users have a Public/Private option

      • Public

        • When adding an existing Third Party to the system, these users are listed as points of contact for the organization. They can be assigned Assessments.

      • Private

        • These users are hidden from third parties, but are utilized elsewhere internally.



Assessment Data Overhaul

  • All assessment tables have be rewritten and migrated.

  • All existing fields have been converted to meta and are 100% dynamic.

  • Assessment fields have grown, and are now categorized:

    • Identifiers

      • IDs supplied by the import

      • External ID

    • Categories

      • The means to group one or more questions

      • Category

      • Sub-Category

      • Domain

      • Control

      • Capability

    • Information

      • Fields related to supporting information shown when the question is shown

      • Background

      • Clarification

      • Example

      • Note

      • Info

      • Information

      • Reference

      • Warning

    • Flags

      • Settings per question

      • Require Attachment

      • Require Information

    • Question Data

      • The guts of the Assessment

      • Question (required)

      • Question Type (required)

      • Default Answer

      • Answer Choices (Still one per line)

  • A new Template is available with dynamic headers and increased validation

  • Navigation for Assessments has introduced a new menu Item: Incoming Assessments

    • Incoming Assessments are assessments sent from a third party to yours.

    • My Assigned Assessments will now be assessments assigned to you.

  • Assessment Level Assignee

    • Assessments as a whole can now be assigned to an individual unrelated to the questions in the assessment and does not require a question to be assigned to them.

    • A (very) common use case for Assessment Level Assignees are the sales people that receive the assessments. The Sales person remains the Assessment Level Assignee as it’s his or her responsibility to release the assessment back to the originating source of the assessment regardless if the Sales person is assigned any questions or not.

  • Assessment Question Assignees

    • The assessment creator no longer established which Groups (formerly Roles) should answer questions. This is up to the Business Unit it’s assigned to.

    • Upon receiving a new assessment, should the Assessment contain any Categories, the Assessment Level Assignee chooses which group should answer which set of questions

      • This paves the way for both Machine Learning as well as OSCAL to suggest User Groups per Category (Domain)

    • In 3.2, we will temporarily show the questions as well so that the user may also assign questions at the question level before beginning. 

      • This will immediately change to an assessment-level option on the senders side to choose whether or not they require the questions hidden in what we will call “Force Linear Navigation”

    • Assessment Question Assignees can be one or more Users, one or more User Groups, or a mix of both

      • Any user with privileges can answer that question.

      • The single person that answered the question is the Answerer

  • Users will have the ability to upload and begin a third party assessment without having to invite the third party to the platform.

Ticket Reference

Large Topics

  • [JP-1287] - User Group Management

  • [JP-1509] - Business Unit Data Cleanup, Simplification, and Expansion

  • [JP-1713] - Business Unit Relationships

  • [JP-1714] - User Data Cleanup, Simplification, and Expansion

  • [JP-1715] - Assessment Data Cleanup, Simplification, and Expansion

  • [JP-1799] - Database Refactoring

  • [JP-1900] - Assessment Level Owner

 

New Features

  • [JP-1305] - The ability to dynamically manage business unit attributes

  • [JP-1572] - The ability to assign multiple users/user groups to an assessment question

  • [JP-1574] - The ability to categorize questions on an assessment

  • [JP-1576] - Use ONET as position title lookup for users

  • [JP-1620] - The ability to see Incoming Assessments for a Business Unit

Improvements

  • [JP-1251] - Redesign the 3rd Party listing system, move to grid layout

  • [JP-1405] - Vendor and Customer List Redesign

  • [JP-1568] - User should be able to upload assessment result for not completed BU, and it's added by him

  • [JP-1635] - Improve the design of the User List screen

  • [JP-1648] - Alter template to support Meta columns

  • [JP-1744] - Move "Save & Exit" button up to the Page Title on the Assessment Answer page

  • [JP-1764] - Frontend components centralization

  • [JP-1768] - Upgrade to .Net core 3.0

  • [JP-1778] - Update the email template for invitation to adapt user group name

  • [JP-1917] - Migrate old user metadata

  • [JP-1918] - send email invitation upon user creation

Stories

  • [JP-1252] - New Third Party information page

  • [JP-1254] - The User should be able to archive a 3rd party

  • [JP-1452] - User should be able to establish a relationship with other Business Units

