Tenable (Nessus) Vulnerability Scanner Integration
Request for native integration with Tenable vulnerability management platform (Tenable.io, Tenable.sc, Nessus) to automatically import vulnerability findings as detections and evidence. This would enable: - Automated vulnerability data sync from Tenable platforms - Vulnerability findings mapped to compliance controls - Asset discovery from Tenable scans - Risk scoring based on CVSS and business context - Automated evidence collection for audit readiness - Integration with existing task management and remediation workflows Tenable is a widely-used enterprise vulnerability management solution and this integration would significantly enhance OneClickComply's vulnerability management capabilities for organisations already invested in the Tenable ecosystem.
Dan Scott 13 days ago
Feature Request
Tenable (Nessus) Vulnerability Scanner Integration
Request for native integration with Tenable vulnerability management platform (Tenable.io, Tenable.sc, Nessus) to automatically import vulnerability findings as detections and evidence. This would enable: - Automated vulnerability data sync from Tenable platforms - Vulnerability findings mapped to compliance controls - Asset discovery from Tenable scans - Risk scoring based on CVSS and business context - Automated evidence collection for audit readiness - Integration with existing task management and remediation workflows Tenable is a widely-used enterprise vulnerability management solution and this integration would significantly enhance OneClickComply's vulnerability management capabilities for organisations already invested in the Tenable ecosystem.
Dan Scott 13 days ago
Feature Request
Revert a Completed task to 'In Progress'
Can we investigate adding a feature where manual tasks that have been marked as ‘Complete’, can be changed back to ‘In Progress’ or ‘Not Started’ For example, if a customer uploads the wrong document to an Operational task, and marks the task as ‘Complete’, they are able to remove the evidence, but not change the task back to a previous status. This could cause confusion for the user if they need to go back and revisit an incorrectly completed task.
Finn O'Brien about 2 months ago
Feature Request
Revert a Completed task to 'In Progress'
Can we investigate adding a feature where manual tasks that have been marked as ‘Complete’, can be changed back to ‘In Progress’ or ‘Not Started’ For example, if a customer uploads the wrong document to an Operational task, and marks the task as ‘Complete’, they are able to remove the evidence, but not change the task back to a previous status. This could cause confusion for the user if they need to go back and revisit an incorrectly completed task.
Finn O'Brien about 2 months ago
Feature Request
Whitelist/Enable Sender from Quarantine
I want to be able to "enable" or whitelist a sender directly from the quarantined email view. Currently, I have to manually release (Restore) the same senders repeatedly, which is inefficient. It would be great to have a way to mark a sender as trusted so their future emails bypass quarantine.
Jonathan Pow about 2 months ago
Feature Request
Whitelist/Enable Sender from Quarantine
I want to be able to "enable" or whitelist a sender directly from the quarantined email view. Currently, I have to manually release (Restore) the same senders repeatedly, which is inefficient. It would be great to have a way to mark a sender as trusted so their future emails bypass quarantine.
