==New features in Risk Management==

===Updating risks as a Practitioner===
From this release onwards, risks and opportunities can be proactively updated by the risk owners or advisors in their role as Practitioner users. The new ‘Update risk/opportunity’ button is available for this purpose under My Tasks.
::[[Datei:Bild1.png|left]] 
Expert and Professional users of a management system still have the option of requesting that an advisor update a risk. To do this, there is now a ‘Request update’ button at the bottom of the risk maintenance form (next to ‘Save’ and ‘Close’). This replaces the ‘Request review’ button that was previously located on risks (top right).
::[[Datei:Bild2.png|left]] 
Once an update is initiated, the interface is read-only for experts and professionals in the management system. The risk’s status is set to ‘Update Pending’. Clicking the violet “Update Pending” button displays the changes already entered by the advisor, and experts or professionals can revert these changes by selecting “Reject update”. Experts/professionals or practitioner users can leave comments for their colleagues explaining their respective workflow steps. These can then be viewed at via the new “Messages & History” button.
::[[Datei:Bild3.png|left]] 
While the risk is being updated, a Practitioner user can edit the risk’s master data or the measures and controls for risk treatment as part of an update.
::[[Datei:Bild4.png|left]] 
After saving the changes and when submitting the update, HITGuard summarizes the changes in a separate overview (“Show changes”). This allows Advisors to compare old and new values. Later, when reviewing the update, the Professional or Expert will also see the same overview. This makes it easier to assess whether to reject or accept the update, or whether further changes need to be incorporated. You can see how the overview looks for the expert and professional below:
::[[Datei:Bild5.png|left]] 
During the update, the risk owner or advisor first enters a justification. Later, the Professional or Expert can edit this justification. HITGuard then files these jointly created entries in the risk’s timeline, creating a traceable history of the workflow steps and changes to the risk.
::[[Datei:Bild6.png|left|thumb|500px]] 
You can find out more about the new workflow in our [[Special:MyLanguage/Risikobewertung/en#Workflow_zur_Risikobewertung|Online help]].

===Attaching Documents to a Risk===
Some customers wished to store documentation relating to risks. Expert and Professional users can now attach one or more documents or links to a risk. Practitioner users can now also use this functionality when creating or updating a risk.

===New KPI “Resources by Protection Requirements”===
To provide a better overview of the protection requirement classes of your resources, we have implemented a new KPI: Under the “Risk Management” section, you will now find the KPI “Resources by Protection Requirements”. This allows you to view your assets grouped by protection requirements in a doughnut chart. You can also filter by protection objectives or display specific model segments.
::[[Datei:Bild7.png|left]] 
You can find out mor about this new KPI in our [[Special:MyLanguage/Risikomanagement_Dashboard/en#Ressourcen_nach_Schutzbedarfen|Online help]].

===More options for displaying the protection requirements in overviews===
To make better use of the synergies between multiple management systems, new display options for protection requirement classes are now available. Under Administration > Resources and Administration > Suppliers, the protection requirement classes are displayed as colored icons in the first column of the table. You now also include the protection requirement classifications of all other management systems. The most critical value, i.e. the highest protection requirement class of the resource, is displayed. The new KPI (see section 1.3) also offers this configuration option.
::[[Datei:Bild8.png|left]] 

===New overview in the ‘load configuration’ section in structural analysis===
To make it easier to work with saved configurations in the structure analysis, we have introduced the ability to search, filter and sort within the saved views. This makes it easier to quickly locate saved views again.
::[[Datei:Bild9.png|left]] 

===Extension to Compliance reporting ===
To make the evaluation of reviews more flexible and useful, we have expanded the filtering options for the Compliance Spider KPIs. This applies to the KPI ‘Compliance Fulfilment’, a central evaluation mechanism, as well as ‘Question Coverage Percentage’ and ‘Question Coverage Total’, which provide you with an overview of the progress of your reviews. You can now filter by reviews, analysis periods or custom-defined periods. 
In addition, customers using the Audit Management module can restrict the display to audit programs and audits. Customers using the Supplier Management module can now restrict the three KPIs mentioned above, as well as the KPI “Compliance by knowledge bases”, to supplier audits only or exclude them entirely.


==New features in Audit Management==

===More customization options in the Audit Report===
To enable you to streamline your audit reports, we have revised the settings in the audit report, non-conformity analysis report and compliance report . It is now possible to evaluate objects of review in detail without necessarily printing details of the audit questions. This allows for detailed evaluations whilst maintaining streamlined reports.
To this end, the options from the ‘Objects of Review’ section have been integrated into the existing ‘Detailed Evaluation’ section. In this report options section, you can now configure detailed settings for objects of review and/or audit questions separately.
::[[Datei:Bild10.png|left]] 

<div class="mw-translate-fuzzy">
===Pre-assigning the responsible user in an audit===
With the new release, HITGuard automatically sets the person responsible for an organizational unit as the person in charge of an audit as soon as you select the organizational unit when creating the audit. This allows you to leverage the information from their master data more effectively for pre-assignment and thus create audits more quickly.
</div>

===New Audit type available===
To support the recording of different types of audit related activities, we have introduced the new audit type “Inspection”. Customers often wish to record results from tests or reviews carried out by external service providers or supplier reviews without implying that these constitute an audit against a standard. The “Inspection” audit type allows this distinction to be made.


==New features in case management==

===Create and assign reviews directly in a dossier===
From this release onwards, reviews can be created and assigned directly within the Case Management dossiers. To this end, the dossier now features the same ‘Create’ buttons as those found in the review overviews from Risk and Audit Management.
::[[Datei:Bild11.png|left]] 


==New features for measures & controls==

===Entering multiple responsible persons for measures===
From now on, multiple responsible parties (multiple individuals, multiple teams, or a combination of individuals and teams) can be assigned to measures. This allows you to assign measures to those responsible for implementation more flexibly.
::[[Datei:Bild12.png|left]] 
You can find out more in our [[Special:MyLanguage/Fortschrittsmeldungen/en|Online help]].

===Selecting multiple attachments in progress reports===
When submitting progress reports for measures, it is now possible to upload multiple documents simultaneously as evidence. This simplifies and speeds up the workflow for your Practitioner users, as the upload dialogue no longer needs to be opened repeatedly.

===New filtering options in the KPI ‘Measures of the OEs – By Status’ ===
For the KPI “OEs’ Measures – By Status”, it is now possible to filter content. You can search for specific reviews and organizational units. You can also restrict the KPI to a custom time period or to analysis periods.
::[[Datei:Bild13.png|left]] 
If audit management is enabled, you can also filter by audit programs and audits. This allows you to configure the KPI more precisely and focus on the information that is most relevant to you.


