Feedback

We understand it is currently not possible to apply the AI application to review uploaded evidence documents (e.g. ISO or ISAE reports) and connect the evidence to specific controls (in the relevant framework) that are connected to the said evidence. Would it be possible to schedule this on the roadmap of Formalize. It would help a lot in the efficiency of embedding evidence review in the monitoring possibilities of specific controls. We are happy to discuss this via a call

We’re improving questionnaires to better support recurring reviews and ongoing data maintenance. By pre-filling questionnaires with the latest submitted responses, it will become easier to review, validate, and update existing information instead of starting from scratch each time. This will support smoother supplier and employee review processes, help keep information accurate over time, and strengthen ongoing compliance efforts.

When a risk is closed, the linked tasks may no longer be relevant to perform. In those cases, marking the task as Completed is misleading, because the task was not actually carried out — it was simply made irrelevant due to the risk being closed. The natural workaround is therefore to archive the task instead. However, when the task is archived, the visible link between the risk and the task is lost, which reduces traceability and historical context. Requested improvement: It would be highly valuable if archived tasks remained visible on the related risk, clearly marked with an Archived status (or similar), rather than disappearing from the relationship view. Why this matters: Preserves traceability between risks and their historical mitigation activities Avoids using Completed for tasks that were never actually executed Improves auditability and documentation of lifecycle decisions Reduces dependency on manual notes in free text fields Makes it easier to understand that the task did exist, but was archived because the risk changed status Possible solution options Show archived tasks in the risk view in a separate section, e.g. Archived tasks Keep archived tasks visible in the normal linked-task list, but with a clear Archived status label Add a reason field such as: Archived because linked risk was closed No longer applicable due to risk status change Current workaround: At the moment, the only workaround is to document in the risk text that the tasks were archived. This helps, but it is weaker than maintaining the actual object relationship in the system.

The security log should include audits for changes to all elements including creation, modification and deletion of items such as queries, reports, suppliers, evidence, systems, incidents, etc as these can all have regulatory impact and it is important we know who changed what and when (think malicious insider or over zealous employee).

We’re enabling your tools and systems to interact directly with evidence in our platform via Open API. This means you can automate evidence collection, submission, and management, and cut down on manual work.

We are adding the ability to approve versions of evidence before making them valid

We’re improving workflows and approvals with stronger escalation and reminder capabilities for time-sensitive processes. This will help ensure important actions, approvals, and critical alerts reach the right people at the right time through more reliable notification flows.

We’re making it possible to link custom fields directly to data from resources like assets, employees, systems, suppliers, and customers. This removes the need for manual input, keeps workflows up to date, and reduces maintenance.

Once the employee accepts a policy, how can he/she get a copy of the policy? Send a copy via email could be enough, having a view of all the accepted or pending policies would be better.