Jonathan Pow about 2 months ago
Feature Request
OCT(OneClick Template) AI-Generated Task Templates (NDAs, Logs, Agendas) via OCS Context
Context & Problem Statement Currently, when users are assigned a task like "Prepare Management Review Agenda" or "Maintain Deletion Logs," they are left to create these documents from scratch. This causes friction and delays. We need to provide starting templates for common compliance tasks. Instead of static, one-size-fits-all files, we will leverage our OCS engine. By adding a "Generate Template" button to tasks, OCS can combine the specific requirements of the task with the organization's unique ISMS profile to instantly generate a highly tailored, draft-ready template. Acceptance Criteria (AC) Task UI Integration: Add a "Generate Template with AI" button (or similar Call To Action) on the Task Detail pane. Contextual Prompting (Backend): When clicked, trigger an OCS prompt that injects two key pieces of context: The specific Task metadata (Name, Description, Control framework). The Organization's ISMS data (to ensure the tone, scope, and specific technologies match the company profile). Generation Output: Display the OCS-generated template in an in-app rich text or markdown editor. Editing & Saving: Allow the user to edit the generated template directly in the platform and save it as "Draft Evidence" or immediately attach it to the task to mark it as complete. Supported Task Types: Ensure the prompt handles a wide variety of template requests gracefully, including but not limited to: Employee Onboarding/Offboarding Checklists NDAs Data Deletion Logs Security Testing/Pen-Test Records Management Review Agendas
Shreya Yadav 3 months ago
Feature Request
OCT(OneClick Template) AI-Generated Task Templates (NDAs, Logs, Agendas) via OCS Context
Context & Problem Statement Currently, when users are assigned a task like "Prepare Management Review Agenda" or "Maintain Deletion Logs," they are left to create these documents from scratch. This causes friction and delays. We need to provide starting templates for common compliance tasks. Instead of static, one-size-fits-all files, we will leverage our OCS engine. By adding a "Generate Template" button to tasks, OCS can combine the specific requirements of the task with the organization's unique ISMS profile to instantly generate a highly tailored, draft-ready template. Acceptance Criteria (AC) Task UI Integration: Add a "Generate Template with AI" button (or similar Call To Action) on the Task Detail pane. Contextual Prompting (Backend): When clicked, trigger an OCS prompt that injects two key pieces of context: The specific Task metadata (Name, Description, Control framework). The Organization's ISMS data (to ensure the tone, scope, and specific technologies match the company profile). Generation Output: Display the OCS-generated template in an in-app rich text or markdown editor. Editing & Saving: Allow the user to edit the generated template directly in the platform and save it as "Draft Evidence" or immediately attach it to the task to mark it as complete. Supported Task Types: Ensure the prompt handles a wide variety of template requests gracefully, including but not limited to: Employee Onboarding/Offboarding Checklists NDAs Data Deletion Logs Security Testing/Pen-Test Records Management Review Agendas
Shreya Yadav 3 months ago
Feature Request
"Remember Me" Authentication: Extend session lifetime to reduce OTP login friction
Context & Problem Statement Currently, users are being forced to re-authenticate with an email OTP (One-Time Password) code every 30 minutes. This aggressive session timeout disrupts user workflows, especially when they are spending hours in the platform reviewing policies or uploading evidence. We need to introduce a "Remember Me" function that extends the login session securely, reducing friction while maintaining our baseline security posture. Acceptance Criteria (AC) Login UI Update: Add a "Remember me on this device" checkbox to the login screen, right below the email input field. Token Architecture (Backend): * If the box is unchecked: Maintain the current behavior (session dies after 30 minutes of inactivity). If the box is checked: Issue a short-lived Access Token (e.g., 30 minutes) AND a secure, HTTP-only, long-lived Refresh Token (e.g., 7 days). Silent Refresh: Implement logic in the frontend to intercept 401 Unauthorized errors, silently use the Refresh Token to get a new Access Token in the background, and retry the failed request without interrupting the user. Explicit Logout: If a user clicks "Log Out", the backend must immediately revoke and blacklist both the Access Token and the Refresh Token for that device.
Shreya Yadav 3 months ago
Feature Request
"Remember Me" Authentication: Extend session lifetime to reduce OTP login friction
Context & Problem Statement Currently, users are being forced to re-authenticate with an email OTP (One-Time Password) code every 30 minutes. This aggressive session timeout disrupts user workflows, especially when they are spending hours in the platform reviewing policies or uploading evidence. We need to introduce a "Remember Me" function that extends the login session securely, reducing friction while maintaining our baseline security posture. Acceptance Criteria (AC) Login UI Update: Add a "Remember me on this device" checkbox to the login screen, right below the email input field. Token Architecture (Backend): * If the box is unchecked: Maintain the current behavior (session dies after 30 minutes of inactivity). If the box is checked: Issue a short-lived Access Token (e.g., 30 minutes) AND a secure, HTTP-only, long-lived Refresh Token (e.g., 7 days). Silent Refresh: Implement logic in the frontend to intercept 401 Unauthorized errors, silently use the Refresh Token to get a new Access Token in the background, and retry the failed request without interrupting the user. Explicit Logout: If a user clicks "Log Out", the backend must immediately revoke and blacklist both the Access Token and the Refresh Token for that device.
