Vidensbase

Gå til indhold
Dansk
Gå til www.northgrc.dk
  • Der er ingen forslag, da søgefeltet er tomt.

NorthGRC Release Log

Version 6.3 - december 2025

Denne release indeholder nye funktioner til store virksomheder, der har flere NorthGRC-instanser (enterprise) samt muligheden for at tilføje brugerdefinerede (custom) workbenches.

Enterprise-udvidelser

Enterprise risikostyring

  • Deling af globale aktiver: Master-instanser kan nu oprette og dele aktiver på tværs af alle member-instanser, hvilket sikrer konsistent risikostyring i hele organisationen.

  • Globalt trusselskatalog: Publicér et centraliseret trusselskatalog fra master-instansen til alle member-instanser.

  • Deling af globale risikovurderinger: Del risikovurderinger og standardiserede risikoskalaer fra master til member-instanser. Dette giver en ensartet tilgang til risikoevaluering på tværs af virksomheden.

Enterprise kontroller

  • Kontroller på gruppeniveau: Definer master-kontroller på gruppeniveau i master-instansen.

  • Nedarvning af kontroller: Member-instanser kan nedarve og anvende kontroller fra gruppeniveauet, hvilket sikrer ensartet implementering af kontroller i alle forretningsenheder.

Enterprise rapportering

  • Konsolideret dashboard: Forbedret dashboard i master-instansen med overordnede, aggregerede nøgletal, der samler data fra alle member-instanser.

  • Drill-down funktioner: Naviger fra konsoliderede visninger til instans-specifikke risici- og kontroller.

  • Synlighed på tværs af instanser: Komplet overblik over organisationens samlede risiko- og compliance-profil på tværs af alle member-instanser.

Nyhed: Custom Workbench

Vi introducerer Custom Workbench – en fleksibel løsning, der giver jer mulighed for at have brugerdefinerede standarder og kravsæt  i NorthGRC. Custom Workbench leveres som en Professional Services-implementering med fuld assistance til konfiguration og datamigrering.

Kernefunktioner

  • Import af brugerdefinerede data: Vores support-team kan importere jeres kundespecifikke kravsæt, kontroller, aktiver, leverandørlister mm i separate "workbenches" adskilt fra de specifikke workbenches informationssikkerhed, databeskyttelse OT og ESG.

  • Isolerede arbejdsmiljøer: Fokuserede arbejdsområder, der kun viser relevante data for specifikke afdelinger eller compliance-områder og forhindrer støj fra andre dele af systemet.

  • Kundespecifikke krav: I kan nu få tilføjet jeres egne, branche- eller virksomhedsspecifikke standarder og kravsæt i jeres Custom Workbench.

  • Konsolideret compliance-overblik: Ledelsen kan se status på compliance på tværs af alle workbenches på én samlet compliance-side.

Nyt logging-framework

Vi har rekonfigureret systemets logging, så den er mere præcis og omfattende. Følgende logs vil nu være tilgængelige:

  • Trace log: Tracker brugernes navigation i systemet.

  • Change-log:  Tracker ændringer i systemets entiteter, såsom dokumenter, opgaver, datalister osv.

  • Audit-log: Tracker, hvilke brugere der har logget ind i systemet.

 Alle logs findes fortsat under Indstillinger > system > logs.

Andet:

Vi har lagt et ID på alle aktiver, dokumenter, kontroller, opgaver og leverandører.

 

Version 6.2 – ​9. december 2025

Nu får I en masse nyt indhold til NorthGRC. I denne omgang har vi haft fokus på AI, så I nemt kan være på forkant med de allernyeste regler og trusler på området.

Denne release indeholder:

  • 7 nye standarder/forordninger
  • 14 nye AI-relaterede kontroller
  • 8 nye AI-relaterede trusler
  • En ny skabelon til en AI-politik

I denne video gennemgår vi det hele på 6 minutter.

