Skip to main content

Changelog

Notable platform updates, new features, and improvements to ConcertoGRC.

May 2026

AI Model Cards & Governance Documentation

Published AI Model Cards with detailed guardrails, human oversight controls, and data handling documentation for all 36 AI features
Expanded AI Features documentation with complete feature catalog across Orchestrator, Auto-Suggest, Analysis, and Generation categories

Platform Security Documentation

Published Platform Security overview, Privacy Policy, Terms of Use, Acceptable Use Policy, Service Level Commitments, and Shared Responsibility Model
All policies available at Platform Security

Documentation Site Launch

Launched public documentation site at docs.concertogrc.com
46 pages covering all platform modules with screenshots and workflow guides
Full-text search, dark mode support, and mobile-responsive layout

Platform-Wide UI Refresh

Redesigned shared layout with a new slate theme, updated typography, and consistent navigation across all modules
Dashboard redesigned with compact tile layout, posture trendline, multi-color sparklines, and full-width charts

Onboarding Redesign

Completely rebuilt onboarding experience with a guided setup wizard, Getting Started dashboard, and orientation flow
New completion page with animated progress sequence

Single Sign-On -- Per-Tenant Microsoft SSO

Email-first login flow that detects tenant SSO configuration and routes to the correct identity provider
Per-tenant Microsoft Entra ID (OIDC) registration so each organization connects its own directory
Redesigned SSO and MFA settings page with clearer provider status and configuration
Tenant-level MFA enforcement with a guided enrollment modal for users who have not yet configured MFA

Vendor Management

Threaded comments on vendor requests and lifecycle tickets for in-context discussion
Per-stage approval notes with auto-posted decision comments so reviewers see the full trail
File attachments on vendor requests
Requester response workflow so vendors and requesters can reply within the approval flow
IRC filter dropdown and tier-change visibility on vendor assessments

Vulnerability Scanning -- HostedScan Integration

Migrated scanning infrastructure to HostedScan with 9 scan engines (Nuclei, OWASP ZAP, Nmap, SSLyze, OpenVAS, and more) available through 4 presets: Web App, Network, SSL/TLS, and Full Assessment
New Reports tab with on-demand .docx report generation and download history

Training Module Improvements

Bulk operations for campaigns and assignments (start, pause, complete, delete in batch)
Improved slide list with type-color coding, content previews, and drag-and-drop reordering

Tabletop Exercises -- Presenter Redesign

Cinematic presenter view with a redesigned facilitator experience
Observer-appropriate messaging and read-only view for non-participant admins
Exercise start is now gated to facilitators with a visible readiness indicator

Infrastructure and Cloud Diagrams

New diagram creation dialog with three workflow paths
Workspace gallery with product grouping
Promote security findings directly to remediation actions or risk register entries
Per-integration workspace auto-creation

Status Reports

Configurable report sections with per-section options and program health override
Multi-section HTML email renderer with in-app preview before sending
DOCX section selection pre-populated from tenant report configuration

Task Management

Tasks can now be deleted from the dashboard
Completion guards ensure tasks tied to access reviews, policy acknowledgments, and vendor reviews follow their parent workflow

Projects and Initiatives

Redesigned initiative cards, sidecar detail panel, and task list layout
Progress bars and assignee avatars in table views

Questionnaires

Owner field on Knowledge Base entries to identify subject-matter contacts

Framework Management

Framework unenroll with a preview of affected controls and automatic evidence cleanup

Customer Management

SLA report pagination for large report sets
Notifications inbox for SLA and engagement alerts
Bulk contract uploads with file streaming and title sanitization

April 2026

Employee Portal -- Incident Reporting

Added 5-step incident report wizard to the Employee Portal
Employees can report security incidents with severity, category, and description
Reports are routed to the tenant's incident response workflow

Vulnerability Scanning -- OWASP ZAP Integration

Added OWASP ZAP as a second scan engine alongside Nuclei
ZAP provides DAST scanning for application-level vulnerabilities (SQLi, XSS, CSRF)
Findings are triaged or promoted to Vulnerability records with source tracking

Endpoint Management -- Jamf Pro Integration

Added Jamf Pro as a third MDM provider alongside SimpleMDM and Microsoft Intune
Syncs Apple device inventory with encryption, firewall, and passcode compliance tracking

March 2026

Cost Management Dashboard

Per-tenant resource consumption tracking across AI/Bedrock, S3, SES, API requests, and integrations
Usage alerts with configurable thresholds and CSV export

February 2026

Identity Provider Integration -- Google Workspace

Added Google Workspace directory sync via Admin SDK
Domain-wide delegation setup with per-field sync policy
MFA detection, auto-escalation, and 5 evidence reports

Phishing Simulation Module

Campaign management with template editor, recipient selection, and scheduling
GoPhish integration for SMTP delivery and click/submit tracking
Auto-remediation creates training campaigns for clickers

Security Awareness Training

AI-generated training modules with slides, quizzes, and scenarios
Campaign management with auto-enrollment, reminders, and completion tracking
Phishing simulation integration for targeted remediation training

January 2026

Migration Wizard

One-time data migration tool for onboarding from Airtable, Vanta, Drata, Secureframe, Sprinto, or CSV
Session-based workflow: authenticate, fetch, preview with field mapping, execute, review results
AI-powered column-to-field mapping suggestions

Identity Provider Integration -- Microsoft 365

Microsoft Entra ID directory sync with one-click admin consent
Auto-populates AccessPersonnel and AccessGroup records
Per-field sync policy (IdP-managed vs. local), email-based dedup, MFA detection

Tabletop Exercise Module

Scenario-based tabletop exercises with multi-phase inject delivery
Facilitator and participant views with real-time progression
AI-generated scenarios from topic prompts

December 2025

Business Impact Assessment Module

BIA records with criticality scoring and dependency mapping
AI-powered environment import generates BIA records from text descriptions
Vendor and risk cross-linking

Customer Commitments Tracking

AI-powered commitment extraction from customer contracts
Source-clause traceability with verbatim quote references
Obligation tracking with status and owner assignment

Inbound Questionnaire Management

Receive, assign, and respond to customer security questionnaires
Knowledge base with AI-assisted response suggestions
Multi-reviewer workflow with status tracking

November 2025

Risk Register Enhancements

AI-powered risk register generation from environment descriptions
Inherent and residual scoring with 5x5 heat map visualization
Framework control mapping for risk-to-control traceability

Vendor Management -- AI-Assisted Due Diligence

AI-powered vendor risk assessments from questionnaire responses
Legal review of vendor privacy policies, terms, and DPAs
Vendor URL auto-discovery for trust center and privacy policy links

Recurring Activities Overhaul

Occurrence-based workflow with cadence-driven task generation
Evidence request linking for recurring evidence collection
Overdue detection with task synchronization

For questions about specific releases, contact support@concertocompliance.com.

May 2026
April 2026
March 2026
- Cost Management Dashboard
February 2026
January 2026
December 2025
November 2025