Shreya Yadav 3 months ago
Feature Request
Document "Draft" Status & AI-Powered Vector Search for Evidence Repository
Context & Problem Statement As we roll out the new Centralized Document Repository, users need a way to stage incomplete or unapproved files. Currently, if a file is uploaded, it is immediately processed. We need a "Draft" status so users can upload work-in-progress evidence without it being prematurely embedded by OCS for policy generation or task completion. Additionally, as the repository grows, standard keyword search won't be enough. We need to leverage our OCS vector embeddings to allow users to semantically search for documents by title (e.g., searching "employee onboarding" should return the "New Hire Access Register"). Acceptance Criteria (AC) Evidence State Machine: Add a Status field to document/evidence uploads with two primary states: Draft and Active. Draft Logic & Isolation: * Documents in the Draft state must be visible in the UI but clearly marked with a "Draft" pill/badge. Draft documents MUST NOT be sent to the OCS embedding pipeline and MUST NOT be used for task auto-completion or AI questionnaire answering. Publishing Workflow: Add a "Publish" or "Mark as Active" button for Draft documents. Clicking this transitions the status to Active and triggers the OCS vector embedding webhook. Semantic Vector Search: * Add a search bar to the Document Upload repository UI. Instead of a standard SQL LIKE query, wire this search bar to the OCS vector database to perform a semantic search against the embedded document titles and metadata. Return search results ranked by vector similarity score.
Shreya Yadav 3 months ago
Feature Request
Document "Draft" Status & AI-Powered Vector Search for Evidence Repository
Context & Problem Statement As we roll out the new Centralized Document Repository, users need a way to stage incomplete or unapproved files. Currently, if a file is uploaded, it is immediately processed. We need a "Draft" status so users can upload work-in-progress evidence without it being prematurely embedded by OCS for policy generation or task completion. Additionally, as the repository grows, standard keyword search won't be enough. We need to leverage our OCS vector embeddings to allow users to semantically search for documents by title (e.g., searching "employee onboarding" should return the "New Hire Access Register"). Acceptance Criteria (AC) Evidence State Machine: Add a Status field to document/evidence uploads with two primary states: Draft and Active. Draft Logic & Isolation: * Documents in the Draft state must be visible in the UI but clearly marked with a "Draft" pill/badge. Draft documents MUST NOT be sent to the OCS embedding pipeline and MUST NOT be used for task auto-completion or AI questionnaire answering. Publishing Workflow: Add a "Publish" or "Mark as Active" button for Draft documents. Clicking this transitions the status to Active and triggers the OCS vector embedding webhook. Semantic Vector Search: * Add a search bar to the Document Upload repository UI. Instead of a standard SQL LIKE query, wire this search bar to the OCS vector database to perform a semantic search against the embedded document titles and metadata. Return search results ranked by vector similarity score.
Shreya Yadav 3 months ago
Feature Request
Centralized Document Repository with OCS Embedding & Task Auto-Completion
Context & Problem Statement Currently, evidence and documents are heavily siloed—usually attached to specific tasks or controls. Customers need a global, centralized "filing cabinet" to store overarching organizational files like NDAs, Access Registers, and corporate charts. By storing all these files in a unified Airtable base and running them through our vector embedding pipeline, we can unlock massive AI value. OCS can use this global context to auto-generate highly accurate policies, automatically answer security questionnaires, and intelligently scan/mark existing compliance tasks as completed based on the uploaded evidence. Acceptance Criteria (AC) Global Document Hub (UI): Create a new "Documents" or "Evidence Center" page where users can upload, view, and manage global files independently of specific tasks. Airtable Storage Integration: Route uploaded file metadata and secure storage links to a dedicated Global_Documents table in Airtable. OCS Embedding Pipeline: Whenever a new file is uploaded, automatically trigger an extraction and embedding process so the document's contents are indexed for the OCS AI. AI Context Usage: Update the OCS prompts for Policy Generation and Questionnaire Answering to query this new embedded document index for context. Automated Task Scanning: Implement an event listener: when a document is uploaded and tagged (e.g., "Access Register"), trigger a scan to automatically mark relevant open tasks as Completed and attach the document as evidence.