Nye standarder, forordninger og rammeværk

Nu kan I også mappe jeres opgaver, dokumenter og kontroller op imod følgende standarder og regulativer:

AI-forordningen: EU's forordning o​m kunstig intelligens.
ISO/IEC 42001: Ledelsessystem for AI (AIMS).
ISO 45001: Arbejdsmiljø og sikkerhed.
ISO/IEC 20000: Informationsteknologi - Service management.
ISO 22301: Beredskab (Business Continuity Management).
NIST 800-53: Sikkerheds- og privacykontroller for føderale Informationssystemer (USA).
NEN 7510:2024: Informationssikkerhed i sundhedssektoren (Holland).

Bemærk! I kan allerede nu afprøve de nye standarder. Hvis en af dem ikke er en del af jeres nuværende aftale med NorthGRC, såkontakt os endelig, så vi kan få dem inkluderet i jeres licens!

I kan aktivere standarderne under Indstillinger > Indhold > Krav (Settings > Content > Requirements). Når de er slået til, kan I arbejde med dem på jeres compliance-side.


Nye AI-relaterede ​kontroller

Hvis jeres virksomhed bruger AI-systemer (eller er "idriftsætter," som det kaldes i forordningen), er disse nye kontroller vigtige for jer.

  • Forbudte former for brug af AI og klassificering af høj risiko: V​i skal kende til (u)lovlig brug af AI (som f.eks. social scoring) og risikovurdering og klassificering af AI-systemer.
  • Operationel compliance og teknisk integritet: AI-systemer skal køre præcis, som de er beregnet til, konstant overvåges, datakvaliteten skal være i orden.
  • Menneskeligt tilsyn og transparens: Mennesker skal stadig have styringen, især ved systemer med stor indflydelse, og  de berørte personer skal altid informeres om AI'ens rolle.
  • Håndtering af hændelser og indberetning til myndigheder: ​R​egler for, hvordan I skal tackle kritiske AI-fejl og hurtigt kommunikere med de relevante myndigheder.



AI-relaterede trusler

Vi har tilføjet en helt ny trusselsgruppe til jeres trusselskatalog i risikomodulet. Den er oprettet specifikt for at hjælpe jer med at identificere og vurdere risici, der følger med brugen af AI-systemer. De dækker kritiske områder som:

  • Bias og diskrimination
  • Mangel på forklarbarhed ('black box'-problemet)
  • Shadow AI (uautoriserede eller uadministrerede AI-systemer)



Skabelon til politik for AI-brug

Den nye dokumentskabelon "Politik for ansvarlig brug af AI" er klar til at hjælpe jer med retningslinjer for ansvarlig implementering og brug af AI-systemer.

Sådan tilføjer du den til dit bibliotek:

  1. Klik på Opret
  2. Vælg Opret nyt dokument ud fra skabelon
  3. Gå til Alle dokumenter
  4. Klik på dokumentet for at tilføje det til dit bibliotek
  5. Rediger dokumentet, så det passer til jeres organisation.

---------------------------------------------------------------------------------------------------------------------

 

Version 6.1 - 22 september, 2025

Operational Technology i NorthGRC

I NorthGRC kan du nu arbejde med OT-risiko i det nye OT-arbejdsområde, hvor du blandt andet kan arbejde med NIS2.

Hvis du har behov for at være NIS2-compliant, vil du også bemærke, at der er foretaget nogle ændringer i denne standard i NorthGRC – eller rettere i de kontroller, der er kortlagt til den.

I artikel 23 har vi skrevet forslag til kontroller, der omhandler hændelsesrapportering, og vi har tilføjet en kontrol i artikel 20 om træning af ledelsesorganet.

Derudover har vi opdelt nogle af kapitlerne i artikel 21 i underkapitler og kortlagt kontrollerne til disse.

Hvis du er interesseret i at få adgang til det nye OT-arbejdsområde eller høre mere, kan du kontakte Lisbeth Andreasen på la@northgrc.com

Nyheder i Risiko modulet

I risikomodulet er det nu muligt at definere virksomhedens risikoappetit:

 

Dette vil vise, om risikoen i en vurdering ligger inden for virksomhedens risikoappetit, eller om risikoen overstiger den appetit, man har defineret. Du kan bruge dette til nemt at identificere, hvilke risici der skal behandles, og hvilke der kan accepteres.