  • [JP-1504] - The ability to store dynamic Business Unit metadata

  • [JP-1575] - Simplify the Assessment Template Import xls 

  • [JP-1606] - User should be able to edit Business Unit information

  • [JP-1615] - The ability to sort all third parties based on last assessment sent

  • [JP-1617] - The ability to begin a received assessment and set it's source as a Third Party

  • [JP-1626] - The ability to assign one or more Users/User Groups to an Assessment Question Grouping

  • [JP-1634] - Manage user profile details on Auth0

  • [JP-1649] - The ability to add a third party without adding a contact

  • [JP-1650] - The ability to create/modify User Groups in Welcome Wizard

  • [JP-1663] - The ability to switch between Business Units

  • [JP-1667] - The ability to manage contacts for BU

  • [JP-1672] - The ability to see which Businesses are connected to mine

  • [JP-1676] - User should be able to create UserGroup

  • [JP-1679] - User should be able to modify UserGroup

  • [JP-1682] - User should be able to archive UserGroup

  • [JP-1691] - User should be able to update company's Relationship settings

  • [JP-1692] - User should be see list of established relationships

  • [JP-1693] - User should be able to delete relationship

  • [JP-1694] - User should be able to send assessment to their related companies

  • [JP-1699] - User should be able to modify relationship type

  • [JP-1706] - User should be able to add user to UserGroup

  • [JP-1709] - User should be able to remove user from UserGroup

  • [JP-1773] - Separate user creation process from business units

  • [JP-1807] - User should be able to see list of existing groups

  • [JP-1811] - User should be able to see list of existing users inside user group

  • [JP-1878] - The ability to have a note or instruction on an individual assessment question

  • [JP-1880] - The ability to assign an Assessment to an individual

  • [JP-1901] - The ability to adjust Public visibility setting per user

  • [JP-1919] - Ability to attach business unit relationship metadata

  • [JP-1969] - Ability to view and edit user profile details

Task

  • [JP-1404] - assessment group management redesign

  • [JP-1409] - Unify lookup

  • [JP-1625] - Establish Assessment Question Groups

  • [JP-1627] - Establish Assessment Question & Template Question Meta

  • [JP-1666] - Only users of the User Group "Administrators" have the ability to add users to a Business Unit

  • [JP-1668] - Prevent users from adding/altering users of a third party when at least one member is active

  • [JP-1671] - API to return all BUs associated with a user, including hierarchy 

  • [JP-1728] - Have the percentages on Suggested Response color coded to the system Heat scale colors

  • [JP-1729] - Install User Group Event Tracking

  • [JP-1730] - Install Business Unit Event Tracking

  • [JP-1731] - Install Business Unit Relationship Event Tracking

  • [JP-1732] - Install/Check Assessment Tracking

  • [JP-1733] - Install Assessment Group Event Tracking

  • [JP-1734] - Install/Check User Event Tracking

  • [JP-1800] - API refactoring

  • [JP-1801] - Front End refactoring

  • [JP-1805] - Manage User-BU link in a single place

  • [JP-1814] - Implement Auth0 users caching 

Interface

  • [JP-1677] - Create User Group UI

  • [JP-1680] - Create UI to modify user group

  • [JP-1683] - Add UI to archive user group

  • [JP-1685] - Create UI for archive 3rd party

  • [JP-1687] - Create UI for sending relation to new company or selecting existing one

  • [JP-1695] - Create UI for listing data

  • [JP-1696] - Create UI for filtering data, based on status and type

  • [JP-1698] - Rename Business to Business Units

  • [JP-1700] - Create UI for removing the relationship

  • [JP-1702] - Update current external assessment UI

  • [JP-1704] - Create UI for modifying relationship type

  • [JP-1707] - Create UI to Add existing / new user to UserGroup

  • [JP-1710] - Create UI to remove user from UserGroup

  • [JP-1719] - User Information Screen

  • [JP-1720] - User Edit Screen or Modal

  • [JP-1721] - Upgrade Third Party List View

  • [JP-1722] - Establish Third Party View

  • [JP-1723] - Upgrade Third Party Create/Edit Modal

  • [JP-1742] - Ensure the "Reassign Question" button is always available.

