Fixed bug with manually ordering policies

We fixed a bug where policy reordering did not maintain the desired position.


Custom role permissions

Admins and roles with the ability to manage custom roles now have the ability to set granular permissions for each role in Exos.


Tasks can have multiple verifiers

When creating a procedure, procedure modifiers can now set the task verification approval strategy. This means that selected approvers (defined by their role in Exos) will be assigned task verification per the approval strategy.


New Employee default role

  • Renamed Security Consultant to Contributor
  • Renamed Consultants tab on the Employee page to Contributors and include users with the role Contributor
  • Add new default role called Employee
  • Employee has the same permissions as any other custom employee role
  • When inviting a user, the Employee role is checked by default
  • When importing via CSV, if no role is defined, the default role is Employee

Improved compliance framework support

More support for frameworks have been added to Exos by MedStack. This will allow future mapping for SOC 2, ISO 27001, ISO 27002, and more.


Bulk evidence upload

Admins of organizations can now upload evidence directly from the evidence page so that you can have an existing pool of evidence you can refer to while completing procedures/tasks.


Allow users to select already uploaded evidence

As a user who is completing an assigned task, you can select from a list of uploaded evidence, so that you not have to duplicate your work if you evidence happens to satisfy multiple assigned procedures/tasks.


Increased vendor agreement support

As an Exos admin user, you can upload multiple types of vendor agreements. This allows you to have your Business Associate Agreements (BAAs), reports, and other agreements in one place.


Customizable policy sort order

As an Exos admin, you can sort policies in any order than I choose, so that other organization users can benefit from my logical grouping.


Allow evidence to be archived

Audits and assessments often happen annually. Bulk archiving of evidence is necessary so that only the most relevant evidence is at the forefront.