==New features in Data Protection==

===Improvements to the display of processing activities ===
This release improves how HITGuard displays processing activities in the organization tree view. Previously, all processing activities of a node, including those of all subordinate nodes, were displayed, resulting in a very extensive list. With this update, only the processing activities directly assigned to the selected node are now displayed. For a complete overview of all processing activities, the list view without a tree structure remains available.


==New features in supplier management==

===Improvement to the expiry function for suppliers ===
In this release, we have revised and simplified the expiry behavior for suppliers. An expired supplier is a supplier who is currently unable to log in via the Supplier Risk Management Portal and respond to a review. As a result, they are deactivated and no longer consume a license. An expired supplier whose expiry date lies in the past is automatically considered deactivated. For a supplier who is deactivated manually, the current date is set as the expiry date. In doing so, all login details for supplier users are also removed. The two deactivation methods therefore have the same effect.
You can find out more in our [[Special:MyLanguage/Lieferanten/en|Online help]].

===Internal contact persons for suppliers===
Previously, you already had the option to define an internal team that would be notified in good time before supplier contracts expire, meaning they could no longer be subject to reviews via the Supplier Risk Management Portal. With the new release, you can allocate responsibility in even greater detail. It is now possible to enter a specific team or an individual person (a HITGuard user) as the contact person for each supplier. This ensures that specific responsible parties are notified in a more targeted manner before the supplier’s contract expires.

===Extension of the filter functions for suppliers===
In addition to the existing option to restrict a KPI to specific suppliers, you now also have the option to specifically exclude suppliers from the KPI or to restrict the KPI to suppliers (all or only selected suppliers). This applies to all KPIs that represent risks, including but not limited to the “Risk Matrix”, “Risks/Opportunities by Status”, and “Risks by Threats”. You can also filter all KPIs that evaluate compliance reviews in this way. This applies, for example, to “Gap Analyses by Status” and “Compliance Fulfilment”.
::[[Datei:Bild14.png|left]] 


==General==

===New Standards available===
With this update, the following standards are available to all customers:
*B3S Health 1.3.1 – Sector-specific security standard ‘Medical Care’
*BSIG – Act on the Federal Office for Information Security and on Information Security in Institutions (BSI Act – BSIG)
*EN ISO 22301:2019 – Security and resilience – Business continuity management system – Requirements (ISO 22301:2019)
*EN ISO 31000-2018 – Risk management – Guidelines (ISO 31000:2018)
*AI Regulation – Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence
*NISG2026 - Federal Act on Ensuring a High Level of Cybersecurity for Network and Information Systems (Network and Information Systems Security Act 2026 – NISG 2026)
*ÖNORM D 4901 – Risk management for organisations and systems – Requirements for the risk management system – Guidance on the implementation of ISO 31000
*RKEG – Critical Infrastructure Resilience Act
*RKE/CER Directive – Directive (EU) 2022/2557 of the European Parliament and of the Council of 14 December 2022 on the resilience of critical infrastructure and repealing Council Directive 2008/114/EC

===Adaptations of existing Standards===
The standard EN ISO/IEC 42001:2023 has been expanded in Annex A to include Chapters A.2 to A.10. 
In the KDR and KDR-OG standards, paragraphs § 6, § 11, § 52 and § 53 have been added. In addition to the expansion, there have been minor adjustments to standard mapping, sorting order and master data for the standards.

===Improvements to knowledge bases===
To make editing knowledge bases easier, we revised the display and many aspects of the interaction in the second tab, ‘Topics’, of the knowledge base. Individual topics can now be opened and edited with a double-click; all linked elements on this page can not only be linked, but also unlinked in the list view using a dedicated button. This allows for more efficient editing of knowledge bases.
::[[Datei:Bild15.png|left]] 

===Templates for Risks and Opportunities ===
This release enables customers to manager templates for risks and opportunities in knowledge bases. This allows risks and opportunities to be prepared in knowledge bases and accessed later when working with HITGuard. 
The risks and opportunities can be assigned to one or more categories within the knowledge base. These categories can be freely edited and help with filtering risks and opportunities when using these templates to create a risk or opportunity. 
These templates can be accessed directly in the risk or opportunity. Expert users will now see a ‘Book’ button that allows them to access the templates from the knowledge bases.
::[[Datei:Bild16.png|left]] 

===Extension of the risk import function===
the import function for risks was expanded as well. Risks can now be assigned additional properties during import. This includes the strategy, comments, the advisor and the risk status. This allows you to import not only risks in the status ‘Active’, as before, but also ‘Accepted’ or ‘Submitted’ risks. As before, submitted risks trigger a report to management system administrators.
You can find more information on importing via Excel in our [[Special:MyLanguage/Datenimport#Risiken_importieren/en|Online help]].

===Importing users ===
The import function under Administration > Data Imports has been expanded. You can now also import and update users quickly and easily via Excel.
::[[Datei:Bild17.png|left]] 
You can find an import template for users in our [[Special:MyLanguage/Datenimport#Benutzerverwaltung|Online help]].

===Importing topics into knowledge bases ===
In HITGuard, you can import various elements into in knowledge bases as templates. Previously, this only included test questions, measures, controls and justification templates. With the new release, we expanded the import function under Administration > Data Import so that in addition to the previously available elements, you can now also import topics, risks and threats via Excel. Furthermore, it is possible to define the links between topics and audit questions directly in this Excel file and import these links as well. This saves time when creating knowledge bases and makes additions and updates easier and faster.
You can find an extended import template for knowledge bases in our [[Special:MyLanguage/Datenimport/en#Elemente_f%C3%BCr_Wissensdatenbanken_(WDBs)_importieren|Online help]].

===Importing relationships to resources===
An additional extension of the import function is available for resources, for which the new import type “Resource connection” is now available. This allows you to create or update relationships between resources and other structural elements. This saves you from having to manually enter relationships when creating information networks.
::[[Datei:Bild18.png|left]] 
You can find an import template for resource links in our [[Special:MyLanguage/Datenimport/en#Ressourcenverbindungen_importieren|Online help]].

===Extension of the REST API ===
The options for import via REST API have also been expanded. All changes explained in sections 7.5, 7.6 and 7. 8 have also been implemented for the REST API interface. This means you can also import risks in different statuses as well as relationships between resources via the REST API.
You can find out more in our [[Special:MyLanguage/Datenimport/-export_Schnittstelle/en|Online help]].