Shreya Yadav 3 months ago
Feature Request
Centralized Document Repository with OCS Embedding & Task Auto-Completion
Context & Problem Statement Currently, evidence and documents are heavily siloed—usually attached to specific tasks or controls. Customers need a global, centralized "filing cabinet" to store overarching organizational files like NDAs, Access Registers, and corporate charts. By storing all these files in a unified Airtable base and running them through our vector embedding pipeline, we can unlock massive AI value. OCS can use this global context to auto-generate highly accurate policies, automatically answer security questionnaires, and intelligently scan/mark existing compliance tasks as completed based on the uploaded evidence. Acceptance Criteria (AC) Global Document Hub (UI): Create a new "Documents" or "Evidence Center" page where users can upload, view, and manage global files independently of specific tasks. Airtable Storage Integration: Route uploaded file metadata and secure storage links to a dedicated Global_Documents table in Airtable. OCS Embedding Pipeline: Whenever a new file is uploaded, automatically trigger an extraction and embedding process so the document's contents are indexed for the OCS AI. AI Context Usage: Update the OCS prompts for Policy Generation and Questionnaire Answering to query this new embedded document index for context. Automated Task Scanning: Implement an event listener: when a document is uploaded and tagged (e.g., "Access Register"), trigger a scan to automatically mark relevant open tasks as Completed and attach the document as evidence.
Shreya Yadav 3 months ago
Feature Request
Unified Notification Center and Automated Task Reminder Emails
Context & Problem Statement Currently, users have to manually hunt through the platform (Controls, Policies, ISMS) to figure out what tasks are assigned to them or what is blocking their compliance progress. This friction leads to stalled onboarding and missed deadlines. We need a dual-channel notification system—an in-app hub and automated push emails—to clearly list out their pending action items. Acceptance Criteria (AC) In-App Notification Center: Add a "Bell" icon to the global navigation bar with an unread badge counter. Clicking the bell opens a dropdown pane (or navigates to a dedicated page) listing all pending action items assigned to the user. Each notification must be actionable (clicking it routes the user directly to the specific Task, Policy, or Control). Automated Email Engine: —ALREADY HAVE THIS FEATURE— Implement a "Daily/Weekly Digest" email that summarizes overdue and upcoming tasks for each user. Implement event-driven emails (e.g., "You have been assigned a new Task by [Admin Name]"). Notification Preferences: Add a tab in the User Settings profile allowing users to toggle email notifications on/off or change their frequency (Daily vs. Weekly digest). State Management: When a task is completed in the platform, the associated notification must automatically be marked as "Read" or removed from the pending list.
Shreya Yadav 3 months ago
Feature Request
Unified Notification Center and Automated Task Reminder Emails
Context & Problem Statement Currently, users have to manually hunt through the platform (Controls, Policies, ISMS) to figure out what tasks are assigned to them or what is blocking their compliance progress. This friction leads to stalled onboarding and missed deadlines. We need a dual-channel notification system—an in-app hub and automated push emails—to clearly list out their pending action items. Acceptance Criteria (AC) In-App Notification Center: Add a "Bell" icon to the global navigation bar with an unread badge counter. Clicking the bell opens a dropdown pane (or navigates to a dedicated page) listing all pending action items assigned to the user. Each notification must be actionable (clicking it routes the user directly to the specific Task, Policy, or Control). Automated Email Engine: —ALREADY HAVE THIS FEATURE— Implement a "Daily/Weekly Digest" email that summarizes overdue and upcoming tasks for each user. Implement event-driven emails (e.g., "You have been assigned a new Task by [Admin Name]"). Notification Preferences: Add a tab in the User Settings profile allowing users to toggle email notifications on/off or change their frequency (Daily vs. Weekly digest). State Management: When a task is completed in the platform, the associated notification must automatically be marked as "Read" or removed from the pending list.
