Open Signup, PCI DSS, and Agent-Run Vendor Reviews
changelog·

Open Signup, PCI DSS, and Agent-Run Vendor Reviews

The waitlist is gone — anyone can sign up. Plus full-fidelity PCI DSS ROC & SAQ assessments, an agent that runs the vendor evidence lifecycle over email, trust centers served at your own domain root, and an evidence-backed assurance dashboard.

The waitlist is gone. Anyone can sign up and start a workspace — no invite, no waiting.

This release also puts the agent runtime from June to work on the most tedious loop in GRC: vendor reviews. Every workspace gets its own agent email address. Send a questionnaire or evidence request from a vendor's Communications tab, and when the vendor replies, the agent triages the attachment, links it to the vendor with recorded provenance, and threads a conversational response. Accept the evidence and the review cadence advances on its own. CAIQ v4.1 and CCM Lite questionnaires join the catalog, alongside ISO 27001 and pen-test evidence playbooks.

PCI DSS lands as a first-class framework: full-fidelity ROC and SAQ assessments with an in-app report, a summary matrix, and export. And the dashboard now shows evidence-backed assurance — scores derived from the actual evidence behind each control, with drill-downs and an attention card for what needs action.

  • Trust centers serve at your own domain root — trust.acme.com, clean URLs, no redirect — with versioned resources and expiry reminders
  • Integrations map evidence to control coverage, with scoping, one-click AWS connect, and per-assertion sync outcomes
  • Crosswalk any two frameworks through the SCF hub, with a controlled mapping vocabulary and provenance
  • Global command palette, unified activity-and-comments feed, rich-text descriptions, and tabbed list views
  • Workspace scoping enforced at the database layer, plus a security and reliability hardening pass from a full codebase review

Share