Med version 6.1 får du mulighed for at oprette dine egne trusselgrupper. Når du opretter en ny trussel, hvor du vælger trusselgruppen, vil du se muligheden for selv at oprette en gruppe:

 

Tidligere kunne du se alle tilgængelige risikoskalaer for alle workbenches i risikoindstillingerne. Nu vil du kun se de risikoskalaer, der er knyttet til det workbench, du aktuelt arbejder i:

 

En ny risiko-widget er blevet tilføjet til Dashboard, som viser de højest vurderede trusler for den workbench man arbejder i. Du finder den nye widget under Dashboard > Risk:

QOL-ændringer i Compliance

Workbench-specifik kontrolstatus
Kontroller har nu uafhængige statuser per workbench, hvilket gør det muligt at arbejde på den samme kontrol i forskellige sammenhænge. Det muliggøre også at forskellige brugere kan med samme kontrol, i forskellige workbenches. Statusændringer gælder kun for det workbench, du arbejder i.

Nedgradering af Compliance-mål
Du kan nu nedgradere dit compliance-mål under Indstillinger > Planlægning > Compliance-mål. Systemet viser en forhåndsvisning af, hvilke opgaver og dokumenter der vil blive fjernet, inden du skal bekræfte ændringen. Alt, du skal gøre, er at klikke på slideren og vælge det niveau, du ønsker at nedgradere til:

Nye integrationsmuligheder

NorthGRC tilbyder nu åbne API’er, der problemfrit kan forbindes med dine eksisterende systemer og applikationer. Denne integrationsmulighed gør det muligt at udnytte NorthGRC’s compliance management-funktioner i dit nuværende teknologiske økosystem.

Hvis du vil vide mere om adgang til og tilgængeligheden af API’er, kan du kontakte la@northgrc.com

Version 6.0 1 Maj, 2025

Risikolandskabet

Opret og gem dine egne brugerdefinerede filtre for kun at se de aktiver, der er relevante for dit arbejde lige nu.

Masseopdater aktiver

Vælg flere aktiver og ændr ejer, ansvarlig eller andre oplysninger for dem alle på én gang:

Bibliotek

Redigering af dokumenter og deres indstillinger er blevet endnu nemmere.

Ved at klikke på de tre prikker finder du nu indstillingerne for dokumentet i denne menu:

Her finder du en række undermenuer, der hjælper dig med at administrere dokumentet:

Workbenches

Du kan nu nulstille individuelle Workbenches eller moduler i NorthGRC til de oprindelige indstillinger og indhold:

Du finder denne nye funktion det samme sted som altid: Indstillinger > System > Nulstil NorthGRC og start forfra.

Brugere

Angiv brugerens foretrukne Workbench og sprog:

 

NorthRC Enterprise

Hvis du har en enterprise-løsning, har du nu et samlet dashboard, der viser din samlede compliance-status på tværs af alle dine virksomheder:

 

enterprise dashboard

 
Version 5.9 ​- March 13, 2025
In this version we have added new features to the Risk Landscape page:
  • select which columns you want to see
  • create custom made filters
  • see and add treatment tasks directly from the landscape page

Threat based risk analysis

If certain threats are not relevant for a certain assset, you can mark them as "not relevant" when you perform a threat based risk analysis.

Threats can be assessed for both C, I and A

In earlier versions, threats got one combined assessment for impact and one for probability. The assessments have been split up, so you can have individual assessments for confidentiality, integrity and availability. Per default, C, I and A all have the same value, but you can change it if you want. Remember that changing a threat does not impact your risk - it impacts the information you are presented with when analyzing risk.

You will see this option when you enter Threat based analysis:

The biggest change you will notice the threat catalogue, is that on each threat you now have three options, instead of one, for both impact and Probability:

Risk reports

add the report element "Asset Information" to see details about the assets in the report

Dashboards

Do you have more than one SoA? Pick which one should be shown on your dashboard.

Select which period you want to see your progress for.

More accurate calculation of compliance percentage

We have improved the calculation and are now using work hours instead of task duration for a more accurate number of how far you have come with your compliance work.