Shreya Yadav 3 months ago
Feature Request
Improve in-app guidance and explanations for "Outscoping" Tasks
Context & Problem Statement Users are struggling to understand the rules of engagement for "outscoping" a task. Currently, the platform allows users to mark tasks as out of scope, but it lacks contextual help explaining when or why this is appropriate. This leads to user hesitation or, worse, users incorrectly outscoping mandatory requirements, which jeopardizes their ISO/SOC 2 audit readiness. We need to provide better in-app education at the point of action so users understand the criteria for marking a task as Not Applicable (N/A) and know that auditors will require a valid reason. Acceptance Criteria (AC) Contextual Help / Tooltips: Add an info icon (i) or tooltip next to the "Outscope" button on the Task view explaining the general concept (e.g., "Only outscope tasks if the underlying technology or process is not used by your organization."). Confirmation Modal: When a user clicks to outscope a task, trigger a confirmation modal instead of an instant state change. Provide Examples: Inside the modal, provide 1-2 bullet points of valid outscoping scenarios (e.g., "Example: Outscoping a 'Physical Security' task because your company is 100% remote."). Mandatory Justification: Update the outscoping workflow to require a text input for "Justification." Users must explain why it is out of scope (e.g., "We do not process credit cards"), as auditors will ask for this. Link to Docs: Include a "Learn More" link in the modal that points to the relevant Support Article or Knowledge Base page about scoping.
Shreya Yadav 3 months ago
Feature Request
Improve in-app guidance and explanations for "Outscoping" Tasks
Context & Problem Statement Users are struggling to understand the rules of engagement for "outscoping" a task. Currently, the platform allows users to mark tasks as out of scope, but it lacks contextual help explaining when or why this is appropriate. This leads to user hesitation or, worse, users incorrectly outscoping mandatory requirements, which jeopardizes their ISO/SOC 2 audit readiness. We need to provide better in-app education at the point of action so users understand the criteria for marking a task as Not Applicable (N/A) and know that auditors will require a valid reason. Acceptance Criteria (AC) Contextual Help / Tooltips: Add an info icon (i) or tooltip next to the "Outscope" button on the Task view explaining the general concept (e.g., "Only outscope tasks if the underlying technology or process is not used by your organization."). Confirmation Modal: When a user clicks to outscope a task, trigger a confirmation modal instead of an instant state change. Provide Examples: Inside the modal, provide 1-2 bullet points of valid outscoping scenarios (e.g., "Example: Outscoping a 'Physical Security' task because your company is 100% remote."). Mandatory Justification: Update the outscoping workflow to require a text input for "Justification." Users must explain why it is out of scope (e.g., "We do not process credit cards"), as auditors will ask for this. Link to Docs: Include a "Learn More" link in the modal that points to the relevant Support Article or Knowledge Base page about scoping.
Shreya Yadav 3 months ago
Feature Request
Automated Reminders for Periodic Reviews (Policies, ISMS)
Context & Problem Statement Currently, users have to rely on external calendars to track recurring compliance obligations. Aqovia has explicitly requested the ability to schedule and receive in-platform reminders for recurring events, such as 6-month policy reviews and periodic ISMS data reviews. To keep customers engaged and compliant year-round, the platform needs a notification engine that prompts them to log in and perform these administrative reviews before they become overdue. Acceptance Criteria (AC) Reminder Configuration: Users must be able to set a "Next Review Date" or schedule a reminder directly on key platform modules (e.g., specific Policies, the ISMS Dashboard, or a general "Meetings/Events" tracker). Custom Intervals: Support standard compliance intervals for reminders (e.g., 1 month, 3 months, 6 months, Annually). Notification Delivery: * Generate an in-app notification when the reminder triggers. Send an automated email to the assigned owner(s) or Organization Admins (e.g., "Action Required: 6-Month ISMS Review"). Lead Time Triggers: Allow the reminder to trigger before the actual deadline (e.g., notify the user 2 weeks before the 6-month mark) so they have time to prepare. Acknowledgement / Reset: Once a review is completed, the user must be able to click a button to "Acknowledge" the reminder, which then resets the clock for the next interval.