2026-04-09T08:18:43Z

KoKl: Die Seite wurde neu angelegt: „===Adaptations of existing Standards=== The standard EN ISO/IEC 42001:2023 has been expanded in Annex A to include Chapters A.2 to A.10. In the KDR and KDR-OG standards, paragraphs § 6, § 11, § 52 and § 53 have been added. In addition to the expansion, there have been minor adjustments to standard mapping, sorting order and master data for the standards.“

==New features in Risk Management==

===Updating risks as a Practitioner===
From this release onwards, risks and opportunities can be proactively updated by the risk owners or advisors in their role as Practitioner users. The new ‘Update risk/opportunity’ button is available for this purpose under My Tasks.
::[[Datei:Bild1.png|left]] 
Expert and Professional users of a management system still have the option of requesting that an advisor update a risk. To do this, there is now a ‘Request update’ button at the bottom of the risk maintenance form (next to ‘Save’ and ‘Close’). This replaces the ‘Request review’ button that was previously located on risks (top right).
::[[Datei:Bild2.png|left]] 
Once an update is initiated, the interface is read-only for experts and professionals in the management system. The risk’s status is set to ‘Update Pending’. Clicking the violet “Update Pending” button displays the changes already entered by the advisor, and experts or professionals can revert these changes by selecting “Reject update”. Experts/professionals or practitioner users can leave comments for their colleagues explaining their respective workflow steps. These can then be viewed at via the new “Messages & History” button.
::[[Datei:Bild3.png|left]] 
While the risk is being updated, a Practitioner user can edit the risk’s master data or the measures and controls for risk treatment as part of an update.
::[[Datei:Bild4.png|left]] 
After saving the changes and when submitting the update, HITGuard summarizes the changes in a separate overview (“Show changes”). This allows Advisors to compare old and new values. Later, when reviewing the update, the Professional or Expert will also see the same overview. This makes it easier to assess whether to reject or accept the update, or whether further changes need to be incorporated. You can see how the overview looks for the expert and professional below:
::[[Datei:Bild5.png|left]] 
During the update, the risk owner or advisor first enters a justification. Later, the Professional or Expert can edit this justification. HITGuard then files these jointly created entries in the risk’s timeline, creating a traceable history of the workflow steps and changes to the risk.
::[[Datei:Bild6.png|left|thumb|500px]] 
You can find out more about the new workflow in our [[Special:MyLanguage/Risikobewertung/en#Workflow_zur_Risikobewertung|Online help]].

===Attaching Documents to a Risk===
Some customers wished to store documentation relating to risks. Expert and Professional users can now attach one or more documents or links to a risk. Practitioner users can now also use this functionality when creating or updating a risk.

===New KPI “Resources by Protection Requirements”===
To provide a better overview of the protection requirement classes of your resources, we have implemented a new KPI: Under the “Risk Management” section, you will now find the KPI “Resources by Protection Requirements”. This allows you to view your assets grouped by protection requirements in a doughnut chart. You can also filter by protection objectives or display specific model segments.
::[[Datei:Bild7.png|left]] 
You can find out mor about this new KPI in our [[Special:MyLanguage/Risikomanagement_Dashboard/en#Ressourcen_nach_Schutzbedarfen|Online help]].

===More options for displaying the protection requirements in overviews===
To make better use of the synergies between multiple management systems, new display options for protection requirement classes are now available. Under Administration > Resources and Administration > Suppliers, the protection requirement classes are displayed as colored icons in the first column of the table. You now also include the protection requirement classifications of all other management systems. The most critical value, i.e. the highest protection requirement class of the resource, is displayed. The new KPI (see section 1.3) also offers this configuration option.
::[[Datei:Bild8.png|left]] 

===New overview in the ‘load configuration’ section in structural analysis===
To make it easier to work with saved configurations in the structure analysis, we have introduced the ability to search, filter and sort within the saved views. This makes it easier to quickly locate saved views again.
::[[Datei:Bild9.png|left]] 

===Extension to Compliance reporting ===
To make the evaluation of reviews more flexible and useful, we have expanded the filtering options for the Compliance Spider KPIs. This applies to the KPI ‘Compliance Fulfilment’, a central evaluation mechanism, as well as ‘Question Coverage Percentage’ and ‘Question Coverage Total’, which provide you with an overview of the progress of your reviews. You can now filter by reviews, analysis periods or custom-defined periods. 
In addition, customers using the Audit Management module can restrict the display to audit programs and audits. Customers using the Supplier Management module can now restrict the three KPIs mentioned above, as well as the KPI “Compliance by knowledge bases”, to supplier audits only or exclude them entirely.


==New features in Audit Management==

===More customization options in the Audit Report===
To enable you to streamline your audit reports, we have revised the settings in the audit report, non-conformity analysis report and compliance report . It is now possible to evaluate objects of review in detail without necessarily printing details of the audit questions. This allows for detailed evaluations whilst maintaining streamlined reports.
To this end, the options from the ‘Objects of Review’ section have been integrated into the existing ‘Detailed Evaluation’ section. In this report options section, you can now configure detailed settings for objects of review and/or audit questions separately.
::[[Datei:Bild10.png|left]] 

<div class="mw-translate-fuzzy">
===Pre-assigning the responsible user in an audit===
With the new release, HITGuard automatically sets the person responsible for an organizational unit as the person in charge of an audit as soon as you select the organizational unit when creating the audit. This allows you to leverage the information from their master data more effectively for pre-assignment and thus create audits more quickly.
</div>

===New Audit type available===
To support the recording of different types of audit related activities, we have introduced the new audit type “Inspection”. Customers often wish to record results from tests or reviews carried out by external service providers or supplier reviews without implying that these constitute an audit against a standard. The “Inspection” audit type allows this distinction to be made.


==New features in case management==

===Create and assign reviews directly in a dossier===
From this release onwards, reviews can be created and assigned directly within the Case Management dossiers. To this end, the dossier now features the same ‘Create’ buttons as those found in the review overviews from Risk and Audit Management.
::[[Datei:Bild11.png|left]] 


==New features for measures & controls==

===Entering multiple responsible persons for measures===
From now on, multiple responsible parties (multiple individuals, multiple teams, or a combination of individuals and teams) can be assigned to measures. This allows you to assign measures to those responsible for implementation more flexibly.
::[[Datei:Bild12.png|left]] 
You can find out more in our [[Special:MyLanguage/Fortschrittsmeldungen/en|Online help]].

