We fixed a bug where policy reordering did not maintain the desired position.

Admins and roles with the ability to manage custom roles now have the ability to set granular permissions for each role in Exos.

When creating a procedure, procedure modifiers can now set the task verification approval strategy. This means that selected approvers (defined by their role in Exos) will be assigned task verification per the approval strategy.

• Renamed Security Consultant to Contributor
• Renamed Consultants tab on the Employee page to Contributors and include users with the role Contributor
• Add new default role called Employee
• Employee has the same permissions as any other custom employee role
• When inviting a user, the Employee role is checked by default
• When importing via CSV, if no role is defined, the default role is Employee

More support for frameworks have been added to Exos by MedStack. This will allow future mapping for SOC 2, ISO 27001, ISO 27002, and more.

Admins of organizations can now upload evidence directly from the evidence page so that you can have an existing pool of evidence you can refer to while completing procedures/tasks.

As a user who is completing an assigned task, you can select from a list of uploaded evidence, so that you not have to duplicate your work if you evidence happens to satisfy multiple assigned procedures/tasks.

As an Exos admin user, you can upload multiple types of vendor agreements. This allows you to have your Business Associate Agreements (BAAs), reports, and other agreements in one place.

As an Exos admin, you can sort policies in any order than I choose, so that other organization users can benefit from my logical grouping.

Audits and assessments often happen annually. Bulk archiving of evidence is necessary so that only the most relevant evidence is at the forefront.