Shreya Yadav 3 months ago
Feature Request
Automated Reminders for Periodic Reviews (Policies, ISMS)
Context & Problem Statement Currently, users have to rely on external calendars to track recurring compliance obligations. Aqovia has explicitly requested the ability to schedule and receive in-platform reminders for recurring events, such as 6-month policy reviews and periodic ISMS data reviews. To keep customers engaged and compliant year-round, the platform needs a notification engine that prompts them to log in and perform these administrative reviews before they become overdue. Acceptance Criteria (AC) Reminder Configuration: Users must be able to set a "Next Review Date" or schedule a reminder directly on key platform modules (e.g., specific Policies, the ISMS Dashboard, or a general "Meetings/Events" tracker). Custom Intervals: Support standard compliance intervals for reminders (e.g., 1 month, 3 months, 6 months, Annually). Notification Delivery: * Generate an in-app notification when the reminder triggers. Send an automated email to the assigned owner(s) or Organization Admins (e.g., "Action Required: 6-Month ISMS Review"). Lead Time Triggers: Allow the reminder to trigger before the actual deadline (e.g., notify the user 2 weeks before the 6-month mark) so they have time to prepare. Acknowledgement / Reset: Once a review is completed, the user must be able to click a button to "Acknowledge" the reminder, which then resets the clock for the next interval.
Shreya Yadav 3 months ago
Feature Request
Granular Role-Based Access Control
Context & Problem Statement Currently, users on the platform have broad access to most modules. Multiple enterprise customers (Aqua Global and Aqovia) have requested the ability to "gatekeep" highly sensitive security tools from standard users. Standard contributors need to work on daily compliance workflows, but they should not have visibility or access to critical security infrastructure, endpoint monitoring, or sensitive risk registers. Acceptance Criteria (AC) Role/Permission Separation: Introduce a new permission toggle or distinct user roles (e.g., Standard Contributor vs. Security Admin) to control module visibility. Allowed Access (Standard Users): Users restricted from advanced tools must still retain full access to: View and edit Controls. View and update Tasks. Upload and manage Evidence. Restricted Access (Gatekept Modules): The following modules must be hidden from the UI and protected via backend authorization checks (403 Forbidden) for restricted users: Endpoint Monitoring Tools / Penetration Testing. ISMS Dashboard. Risk Register. Incident Management. UI Navigation: The sidebar navigation should dynamically hide the links to restricted modules if the authenticated user lacks the required permissions.
Shreya Yadav 3 months ago
Feature Request
Granular Role-Based Access Control
Context & Problem Statement Currently, users on the platform have broad access to most modules. Multiple enterprise customers (Aqua Global and Aqovia) have requested the ability to "gatekeep" highly sensitive security tools from standard users. Standard contributors need to work on daily compliance workflows, but they should not have visibility or access to critical security infrastructure, endpoint monitoring, or sensitive risk registers. Acceptance Criteria (AC) Role/Permission Separation: Introduce a new permission toggle or distinct user roles (e.g., Standard Contributor vs. Security Admin) to control module visibility. Allowed Access (Standard Users): Users restricted from advanced tools must still retain full access to: View and edit Controls. View and update Tasks. Upload and manage Evidence. Restricted Access (Gatekept Modules): The following modules must be hidden from the UI and protected via backend authorization checks (403 Forbidden) for restricted users: Endpoint Monitoring Tools / Penetration Testing. ISMS Dashboard. Risk Register. Incident Management. UI Navigation: The sidebar navigation should dynamically hide the links to restricted modules if the authenticated user lacks the required permissions.
Shreya Yadav 3 months ago
Feature Request