Hi there,

Below are FortifyData's release notes for October 9^th.

This focuses on the release of an AI-powered Report Analyzer that will evaluate third-party reports (SOC 2, etc.) in minutes to enhance the review and assessment process for third-party vendor documents.

A. This also serves as notification that the UI layout for Third-Party Management Module was updated to transition the bottom-half of the page tab navigation from horizontal to a left-side vertical orientation.

B. "Questionnaires" tab has been renamed to "Controls and Compliance" tab.

C. Clients wishing to use the AI Report analysis on third-party documentation must have available Questionnaire Licenses to enable this feature.

There are roadmap plans to make this feature available for Enterprise Risk and Compliance analysis in the future, but for now this is only available for third-party report analysis.

Enhancements

1. Control and Compliance - AI-powered Third-Party Report Analysis

Landing on the Control & Compliance Tab (formerly Questionnaires)

• Users can navigate to Third Party → Select Vendor → Vendor Profile Details → Control & Compliance tab (bottom of left navigation), a table of existing questionnaires and analyses is displayed. 

• At the top of the table is a “Start New Analysis” button is available to begin a new compliance assessment. 

2. Starting a New Analysis 

• Click on the View All Analysis will show all type of framework and show 2 buttons – View and Start New Analysis 
• Clicking Start New Analysis opens a new view: Upload Reports for AI-Powered Compliance Analysis. 
• Purpose: Users can upload compliance documentation (e.g., SOC 2, ISO 27001, HIPAA, HITRUST, or other audit reports) for AI-based vendor risk assessment. 
• The 'Assess Manually' option on this section will take you to the traditional Questionnaire experience so you can send questionnaires to vendors. There is no AI-functionality on the Assess Manually questionnaire experience.

AI automatically: 

• Identifies control gaps. 
• Highlights potential risks. 
• Summarizes key findings. 
• Speeds up vendor assessments by eliminating manual reviews. 

3. Upload Options

Two options are presented: 

A. Drag & Drop / Upload File 

• Supported formats: PDF, DOCX, XLSX. 
• After upload, the document is associated with a report. 
• Users can select a framework from the company questionnaire list. 
• Actions available: Proceed or Cancel. 

B. Access Manually 

• Allows users to bypass file upload and manually enter compliance information. 

4. Framework Selection

• Once uploaded, if the document is in Pending status, users can:
• Change the associated framework.
• This is done by clicking the selected record while the status is still Pending. 

5. Analysis Status

Pending: 

• File uploaded, awaiting AI processing. 
• Users may change the framework. 

Queued: 

• File is being analyzed. 
• Displays message: 
• “AI is analyzing your document. We’ll notify you once finished.” 
• Clicking View All Analysis returns to the table view. 

Completed: 

• AI analysis finished. 
• User sees summary results. 

6. Results and Summary View

When analysis is Completed, the summary includes: 

• Controls Summary: Number of controls passed vs. total controls. 
• Overall Compliance Rate. 
• Progress Bars: Analyzed, Reviewed, and Business Decision stages. 
• Control Donut Chart: Distribution of controls by status: 
  • Passed 
  • Partially Implemented 
  • Failed 
  • No Evidence 
• Control Coverage by Group table section. 

7. Notifications

• Notification bell will notify the user when the AI analysis is completed 
• Note: The user must subscribe to this notification through either the User Page or User Settings.

• Emails and in app notifications will be sent to the user who initiated the upload once the analysis is completed. 
• See the example below: 

8. On Vendors page - Controls and Compliance Tab- view the selected AI framework 

• Displays all analyzed controls. 
• Bulk Action dropdown (applies to multiple records): 
  • Request Evidence/Documentation 
  • Accept Low Risk 
  • Accept Medium Risk 
  • Accept High Risk 
  • Negotiate in Contract 
• Per-record 3-dot menu with the same actions. 
• Filters available: 

A Filter option is available. Clicking on it opens a slide-out panel, where the user can: 

• Apply a Status filter (Any, Passed, Partial, Failed, Not Applicable).
• Use the Search control bar to search by record.

9. Business Decision Flow

• Once reviewed, users can finalize a Business Decision. 
• Options available: 
  • Approved & Closed 
  • Reviewed – Reject (sets status as Not Approved) 
  • Under Review (keeps status as Reviewed) 
• Users may add: 
  • Comments 
  • Recommendations 
  • Approval person 
  • Reassessment frequency 

10. Reassessment Frequency

Available options: 

• Quarterly 
• Semi-Annually 
• Annually 
• Every Three Years 
• Never Expires 

11. Validation and FortifyData Badge

Once the business decision is saved as “Approved”, the user will see the prompt: 
“Validate Compliance Analysis?” 

If the user clicks Yes, the following occurs: 

1. A pop-up appears requesting: 
   1. Assessor Signature (name) 
   2. Signature date and time (automatically set to the current date and time) 
   3. Assessor Certification (user selects their current certification) 
2. The user clicks Confirm, and an FD badge is displayed. 
3. The badge confirms that the questionnaire has been validated and shows the completion date. 
4. The reassessment frequency indicates when the questionnaire will need to be reviewed or redone. 

Should you have any questions regarding these updates, please reach out to FortifyData or simply reply to this email.