===Selecting multiple attachments in progress reports===
When submitting progress reports for measures, it is now possible to upload multiple documents simultaneously as evidence. This simplifies and speeds up the workflow for your Practitioner users, as the upload dialogue no longer needs to be opened repeatedly.

===New filtering options in the KPI ‘Measures of the OEs – By Status’ ===
For the KPI “OEs’ Measures – By Status”, it is now possible to filter content. You can search for specific reviews and organizational units. You can also restrict the KPI to a custom time period or to analysis periods.
::[[Datei:Bild13.png|left]] 
If audit management is enabled, you can also filter by audit programs and audits. This allows you to configure the KPI more precisely and focus on the information that is most relevant to you.


==New features in Data Protection==

===Improvements to the display of processing activities ===
This release improves how HITGuard displays processing activities in the organization tree view. Previously, all processing activities of a node, including those of all subordinate nodes, were displayed, resulting in a very extensive list. With this update, only the processing activities directly assigned to the selected node are now displayed. For a complete overview of all processing activities, the list view without a tree structure remains available.


==New features in supplier management==

===Improvement to the expiry function for suppliers ===
In this release, we have revised and simplified the expiry behavior for suppliers. An expired supplier is a supplier who is currently unable to log in via the Supplier Risk Management Portal and respond to a review. As a result, they are deactivated and no longer consume a license. An expired supplier whose expiry date lies in the past is automatically considered deactivated. For a supplier who is deactivated manually, the current date is set as the expiry date. In doing so, all login details for supplier users are also removed. The two deactivation methods therefore have the same effect.
You can find out more in our [[Special:MyLanguage/Lieferanten/en|Online help]].

===Internal contact persons for suppliers===
Previously, you already had the option to define an internal team that would be notified in good time before supplier contracts expire, meaning they could no longer be subject to reviews via the Supplier Risk Management Portal. With the new release, you can allocate responsibility in even greater detail. It is now possible to enter a specific team or an individual person (a HITGuard user) as the contact person for each supplier. This ensures that specific responsible parties are notified in a more targeted manner before the supplier’s contract expires.

===Extension of the filter functions for suppliers===
In addition to the existing option to restrict a KPI to specific suppliers, you now also have the option to specifically exclude suppliers from the KPI or to restrict the KPI to suppliers (all or only selected suppliers). This applies to all KPIs that represent risks, including but not limited to the “Risk Matrix”, “Risks/Opportunities by Status”, and “Risks by Threats”. You can also filter all KPIs that evaluate compliance reviews in this way. This applies, for example, to “Gap Analyses by Status” and “Compliance Fulfilment”.
::[[Datei:Bild14.png|left]] 


==General==

===New Standards available===
With this update, the following standards are available to all customers:
*B3S Health 1.3.1 – Sector-specific security standard ‘Medical Care’
*BSIG – Act on the Federal Office for Information Security and on Information Security in Institutions (BSI Act – BSIG)
*EN ISO 22301:2019 – Security and resilience – Business continuity management system – Requirements (ISO 22301:2019)
*EN ISO 31000-2018 – Risk management – Guidelines (ISO 31000:2018)
*AI Regulation – Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence
*NISG2026 - Federal Act on Ensuring a High Level of Cybersecurity for Network and Information Systems (Network and Information Systems Security Act 2026 – NISG 2026)
*ÖNORM D 4901 – Risk management for organisations and systems – Requirements for the risk management system – Guidance on the implementation of ISO 31000
*RKEG – Critical Infrastructure Resilience Act
*RKE/CER Directive – Directive (EU) 2022/2557 of the European Parliament and of the Council of 14 December 2022 on the resilience of critical infrastructure and repealing Council Directive 2008/114/EC

===Adaptations of existing Standards===
The standard EN ISO/IEC 42001:2023 has been expanded in Annex A to include Chapters A.2 to A.10. 
In the KDR and KDR-OG standards, paragraphs § 6, § 11, § 52 and § 53 have been added. In addition to the expansion, there have been minor adjustments to standard mapping, sorting order and master data for the standards.

===Improvements to knowledge bases===
To make editing knowledge bases easier, we revised the display and many aspects of the interaction in the second tab, ‘Topics’, of the knowledge base. Individual topics can now be opened and edited with a double-click; all linked elements on this page can not only be linked, but also unlinked in the list view using a dedicated button. This allows for more efficient editing of knowledge bases.
::[[Datei:Bild15.png|left]] 

===Templates for Risks and Opportunities ===
This release enables customers to manager templates for risks and opportunities in knowledge bases. This allows risks and opportunities to be prepared in knowledge bases and accessed later when working with HITGuard. 
The risks and opportunities can be assigned to one or more categories within the knowledge base. These categories can be freely edited and help with filtering risks and opportunities when using these templates to create a risk or opportunity. 
These templates can be accessed directly in the risk or opportunity. Expert users will now see a ‘Book’ button that allows them to access the templates from the knowledge bases.
::[[Datei:Bild16.png|left]] 

