Release Notes
      Back to home
      1. Work.software Support Center
      2. Release Notes

      Work.software v3.00.1, v3.00.2

      Release notes - 7/22/22

      Overview: 

      Work.software’s GRC platform is designed to address the manual processes of the SOC 2 audit, replacing the inefficient and ineffective ways to capture information through docs, spreadsheets, and screenshots.

      Our SOC 2 framework addresses the manual Criteria that automation platforms do not provide. We prepare and organize all of the meetings, events, and checklists - when they happened; how long they took; who was in attendance; what agenda items were covered; and which ones were assigned to team members; what items were reviewed and signed within those meetings; and finally, the actual minutes are compiled and emailed to all attendees right after the meeting concludes and are organized by each mapped control for export. 

      Work.software provides pre-populated agenda items for all your SOC 2meetings so that you have an initial starting point. All can be edited, augmented by other agenda items or deleted. You can also mandate specific agenda items that can not be removed!  

      Pre-populated tasks and the same parameters as above are utilized for our Checklists too and can be shared with specific or all employees. Checklists can have due dates assigned or actual meetings created from them.

      Each meeting template and checklist is mapped to specific Criteria and Controls, which also can be adjusted if your auditors would prescribe more Criteria and Controls. Anything mapped corresponds to a particular digital folder, so when you click to download your audit, each meeting or checklist will be saved to the specific control folder or folders within the appropriate criteria.

      Work.software covers 22 criteria within the Security Trust Category, and we will complement any automated SOC 2 program you may be using. In addition, your auditors will be granted access to the platform and can download evidence at any point within the audit period, keeping your audit up to date and moving forward.


      Features:

      • Overall ability to define and manage all SOC 2 related meetings, events, and checklists for all manual criteria and controls and export final evidence directly to the specific control(s) folders within the appropriate Criteria for easy access by your auditors.
      • Ability to define an audit period, including choices of 3 months, 6 months. 9 months, and annual
      • Once the beginning date of the audit is chosen, based on the duration selected, the end of the audit will auto-populate
      • Ability to select one or more of the Trust Criteria needed for the audit including Security, Availability, Processing Integrity, Confidentiality, and Privacy.
      • Ability to choose employee evaluations and/or performance plans to be included in the audit and then the frequency that they are reviewed, which can be monthly, bi-monthly, quarterly, semi-annually, and annually.
      • If either Evaluations or Performance Reviews are selected, a 1 on 1 Sync Meeting will automatically follow the same frequency.
      • Department Meetings can be checked on or off and have the same options as the evaluations and performance reviews with the addition of every weekday and custom (i.e., M-W-F)
      • A new role has been added, which is GRC Lead.
      • Process and Policy Review can also have its frequency defined (weekly, monthly, quarterly, semi-annually, or annually).
      • Two types of templates are available out of the box: Meetings and Checklists. 21 Meeting Templates and 7 Checklists are in this release.
      • Any Templates or Checklists that are not needed can be easily disabled and will be moved to the Disabled Tab.
      • The following meeting templates have defined agenda items included:
        • Board of Directors, Business Continuity Plan Review, Business Continuity Test Retrospective, Business Impact Analysis, Change Advisory Board, Company Organization Chart Review, Disaster Recovery Plan Review, Disaster Recovery Test Retrospective, Employee Attrition Review, Employee Evaluations, Executive Review, Incident Response Retrospective, IT Resources Access, Job Description Review, New Hire Review, Review Incident Response Procedures, Risk Assessment Retrospective, Security Steering Committee, Sensitive Locations Access, Sprint Retrospective and Team Meetings (Department, Data Center, Marketing, Sales, Support Team, Customer Success, Procurement, Finance, etc).
      • The following Checklists will have defined agenda items (tasks) included:
        • Application Version Release, Employee Exit, Employee Manual, Employee New Hire, Employee Onboarding, Firewall Deployment, Hardware Deployment, Security Awareness Training, Security Policies, Server Deployment and Vendor Classification.
      • Also included is a Vendor Due Diligence Questionnaire.  
      • All Meeting Templates and Checklists have the related Criteria and Controls mapped to them, but these can be added to per the discretion of the GRC Lead or anyone else in Leadership.
      • Meeting Templates provide a format to define the name of the meeting, who is assigned as the host, how often it will be held, the prescribed duration of the meeting and who the attendees should be.
      • Additional Criteria or Controls can be added to any Meeting Template or Checklist by accessing a pulldown menu for each.
      • Once a host is assigned to a Meeting Template, that host can then utilize it to create a meeting or series of meetings on the day and the hour they choose, at the frequency that the creator of the template defined.
      • Agenda items and tasks in the templates can be deleted, and edited or additional ones can be added by either the Template creator or the host assigned. These will exist as recurring agenda items. The GRC Lead or Leadership can also prevent individual items from being removed by accessing a checkbox within the agenda item/task screen.
      • Agenda items can also be added to individual meetings in a series.
      • Both Meeting Templates and Checklists can also be given access to certain employees (assignees) who can then use these same templates to hold additional meetings, say of a smaller subgroup of people, or to be able to have an individualized copy of a checklist to augment or append to something else.
      • Meetings Templates can also be converted to Checklists.
      • This release has a GRC Compliance Dashboard that is viewable by the GRC Lead or anyone in Leadership, which will show all company-wide items included in the audit in the following 4 categories:
        • Completed items: meetings and checklists.
        • Upcoming meetings and checklist items.
        • Past due: missed meetings and missed deadlines.
        • Unassigned hosts for meetings or checklists as well as unscheduled meetings and checklists by assigned hosts.
      • Everyone has a personal role in this version, so all will see a personalized compliance dashboard that only shows meetings and checklists that are relevant to them.
      • If a past due item is in your personal dashboard and you are ready to review the meeting minutes or provide an e-signature to a required agenda item or task, one can click on the past due item and be taken directly to the meeting minutes to review them and sign. Then that item will go to the completed section of the dashboard. Likewise, if you have an unscheduled item, clicking on it will take you to the "create a meeting" modal.
      • All meeting minutes, checklist, employee evaluations, and performance reviews are immediately available for download at any point in the audit by accessing the “download audit evidence” button below the GRC Compliance Dashboard and accessible by anyone either in Leadership or by the GRC Lead.
      • Anything that is exported will land in the exact control folder within the specific criterion to which it was mapped, making it easy for the auditors to retrieve when ready.
      • An additional role of “Auditor” has been added.
      • Auditors are able to access the GRC Compliance Dashboard and the download button at a pre-prescribed interval that is determined and input into the user setting of the Auditor's profile.
      • Additionally, the person that will approve or change the Auditor access interval will also be defined in the user's settings.

      Items that Were Resolved:

      • On hover of a clickable item, show pointer 
      • Editing tasks in a Checklist was slow to save 
      • Issue with meeting timer when stopping and restarting
      • Remove  (M.A.P.s) and (I.I.P.s) & Rename M.A.P.s to “Evaluation"
      • Change M.A.P. to “Employee Evaluation” on actions
      • Minutes were out of sort order
      • Changing the user’s name (not username) was breaking meeting mapping and past due tracking 
      • Deleted users were appearing as meeting attendees
      • Rename Plays nav to “Process & Policy”
      • Manager did not receive email or notification to complete the employee MAPs once the employee completed their MAP
      • Meeting host needs to be required in order to save a meeting
      • Agenda Items not always saving
      • Sprint Retrospective agenda bug 
      • Agenda notes should be editable on MAPS for meeting sync
      • Agenda/task description should be optional to fill out
      • Sign off on meeting minutes button not visible in certain scenarios
      • Templates are not showing to assigned users and departments