Release Notes - Jan 2026

Release Notes

Release v4.1.123

27 Jan, 2026

1. [TPRM] Questionnaire Reassessment

We are introducing a structured, auditable workflow to reassess third-party questionnaires. Analysts can initiate new reassessment cycles (pre-filled or blank), archive prior assessments, and ensure only the latest questionnaire contributes to scoring, while vendors gain visibility into past submissions and can reuse responses.

2. [TPRM] Request Attested Documents like SOC 2, ISO, etc.

Request attested documents like SOC 2, ISO, etc. with direct vendor uploads. SAFE automatically converts submissions into questionnaire findings and updates risk insights for attestation requests.

Key Highlights

New request-type indicators in the questionnaire list for improved analyst clarity and filtering
Clear vendor guidance with dedicated upload experience, validations, and success confirmation
Automated email notifications and reminders tailored for document-only requests.
Analyst controls to review, reopen with comments, and re-request evidence without losing assessment context
All submitted documents are validated, stored in the Document Store, and linked to assessments

Release v4.1.121, v4.1.122

12 Jan, 2026

1. [TPRM] Centralized Document Store

A centralized Document Store for Analyst and Vendor portals enables document reuse, controlled access, and faster questionnaire evidence management. This unified Documents experience improves visibility, enables controlled access, and streamlines evidence management and collaboration.

Key Highlights

Centralized Document Store in the Analyst Portal (formerly Evidence) to upload, manage, and reuse documents.
New Documents tab in the Vendor Portal with multi-file upload, progress tracking, search, filtering, and management
Ability to attach documents directly to questions by linking existing files or uploading new ones.
Document-level access control to distinguish restricted vs third-party, visible documents.

2. [TPRM] Smart Auto Reminders for Questionnaires

SAFE now automatically schedules smart reminders and escalations for questionnaires based on their due dates, reducing the need for manual follow-ups and missed assessments. You can enable the smart reminders from Settings > Third-party > Default Smart Reminders.

3. [TPRM] Enhanced Fourth-Party Coverage

SAFE can now identify and monitor 8,000+ fourth parties across third-parties, with visibility into how many third parties connect to each fourth party—providing early insight into downstream concentration risk.

4. Custom Field Enhancements

SAFE now supports new custom field types, including Multi Select and Long Text, along with UI updates that rename Predefined to Single Select and Any to Text. Custom Fields can now be displayed in data tables and used for filtering, improving visibility and usability.

5. SafeX-driven CVE Impact Visibility and Issue Management

Users can now identify third parties impacted by specific CVEs by simply asking SafeX, which lists the affected third parties. Users can also ask SafeX to create issues for the impacted third parties.

6. Control Maturity Inheritance

SAFE now allows users to automatically inherit control maturity across groups, ensuring consistent governance while eliminating repetitive manual configuration.

Key Highlights

Automatically inherit control maturity from the enterprise or other group, with default inheritance configurable globally.
Full audit trail capturing who enabled inheritance and the rationale
Inherited controls and findings are clearly indicated and read-only by default, with an option to override during copy
Inheritance remains independent of VMC, DSC, linked findings, or questions, ensuring predictable behavior.

7. Integration with Orca Security

SAFE now seamlessly integrates with Orca Security, a leading CSPM platform, to ingest cloud infrastructure assets, associated vulnerabilities, and security alerts.