<div lang="de" dir="ltr" class="mw-content-ltr">
===Erweiterung des Imports für Risiken===
Die Risikoerfassung über Import wurde erweitert, sodass man nun Risiken beim Import weiteren Eigenschaften ausstatten kann. Dies umfasst die Strategie, Anmerkungen, den Sachbearbeiter und den Status des Risikos. Damit können Sie nicht nur wie bisher „aktive“, sondern auch „akzeptierte“ oder „eingereichte“ Risiken importieren. Eingereichte Risiken lösen wie gehabt eine Meldung an Managementsystemverantwortliche aus.
Mehr zum Import mit Excel finden sie hier in der [[Special:MyLanguage/Datenimport#Risiken_importieren|Online-Hilfe]]
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
===Import von Benutzern===
Die Importfunktion unter Administration > Datenimporte wurde erweitert. Jetzt können Sie auch Benutzer einfach und schnell per Excel importiert und aktualisiert werden.
::[[Datei:Bild17.png|left]] 
Eine Importvorlage für Benutzer finden Sie in unserer [[Special:MyLanguage/Datenimport#Benutzerverwaltung|Online-Hilfe]]
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
===Import von Themen zu Wissensdatenbanken===
In HITGuard kann man die unterschiedlichen Elemente von Wissensdatenbanken importieren. Bisher hat das nur Prüffragen, Maßnahmen, Kontrollen und Begründungsvorlagen umfasst. Mit dem neuen Release wurde die Importfunktion unter Administration > Datenimporte wurde so erweitert, dass Sie jetzt zusätzlich zu den bisher verfügbaren Elementen der Wissensdatenbank auch Themen, Risiken und Bedrohungen per Excel importieren können. Zusätzlich ist es möglich, die Verknüpfung von Themen und Prüffragen bereits in diesem Excel zu erfassen und ebenso zu importieren. Das spart Zeit beim Erstellen von Wissensdatenbanken und macht Anlagen und Updates einfacher und schneller.
Eine erweiterte Importvorlage für Wissensdatenbanken finden Sie in unserer [[Special:MyLanguage/Datenimport#Elemente_f%C3%BCr_Wissensdatenbanken_(WDBs)_importieren|Online-Hilfe]]
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
===Import von Beziehungen zu Ressourcen===
Eine zusätzliche Erweiterung der Importfunktion findet sich bei den Ressourcen, für die jetzt die neue Importart „Ressourcenverbindung“ zur Verfügung steht. Damit können Sie Beziehungen zwischen Ressourcen und anderen Strukturelementen erstellen bzw. aktualisieren. Das erspart Ihnen das manuelle Einpflegen von Beziehungen beim Erfassen von Informationsverbünden.
::[[Datei:Bild18.png|left]] 
Eine Importvorlage für Ressourcenverbindungen finden Sie in unserer [[Special:MyLanguage/Datenimport#Ressourcenverbindungen_importieren|Online-Hilfe]]
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
===Erweiterung der REST API===
Die Importmöglichkeiten über REST API wurden ebenfalls erweitert. Alle Änderungen, die in den Punkten 7.5, 7.6. und 7.8 erklärt werden, wurden auch für die REST-API Schnittstelle umgesetzt. Somit können Sie auch Risiken in unterschiedlichen Status sowie Beziehungen zwischen Ressourcen über die Rest API importieren.
Mehr dazu erfahren Sie in der [[Special:MyLanguage/Datenimport/-export_Schnittstelle|Online-Hilfe]]
</div>

Translations:HITGuard Release April 2026/27/en

2026-04-09T08:18:38Z

KoKl: Die Seite wurde neu angelegt: „===Templates for Risks and Opportunities === This release enables customers to manager templates for risks and opportunities in knowledge bases. This allows risks and opportunities to be prepared in knowledge bases and accessed later when working with HITGuard. The risks and opportunities can be assigned to one or more categories within the knowledge base. These categories can be freely edited and help with filtering risks and opportunities when usin…“

HITGuard Release April 2026/en

2026-04-09T08:18:33Z

KoKl: Die Seite wurde neu angelegt: „==New features in Audit Management==“

==New features in Risk Management==

===Updating risks as a Practitioner===
From this release onwards, risks and opportunities can be proactively updated by the risk owners or advisors in their role as Practitioner users. The new ‘Update risk/opportunity’ button is available for this purpose under My Tasks.
::[[Datei:Bild1.png|left]] 
Expert and Professional users of a management system still have the option of requesting that an advisor update a risk. To do this, there is now a ‘Request update’ button at the bottom of the risk maintenance form (next to ‘Save’ and ‘Close’). This replaces the ‘Request review’ button that was previously located on risks (top right).
::[[Datei:Bild2.png|left]] 
Once an update is initiated, the interface is read-only for experts and professionals in the management system. The risk’s status is set to ‘Update Pending’. Clicking the violet “Update Pending” button displays the changes already entered by the advisor, and experts or professionals can revert these changes by selecting “Reject update”. Experts/professionals or practitioner users can leave comments for their colleagues explaining their respective workflow steps. These can then be viewed at via the new “Messages & History” button.
::[[Datei:Bild3.png|left]] 
While the risk is being updated, a Practitioner user can edit the risk’s master data or the measures and controls for risk treatment as part of an update.
::[[Datei:Bild4.png|left]] 
After saving the changes and when submitting the update, HITGuard summarizes the changes in a separate overview (“Show changes”). This allows Advisors to compare old and new values. Later, when reviewing the update, the Professional or Expert will also see the same overview. This makes it easier to assess whether to reject or accept the update, or whether further changes need to be incorporated. You can see how the overview looks for the expert and professional below:
::[[Datei:Bild5.png|left]] 
During the update, the risk owner or advisor first enters a justification. Later, the Professional or Expert can edit this justification. HITGuard then files these jointly created entries in the risk’s timeline, creating a traceable history of the workflow steps and changes to the risk.
::[[Datei:Bild6.png|left|thumb|500px]] 
You can find out more about the new workflow in our [[Special:MyLanguage/Risikobewertung/en#Workflow_zur_Risikobewertung|Online help]].

===Attaching Documents to a Risk===
Some customers wished to store documentation relating to risks. Expert and Professional users can now attach one or more documents or links to a risk. Practitioner users can now also use this functionality when creating or updating a risk.

===New KPI “Resources by Protection Requirements”===
To provide a better overview of the protection requirement classes of your resources, we have implemented a new KPI: Under the “Risk Management” section, you will now find the KPI “Resources by Protection Requirements”. This allows you to view your assets grouped by protection requirements in a doughnut chart. You can also filter by protection objectives or display specific model segments.
::[[Datei:Bild7.png|left]] 
You can find out mor about this new KPI in our [[Special:MyLanguage/Risikomanagement_Dashboard/en#Ressourcen_nach_Schutzbedarfen|Online help]].

===More options for displaying the protection requirements in overviews===
To make better use of the synergies between multiple management systems, new display options for protection requirement classes are now available. Under Administration > Resources and Administration > Suppliers, the protection requirement classes are displayed as colored icons in the first column of the table. You now also include the protection requirement classifications of all other management systems. The most critical value, i.e. the highest protection requirement class of the resource, is displayed. The new KPI (see section 1.3) also offers this configuration option.
::[[Datei:Bild8.png|left]] 

===New overview in the ‘load configuration’ section in structural analysis===
To make it easier to work with saved configurations in the structure analysis, we have introduced the ability to search, filter and sort within the saved views. This makes it easier to quickly locate saved views again.
::[[Datei:Bild9.png|left]] 

===Extension to Compliance reporting ===
To make the evaluation of reviews more flexible and useful, we have expanded the filtering options for the Compliance Spider KPIs. This applies to the KPI ‘Compliance Fulfilment’, a central evaluation mechanism, as well as ‘Question Coverage Percentage’ and ‘Question Coverage Total’, which provide you with an overview of the progress of your reviews. You can now filter by reviews, analysis periods or custom-defined periods. 
In addition, customers using the Audit Management module can restrict the display to audit programs and audits. Customers using the Supplier Management module can now restrict the three KPIs mentioned above, as well as the KPI “Compliance by knowledge bases”, to supplier audits only or exclude them entirely.


