GRC Plugins v15 available on the store (release notes here)

• Rome
• San Diego
• Tokyo

New

Ability to have entity class rule based on a condition builder

Sync entity owner field to associated risks and controls

Changed

sn_grc.reader role does not contain sn_grc.business_user role.

sn_grc.user will contain sn_grc.business_user role.

Fixed

In child tables, the attachment option is accessible for non-confidential users

Script error coming from indicator_static_support_data_task

Typographical error in OOB GRC business rule script error message

GRC Developer role description must be updated

The security-related properties under GRC Properties are not coming in order

The user is also able to read the data of the parent user group when access groups are set as the child user group

ACL added by the GRC: Profiles plugin is breaking the visibility of Information Objects in APM

All sys metadata tables required the update_sync attribute

• Rome
• San Diego
• Tokyo

New

Categorize Audit Engagements, Audit Tasks, Control Tests, etc. based on Functional Domains like IT Compliance and Risk, Privacy, etc.

Fixed

When an Engagement is Closed Incomplete, related Control Tests are still Open.

Audit Manager should not be allowed to Close an Engagement when related Tasks are Open.

When we create a test template, unable to select the Control Objective field values which have lengthier display names.

Security constraints on Client Callable script includes.

When an Engagement is created from Entity form, newly created Engagement is not coming up in Downstream Engagements of Entity.

• Rome
• San Diego
• Tokyo

New

Assessors can evaluate controls by design and operational effectiveness

Fixed

Translation-related bug fixes

• Rome
• San Diego
• Tokyo

New

Categorize GRC Objects based on Functional Domains like IT Risk and Compliance, Privacy, etc.

Fixed

Tasks page -- Tool tip of dropdown in "My group tasks" tab showing null 

Breadcrumbs aren't showing the exact navigation in employee center when navigating to record from list view

• Rome
• San Diego
• Tokyo

New

Perform Advanced Risk Assessments on Policy Exceptions.

Categorize Compliance Objects like Policies, Authority Documents, Control Objectives, Citations, Controls, etc. based on Functional Domain like IT Compliance and Risk, Privacy, etc.

The compliance Manager/Compliance Analyst should be able to reuse existing Evidences collected on other GRC objects.

Changed

Role hierarchy changes: GRC Reader role will not be part of the Business User role. Changed all the ACLs, Modules, etc. accordingly.

Added Expired substate for Closed Policy Exceptions to indicate Policy Exception is Approved and Valid to date has crossed.

Reason code can be modified after Policy Exception is Approved.

Policy Exceptions submitted from Service Portal or Employee Service Center should go through Verification Approvals when Verification Rule is configured.

The Requester should be able to extend Policy Exception more than once based on a configuration property.

Fixed

Localization issues.

Incorrect due date on Policy Acknowledgements.

Manually Retired controls are moved to Draft state when the Policy is published.

States in which Controls are considered to be Active.

On Impacted Controls for Policy Exceptions: Add/Add all buttons are not coming up.

On Controls, Open Issues are not updated when a new issue is created.

Policy Exception is created even though Valid from and Valid to dates are the same.

GRC Business user is able to move the policy exception to Analyze state even though verification approvals are configured.

Description of auto-created Policy exception created from PACE exception is truncated.

The Retire button should not be present on the KB article related to Policy.