 
Version 5.8 ​- December 1, 2024
In this version we have added 12 new controls to ISO 27002:2022. You will find them:
  • on the compliance page when shown as ISO 27002:2022
  • in your Statement of Applicability (SoA) in draft version
  • in your 27002 rules document in draft version

The controls are suggestions for your compliance work, and they are set as "Needs review" per default. The controls are called:

  1. Topic specific policies (in chapter 5.1)
  2. Management responsibilities (in chapter 5.4)
  3. Assessing security events (in chapter 5.25)
  4. Responding to security incidents (in chapter 5.26)
  5. Maintaining Information Security During Disruption (in chapter 5.29)
  6. Monitoring Changes to Legal Requirements (in chapter 5.31)
  7. Record Management (in chapter 5.33)
  8. Handling Data Subject Access Requests (in chapter 5.34)
  9. Reviewing the ISMS (in chapter 5.35)
  10. Ensuring Effective Information Security Compliance (in chapter 5.36)
  11. Establishing Secure Physical Perimeters (in chapter 7.1)
  12. Securing Network Service Use (in chapter 8.21)

 

This version also contains the first full version of the ESG Workbench, which is now complete with all the needed functionality to get started with the ESG process. The Workbench helps you:
  • Mapping your value chain
  • Identifying what is material for the organisation (DMA)
  • Determining what data the company has and what they are missing (Gap analysis)
  • Selecting disclosure requirements
  • Collecting data for reporting
  • Extracting data for sustainability reporting (Reports)

 

Version 5.7 ​- October 21, 2024

An update with less new content, but a lot of backend updates to improve the system.

Vendors

  • Updates to vendor assessment approval

Tasks

  • Updates to group tasks
  • You can now set a task to implementation, which means it will count towards your compliance %

Version 5.6 ​- September 12, 2024

ISO 27017 -  Information security controls for cloud services has been added to the requirements in NorthGRC.

We have added new controls to the standards ISO 27001 and the Norwegian NSM Grunnprinsipper. This means that if you have enabled any of these standards, you will have a number of new controls showing up on your compliance page. All the new controls have the status "Needs review".

New controls for ISO 27001:

  • Information security policy
  • Information security objectives
  • Changes to the ISMS
  • Communications relevant to the ISMS
  • ISMS documentation
  • Creating and updating ISMS documentation
  • Control of ISMS documentation
  • Management review
  • Documentation of management review
  • Improving the ISMS
  • Handling nonconformities

New controls for NSM Grunnprinsipper:

  • Software inventory
  • Certified IT products
  • Risk Analysis in the Supply Chain
  • Code Maintenance
  • Security Architecture
  • Compatible IT Systems
  • Access to Services
  • Whitelisting Software
  • Approved System Configurations
  • Security of IoT Devices
  • Direct Traffic between Devices
  • Traffic between the Organisation and its Vendors
  • Simplified Account Management
  • Certificates
  • Anti-spoofing
  • Supported Email Clients and Browsers
  • Plug-ins
  • Securing logs
  • Assessment of Security Monitoring Data
  • Information about Penetration Testing
  • Incidence Impact
  • Escalation of Incidents
  • Registration of Incidents
  • Review of Security Controls

Version 5.5 ​- August 2024

Planning

  • It is now possible to create tasks that must be carried out by multiple users and track the individual users’ progress. This works much like the “sign for reading” functionality. 
  • You can also sort the phases in your plan as you want.

Vendors

  • You can request approval of a vendor assessment (much like approval of documents). In this way, it is possible to accept a questionnaire even though not all answers are completely at your acceptance level. When an assessment is approved, the vendor will no longer have a “red” status.
  • We have added a tab for all vendors, making it easier to see which systems they host and/or develop and their relations to other assets.
  • These relations are also exported when exporting your vendors to a csv file.
  • You can filter your vendors by organisation (a small thing but frequent request).
  • When adding new fields to vendors, the fields are added to existing vendors as well.

Risk

  • Risk treatment tasks are now visible on the Risk Landscape page.
  • See status for your business goals for as far back as you want (not just 90 days)
  • Filter your risk reports on organisational units, asset categories or by tags.
  • When exporting your assets to a csv file, organisation and and relations are now exported as well.
  • When analysing risk, the possible threat sources are now shown as well.
  • When adding new fields to an asset category, the fields are added to existing assets as well.
  • You can hide the information (exclamation mark) on the risk landscap page that shows where an asset was created.