==New features in Audit Management==

===More customization options in the Audit Report===
To enable you to streamline your audit reports, we have revised the settings in the audit report, non-conformity analysis report and compliance report . It is now possible to evaluate objects of review in detail without necessarily printing details of the audit questions. This allows for detailed evaluations whilst maintaining streamlined reports.
To this end, the options from the ‘Objects of Review’ section have been integrated into the existing ‘Detailed Evaluation’ section. In this report options section, you can now configure detailed settings for objects of review and/or audit questions separately.
::[[Datei:Bild10.png|left]] 

<div class="mw-translate-fuzzy">
===Pre-assigning the responsible user in an audit===
With the new release, HITGuard automatically sets the person responsible for an organizational unit as the person in charge of an audit as soon as you select the organizational unit when creating the audit. This allows you to leverage the information from their master data more effectively for pre-assignment and thus create audits more quickly.
</div>

===New Audit type available===
To support the recording of different types of audit related activities, we have introduced the new audit type “Inspection”. Customers often wish to record results from tests or reviews carried out by external service providers or supplier reviews without implying that these constitute an audit against a standard. The “Inspection” audit type allows this distinction to be made.


==New features in case management==

===Create and assign reviews directly in a dossier===
From this release onwards, reviews can be created and assigned directly within the Case Management dossiers. To this end, the dossier now features the same ‘Create’ buttons as those found in the review overviews from Risk and Audit Management.
::[[Datei:Bild11.png|left]] 


==New features for measures & controls==

===Entering multiple responsible persons for measures===
From now on, multiple responsible parties (multiple individuals, multiple teams, or a combination of individuals and teams) can be assigned to measures. This allows you to assign measures to those responsible for implementation more flexibly.
::[[Datei:Bild12.png|left]] 
You can find out more in our [[Special:MyLanguage/Fortschrittsmeldungen/en|Online help]].

===Selecting multiple attachments in progress reports===
When submitting progress reports for measures, it is now possible to upload multiple documents simultaneously as evidence. This simplifies and speeds up the workflow for your Practitioner users, as the upload dialogue no longer needs to be opened repeatedly.

===New filtering options in the KPI ‘Measures of the OEs – By Status’ ===
For the KPI “OEs’ Measures – By Status”, it is now possible to filter content. You can search for specific reviews and organizational units. You can also restrict the KPI to a custom time period or to analysis periods.
::[[Datei:Bild13.png|left]] 
If audit management is enabled, you can also filter by audit programs and audits. This allows you to configure the KPI more precisely and focus on the information that is most relevant to you.


==New features in Data Protection==

===Improvements to the display of processing activities ===
This release improves how HITGuard displays processing activities in the organization tree view. Previously, all processing activities of a node, including those of all subordinate nodes, were displayed, resulting in a very extensive list. With this update, only the processing activities directly assigned to the selected node are now displayed. For a complete overview of all processing activities, the list view without a tree structure remains available.


==New features in supplier management==

===Improvement to the expiry function for suppliers ===
In this release, we have revised and simplified the expiry behavior for suppliers. An expired supplier is a supplier who is currently unable to log in via the Supplier Risk Management Portal and respond to a review. As a result, they are deactivated and no longer consume a license. An expired supplier whose expiry date lies in the past is automatically considered deactivated. For a supplier who is deactivated manually, the current date is set as the expiry date. In doing so, all login details for supplier users are also removed. The two deactivation methods therefore have the same effect.
You can find out more in our [[Special:MyLanguage/Lieferanten/en|Online help]].

===Internal contact persons for suppliers===
Previously, you already had the option to define an internal team that would be notified in good time before supplier contracts expire, meaning they could no longer be subject to reviews via the Supplier Risk Management Portal. With the new release, you can allocate responsibility in even greater detail. It is now possible to enter a specific team or an individual person (a HITGuard user) as the contact person for each supplier. This ensures that specific responsible parties are notified in a more targeted manner before the supplier’s contract expires.

===Extension of the filter functions for suppliers===
In addition to the existing option to restrict a KPI to specific suppliers, you now also have the option to specifically exclude suppliers from the KPI or to restrict the KPI to suppliers (all or only selected suppliers). This applies to all KPIs that represent risks, including but not limited to the “Risk Matrix”, “Risks/Opportunities by Status”, and “Risks by Threats”. You can also filter all KPIs that evaluate compliance reviews in this way. This applies, for example, to “Gap Analyses by Status” and “Compliance Fulfilment”.
::[[Datei:Bild14.png|left]] 


==General==

===New Standards available===
With this update, the following standards are available to all customers:
*B3S Health 1.3.1 – Sector-specific security standard ‘Medical Care’
*BSIG – Act on the Federal Office for Information Security and on Information Security in Institutions (BSI Act – BSIG)
*EN ISO 22301:2019 – Security and resilience – Business continuity management system – Requirements (ISO 22301:2019)
*EN ISO 31000-2018 – Risk management – Guidelines (ISO 31000:2018)
*AI Regulation – Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence
*NISG2026 - Federal Act on Ensuring a High Level of Cybersecurity for Network and Information Systems (Network and Information Systems Security Act 2026 – NISG 2026)
*ÖNORM D 4901 – Risk management for organisations and systems – Requirements for the risk management system – Guidance on the implementation of ISO 31000
*RKEG – Critical Infrastructure Resilience Act
*RKE/CER Directive – Directive (EU) 2022/2557 of the European Parliament and of the Council of 14 December 2022 on the resilience of critical infrastructure and repealing Council Directive 2008/114/EC

===Adaptations of existing Standards===
The standard EN ISO/IEC 42001:2023 has been expanded in Annex A to include Chapters A.2 to A.10. 
In the KDR and KDR-OG standards, paragraphs § 6, § 11, § 52 and § 53 have been added. In addition to the expansion, there have been minor adjustments to standard mapping, sorting order and master data for the standards.

