Over the last few weeks, the dev team finalized the beta release of Runbooks and continue to focus efforts on delivering this exciting new module to the platform. But that doesn’t mean that we haven’t delivered some amazing new features!
If we are hosting for you rorganizaiton, you already have this functionality or will in the coming days. Self-hosting? Check out the link at the bottom to get to the documentation for performing updates.
IMPORTANT NOTE FOR SELF-HOSTED CLIENTS: If your instance has been migrated to the Long-Living Database configuration (indicated by the presence of the database_update.sh script on your server), please take special note of the new update procedures. This release WILL require an update to your database.
When performing an assessment, there is often a need to attach supporting evidence. For example, if the control being evaluated asks about the presence of a Key Management Policy, the assessor may need to collect a copy of said policy.
You can now add almost any file type as an attachment within the context of an Assessment Question:
Simply drag and drop or browse to add attachments:
Upon submission of the Assessment to a report, the attachments are stored in the Artifacts area:
In addition, a Custom Field is created in the finding generated from the question, allowing you to easily reference the attachments submitted within the context of that question:
NOTE: The following two new features appear similar but are very different. The first (Input Fields) presents an input option to users when taking an Assessment. The second (Custom Fields) provides a method for building Custom Fields into a question, complete with a pre-populated value (if desired), which are hidden during administration of the Assessment and become visible in the finding after submission.
When administering an Assessment, there may be discrete information that you wish to segregate from the generic “Notes” field, and which is beyond the data collected with the question response itself.
For example, who did you interview? Or perhaps, what existing controls are in place?
With Input fields, you can structure your questions to gather whatever additional fields you like.
When building a question, simply select “Add Input Field” and provide a label for the field:
When you administer the Assessment, the fields are presented, and the user can enter text:
Any data input into an Input Field is cast into a Custom Field in the associated finding when the Assessment is submitted into a report. A key is automatically generated from the label you provided when building the Input Field in the question:
The true value of Assessments in PlexTrac is the ability to pre-populate fields that are “hidden” during administration of the assessment, but which pass through into the findings upon submission. For example, common recommendations for a control can be pre-populated into the recommendations section.
Previously, if you wanted to have a Custom Field pass through to a finding after submission, you were required to use a Writeup from the WriteupsDB as your source of metadata.
Now, you can create Custom Fields when editing a question natively. Near the bottom of the question edit region, simply click the “Add Custom Field” button. Then simply provide a label and any text you wish to pre-populate.
Just like with Input fields, this data will be transferred into a Custom Field in the associated Finding when submitted as a report. There, you can edit it as desired.
We’ve added a scroll feature to the questions list when editing a Questionnaire. You can now keep the editing field in view when searching for questions deep in the list:
If you are self-hosting your PlexTrac Instance, gain access to all these enhancements by updating to the latest release using the procedures in our documentation.
If you are operating with a legacy database, continue to use these procedures:
If operating with a Long-Living Database, follow these procedures:
Note: This release requires a database update.
Encountering a friction point? You can always obtain email support by dropping us a line at firstname.lastname@example.org. Feel like your issue would be better addressed with a screen share? Self-schedule a Zoom support slot using this link:
Our development roadmap is 100% driven by our customer requirements. If you have an idea for how PlexTrac can better support your needs, drop us a line!