  • [JP-1743] - Improve the design of the Reassign Question button & popup

  • [JP-1771] - Load business units and preview on side menu

  • [JP-1772] - Implement change business unit and refresh side view.

  • [JP-1777] - Update wizard to show the invitation details from business unit and update user status

  • [JP-1781] - Manage group list

  • [JP-1782] - Manage users list

  • [JP-1808] - Group list view

  • [JP-1816] - Company profile view

  • [JP-1819] - Display list of pending invitations UI

  • [JP-1820] - Add button on the top to accept/reject all selected UI

  • [JP-1822] - Get list of assessment templates

  • [JP-1839] - List contacts of BU

  • [JP-1840] - Add new contact to BU

  • [JP-1842] - Remove contact

  • [JP-1844] - Prevent changes for BU contacts

  • [JP-1846] - Design list of all users 

  • [JP-1855] - Modify company profile to adapt logo and number of employees 

  • [JP-1863] - Modify registration and invitation flow 

  • [JP-1879] - implement position title search on profile completion 

  • [JP-1916] - Admin should be able to switch profile visibility for each user on users list

  • [JP-1921] - UI for metadata on relationship creation

  • [JP-1922] - combine relationship details on one page

  • [JP-1923] - the ability to preview and edit relationship metadata

  • [JP-1924] - update front end to adapt migration

  • [JP-1993] - Admin should be able to remove any user from users list

Sub-tasks

  • [JP-1645] - The ability to release back to the Third Party

  • [JP-1678] - Create User Group API

  • [JP-1827] - Migrate existing user status inside the business unit (AUTH0)

New APIs

  • [JP-1664] - Implement get active business units that user part of

  • [JP-1681] - Create API for modify user group

  • [JP-1684] - Add API to archive user group

  • [JP-1686] - Add API to archive 3rd party

  • [JP-1688] - Retrieve and filter list of existing BUs API

  • [JP-1690] - Saving new relation API

  • [JP-1697] - Create API for retrieving and filtering data

  • [JP-1701] - Create API for removing the relationship

  • [JP-1703] - Add/update current existing API

  • [JP-1705] - Add API to support modifying relationship type

  • [JP-1708] - Create API to Add existing / new user to UserGroup

  • [JP-1711] - Create API to remove user from UserGroup

  • [JP-1770] - Set active business unit for user

  • [JP-1774] - Link user if already exists with the requested business unit and set user status to pending

  • [JP-1775] - Modify invitation flow

  • [JP-1776] - Implement update user status for specific business unit

  • [JP-1779] - Get user status

  • [JP-1780] - Implement complete Business Unit profile

  • [JP-1809] - Get list of user groups

  • [JP-1810] - get user via email (from Auth0)

  • [JP-1815] - Update company Relationship settings

  • [JP-1817] - get business unit profile

  • [JP-1818] - Get list of third party relations filtered by type

  • [JP-1821] - Accept invitation API

  • [JP-1828] - Get default groups

  • [JP-1831] - Get user profile

  • [JP-1832] - Update user profile

  • [JP-1833] - Restructure AUTH0 meta and app data

  • [JP-1836] - Get thirdparty list

  • [JP-1837] - Get BU public users

  • [JP-1838] - Add contact user to BU

  • [JP-1841] - Remove contact

  • [JP-1843] - Check if there is any active user and prevent changes (delete , add ) for contacts

  • [JP-1845] - Get all users with pagination

  • [JP-1862] - Retrieve business unit relationships categories 

  • [JP-1902] - Create API to update user publicity flag

  • [JP-1920] - Load metadata lists

 

Tags: compliance, cybersecurity, assessments

Jamie Aquila

Written by Jamie Aquila

Jamie is the Co-Founder and CTO of JustProtect.

Comments