===Improvements to knowledge bases===
To make editing knowledge bases easier, we revised the display and many aspects of the interaction in the second tab, ‘Topics’, of the knowledge base. Individual topics can now be opened and edited with a double-click; all linked elements on this page can not only be linked, but also unlinked in the list view using a dedicated button. This allows for more efficient editing of knowledge bases.
::[[Datei:Bild15.png|left]] 

<div lang="de" dir="ltr" class="mw-content-ltr">
===Vorlagen für Risiken und Chancen in Wissensdatenbanken===
Die Verwaltung von Risiken- und Chancenvorlagen in Wissensdatenbanken wurde ergänzt. Damit kann man Risiken und Chancen in Wissensdatenbanken vorbereiten und später in der Arbeit mit HITGuard auf diese Vorlagen zugreifen. 
Die Risiken und Chancen können dabei in der Wissensdatenbank ein oder mehreren dort frei definierbaren Kategorien zugewiesen werden. Das hilft beim Filtern der Risiken und Chancen im Rahmen der Verwendung dieser Vorlagen für eine Risiko- bzw. Chancenanlage. 
Die Anlage erfolgt direkt im Risiko bzw. der Chance, wo für Expert-Benutzer nun ein Buch-Button zu sehen ist, mit dem man auf die Vorlagen aus den Wissensdatenbanken zugreifen kann.
::[[Datei:Bild16.png|left]] 
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
===Erweiterung des Imports für Risiken===
Die Risikoerfassung über Import wurde erweitert, sodass man nun Risiken beim Import weiteren Eigenschaften ausstatten kann. Dies umfasst die Strategie, Anmerkungen, den Sachbearbeiter und den Status des Risikos. Damit können Sie nicht nur wie bisher „aktive“, sondern auch „akzeptierte“ oder „eingereichte“ Risiken importieren. Eingereichte Risiken lösen wie gehabt eine Meldung an Managementsystemverantwortliche aus.
Mehr zum Import mit Excel finden sie hier in der [[Special:MyLanguage/Datenimport#Risiken_importieren|Online-Hilfe]]
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
===Import von Benutzern===
Die Importfunktion unter Administration > Datenimporte wurde erweitert. Jetzt können Sie auch Benutzer einfach und schnell per Excel importiert und aktualisiert werden.
::[[Datei:Bild17.png|left]] 
Eine Importvorlage für Benutzer finden Sie in unserer [[Special:MyLanguage/Datenimport#Benutzerverwaltung|Online-Hilfe]]
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
===Import von Themen zu Wissensdatenbanken===
In HITGuard kann man die unterschiedlichen Elemente von Wissensdatenbanken importieren. Bisher hat das nur Prüffragen, Maßnahmen, Kontrollen und Begründungsvorlagen umfasst. Mit dem neuen Release wurde die Importfunktion unter Administration > Datenimporte wurde so erweitert, dass Sie jetzt zusätzlich zu den bisher verfügbaren Elementen der Wissensdatenbank auch Themen, Risiken und Bedrohungen per Excel importieren können. Zusätzlich ist es möglich, die Verknüpfung von Themen und Prüffragen bereits in diesem Excel zu erfassen und ebenso zu importieren. Das spart Zeit beim Erstellen von Wissensdatenbanken und macht Anlagen und Updates einfacher und schneller.
Eine erweiterte Importvorlage für Wissensdatenbanken finden Sie in unserer [[Special:MyLanguage/Datenimport#Elemente_f%C3%BCr_Wissensdatenbanken_(WDBs)_importieren|Online-Hilfe]]
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
===Import von Beziehungen zu Ressourcen===
Eine zusätzliche Erweiterung der Importfunktion findet sich bei den Ressourcen, für die jetzt die neue Importart „Ressourcenverbindung“ zur Verfügung steht. Damit können Sie Beziehungen zwischen Ressourcen und anderen Strukturelementen erstellen bzw. aktualisieren. Das erspart Ihnen das manuelle Einpflegen von Beziehungen beim Erfassen von Informationsverbünden.
::[[Datei:Bild18.png|left]] 
Eine Importvorlage für Ressourcenverbindungen finden Sie in unserer [[Special:MyLanguage/Datenimport#Ressourcenverbindungen_importieren|Online-Hilfe]]
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
===Erweiterung der REST API===
Die Importmöglichkeiten über REST API wurden ebenfalls erweitert. Alle Änderungen, die in den Punkten 7.5, 7.6. und 7.8 erklärt werden, wurden auch für die REST-API Schnittstelle umgesetzt. Somit können Sie auch Risiken in unterschiedlichen Status sowie Beziehungen zwischen Ressourcen über die Rest API importieren.
Mehr dazu erfahren Sie in der [[Special:MyLanguage/Datenimport/-export_Schnittstelle|Online-Hilfe]]
</div>

Translations:HITGuard Release April 2026/26/en

2026-04-09T08:18:30Z

KoKl: Die Seite wurde neu angelegt: „===Improvements to knowledge bases=== To make editing knowledge bases easier, we revised the display and many aspects of the interaction in the second tab, ‘Topics’, of the knowledge base. Individual topics can now be opened and edited with a double-click; all linked elements on this page can not only be linked, but also unlinked in the list view using a dedicated button. This allows for more efficient editing of knowledge bases. ::Datei:Bild15.png…“

===Improvements to knowledge bases===
To make editing knowledge bases easier, we revised the display and many aspects of the interaction in the second tab, ‘Topics’, of the knowledge base. Individual topics can now be opened and edited with a double-click; all linked elements on this page can not only be linked, but also unlinked in the list view using a dedicated button. This allows for more efficient editing of knowledge bases.
::[[Datei:Bild15.png|left]]

Translations:HITGuard Release April 2026/25/en

2026-04-09T08:18:24Z

===Adaptations of existing Standards===
The standard EN ISO/IEC 42001:2023 has been expanded in Annex A to include Chapters A.2 to A.10. 
In the KDR and KDR-OG standards, paragraphs § 6, § 11, § 52 and § 53 have been added. In addition to the expansion, there have been minor adjustments to standard mapping, sorting order and master data for the standards.

Translations:HITGuard Release April 2026/24/en

2026-04-09T08:18:18Z

===New Standards available===
With this update, the following standards are available to all customers:
*B3S Health 1.3.1 – Sector-specific security standard ‘Medical Care’
*BSIG – Act on the Federal Office for Information Security and on Information Security in Institutions (BSI Act – BSIG)
*EN ISO 22301:2019 – Security and resilience – Business continuity management system – Requirements (ISO 22301:2019)
*EN ISO 31000-2018 – Risk management – Guidelines (ISO 31000:2018)
*AI Regulation – Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence
*NISG2026 - Federal Act on Ensuring a High Level of Cybersecurity for Network and Information Systems (Network and Information Systems Security Act 2026 – NISG 2026)
*ÖNORM D 4901 – Risk management for organisations and systems – Requirements for the risk management system – Guidance on the implementation of ISO 31000
*RKEG – Critical Infrastructure Resilience Act
*RKE/CER Directive – Directive (EU) 2022/2557 of the European Parliament and of the Council of 14 December 2022 on the resilience of critical infrastructure and repealing Council Directive 2008/114/EC