Version 5.4 ​- July 2024

We're excited to announce several new features in our document library to streamline your workflow

Easily add classifications to your documents. Clearly display who is responsible and accountable for each document. Display which standards your documents adhere to. Track the creators and approvers of each document version.

Additionally, we've improved our knowledge base to make finding answers even easier. Now, you can quickly find solutions to your questions about using NorthGRC. Or maybe you want to watch our On-Demand Webinars? Just click the question mark in the upper right corner to visit the revamped knowledge base.

Is your organisation aiming for CSRD compliance or looking to report on sustainability? Our new ESG Workbench is here to help! It includes all ESRS' and Disclosure Requirements, Value Chain Mapping, Compliance Plans and much more!

 

Version 5.2.5​ - June 2024

In this version we have added Article 20 - and a few new controls - to NIS2.

You can now assess privacy risk on a 4, 5 or 6 scale to fit your organisations needs.

We have split up the access rights to give you the opportunity to control your users’ access rights separately for the Data Protection and Information Security workbench.

It is now easier to manage your vendors. All relations, contact persons, agreements, logs etc. are easily accessed in the bottom of the vendor dialogue.

…and then we have fixed a number of bugs.

 

Version 5.1​ - February 2024

Have you created relations between your assets in the risk module? If yes, it is now possible to see if a high risk on one asset is inherited to others. In this way, it will be clear that otherwise secured IT systems are actually at risk if the server room they reside in is vulnerable to flooding.

Larger organisations now have the opportunity to upgrade to an enterprise solution. The Enterprise solution allows for separate but connected compliance tools.

An overall "master" can see how all "members" are developing and ​then dive into the details of ​each member's compliance level.

Policies and other documentation are easily shared throughout the organisation, and document templates are easily controlled centrally.

 

Version 4.3 ​- October 2023

Working with GDPR​ compliance? You can now do privacy risk analyses on vendors, IT systems, processes​, etc. Look for the "Risk" menu in your Data Protection workbench.

Deleted something and then changed your mind? You can find and restore it from the recycle bin in Settings.

Create your own custom tags and use them for sorting and filtering throughout the tool.

Furthermore​, we have added more information to your risk landscape, more requirements to your requirement library​, and much more.

 

Version 4.2 ​- September 2023

Take a look at the Planning pages. We have made it easier to work with tasks and made you a reporting tab. Here you can easily see all the tasks you and your colleagues have carried out within a certain timeframe.

Create tasks directly on an asset or a control and remember to keep them updated. Link risk treatment tasks to multiple risk analyses.

What is the risk file for your company’s business goals? Does anything stand in the way of reaching them? Create your business goals and see how they are affected by the risks of your assets, vendors and processes.

​The entire tool and all templates are now translated into Swedish.
Lastly, we have added ISO 14001 to your compliance overview​ - and "Statens Tekniske Minimumskrav​" for our Danish users.
 
 
Version 4.0 - April 2023

We have created Workbenches - This means an easier way of working with Data Protection and  Information Security

We have added a number of new standards and improved existing ones:

- ISO 27002:2022 - The new ISO 27002!

- NIS2 

- GDPR - improved controls, shorter rules document, new privacy policy

- TISAX 

- NSM Grunnprinsipper

We have upgraded the way you work with Roles and access rights - manager, creator or auditor

Email notifications - You decide when, what they should say and how they should look.
 
Version 3.7 - February 2023
 
You can now create your TIA's (Transfer Impact Assessments) on your processing activities. The TIA is easy to complete. We have created a template for you, so all you have to do is fill it out and assess impact and probability.
We also improved user management quite a bit. As one of many improvements, it is now really easy to transfer ownership of all tasks, controls, documents etc from one user to another.
Need help building your ISMS?Click the question mark in the upper right corner and search our FAQ or find videos and manuals.
 

Med mere end 20 års erfaring udvikler og leverer NorthGRC software og specialiserede konsulentydelser, der hjælper organisationer med at styre governance, risk og compliance. Vores GRC-løsning understøtter op til 40 rammeværk og giver et samlet, operationelt greb om risici, kontroller og beslutningsgrundlag på tværs af forretning og regulering.

Besøg northgrc.com