HITGuard Release April 2026/en

2026-04-09T08:18:10Z

KoKl: Die Seite wurde neu angelegt: „===Selecting multiple attachments in progress reports=== When submitting progress reports for measures, it is now possible to upload multiple documents simultaneously as evidence. This simplifies and speeds up the workflow for your Practitioner users, as the upload dialogue no longer needs to be opened repeatedly.“

==New features in Risk Management==

===Updating risks as a Practitioner===
From this release onwards, risks and opportunities can be proactively updated by the risk owners or advisors in their role as Practitioner users. The new ‘Update risk/opportunity’ button is available for this purpose under My Tasks.
::[[Datei:Bild1.png|left]] 
Expert and Professional users of a management system still have the option of requesting that an advisor update a risk. To do this, there is now a ‘Request update’ button at the bottom of the risk maintenance form (next to ‘Save’ and ‘Close’). This replaces the ‘Request review’ button that was previously located on risks (top right).
::[[Datei:Bild2.png|left]] 
Once an update is initiated, the interface is read-only for experts and professionals in the management system. The risk’s status is set to ‘Update Pending’. Clicking the violet “Update Pending” button displays the changes already entered by the advisor, and experts or professionals can revert these changes by selecting “Reject update”. Experts/professionals or practitioner users can leave comments for their colleagues explaining their respective workflow steps. These can then be viewed at via the new “Messages & History” button.
::[[Datei:Bild3.png|left]] 
While the risk is being updated, a Practitioner user can edit the risk’s master data or the measures and controls for risk treatment as part of an update.
::[[Datei:Bild4.png|left]] 
After saving the changes and when submitting the update, HITGuard summarizes the changes in a separate overview (“Show changes”). This allows Advisors to compare old and new values. Later, when reviewing the update, the Professional or Expert will also see the same overview. This makes it easier to assess whether to reject or accept the update, or whether further changes need to be incorporated. You can see how the overview looks for the expert and professional below:
::[[Datei:Bild5.png|left]] 
During the update, the risk owner or advisor first enters a justification. Later, the Professional or Expert can edit this justification. HITGuard then files these jointly created entries in the risk’s timeline, creating a traceable history of the workflow steps and changes to the risk.
::[[Datei:Bild6.png|left|thumb|500px]] 
You can find out more about the new workflow in our [[Special:MyLanguage/Risikobewertung/en#Workflow_zur_Risikobewertung|Online help]].

===Attaching Documents to a Risk===
Some customers wished to store documentation relating to risks. Expert and Professional users can now attach one or more documents or links to a risk. Practitioner users can now also use this functionality when creating or updating a risk.

===New KPI “Resources by Protection Requirements”===
To provide a better overview of the protection requirement classes of your resources, we have implemented a new KPI: Under the “Risk Management” section, you will now find the KPI “Resources by Protection Requirements”. This allows you to view your assets grouped by protection requirements in a doughnut chart. You can also filter by protection objectives or display specific model segments.
::[[Datei:Bild7.png|left]] 
You can find out mor about this new KPI in our [[Special:MyLanguage/Risikomanagement_Dashboard/en#Ressourcen_nach_Schutzbedarfen|Online help]].

===More options for displaying the protection requirements in overviews===
To make better use of the synergies between multiple management systems, new display options for protection requirement classes are now available. Under Administration > Resources and Administration > Suppliers, the protection requirement classes are displayed as colored icons in the first column of the table. You now also include the protection requirement classifications of all other management systems. The most critical value, i.e. the highest protection requirement class of the resource, is displayed. The new KPI (see section 1.3) also offers this configuration option.
::[[Datei:Bild8.png|left]] 

===New overview in the ‘load configuration’ section in structural analysis===
To make it easier to work with saved configurations in the structure analysis, we have introduced the ability to search, filter and sort within the saved views. This makes it easier to quickly locate saved views again.
::[[Datei:Bild9.png|left]] 

===Extension to Compliance reporting ===
To make the evaluation of reviews more flexible and useful, we have expanded the filtering options for the Compliance Spider KPIs. This applies to the KPI ‘Compliance Fulfilment’, a central evaluation mechanism, as well as ‘Question Coverage Percentage’ and ‘Question Coverage Total’, which provide you with an overview of the progress of your reviews. You can now filter by reviews, analysis periods or custom-defined periods. 
In addition, customers using the Audit Management module can restrict the display to audit programs and audits. Customers using the Supplier Management module can now restrict the three KPIs mentioned above, as well as the KPI “Compliance by knowledge bases”, to supplier audits only or exclude them entirely.


==New features in Audit Management==

===More customization options in the Audit Report===
To enable you to streamline your audit reports, we have revised the settings in the audit report, non-conformity analysis report and compliance report . It is now possible to evaluate objects of review in detail without necessarily printing details of the audit questions. This allows for detailed evaluations whilst maintaining streamlined reports.
To this end, the options from the ‘Objects of Review’ section have been integrated into the existing ‘Detailed Evaluation’ section. In this report options section, you can now configure detailed settings for objects of review and/or audit questions separately.
::[[Datei:Bild10.png|left]] 

<div class="mw-translate-fuzzy">
===Pre-assigning the responsible user in an audit===
With the new release, HITGuard automatically sets the person responsible for an organizational unit as the person in charge of an audit as soon as you select the organizational unit when creating the audit. This allows you to leverage the information from their master data more effectively for pre-assignment and thus create audits more quickly.
</div>

===New Audit type available===
To support the recording of different types of audit related activities, we have introduced the new audit type “Inspection”. Customers often wish to record results from tests or reviews carried out by external service providers or supplier reviews without implying that these constitute an audit against a standard. The “Inspection” audit type allows this distinction to be made.


==New features in case management==

===Create and assign reviews directly in a dossier===
From this release onwards, reviews can be created and assigned directly within the Case Management dossiers. To this end, the dossier now features the same ‘Create’ buttons as those found in the review overviews from Risk and Audit Management.
::[[Datei:Bild11.png|left]] 


==New features for measures & controls==

===Entering multiple responsible persons for measures===
From now on, multiple responsible parties (multiple individuals, multiple teams, or a combination of individuals and teams) can be assigned to measures. This allows you to assign measures to those responsible for implementation more flexibly.
::[[Datei:Bild12.png|left]] 
You can find out more in our [[Special:MyLanguage/Fortschrittsmeldungen/en|Online help]].

===Selecting multiple attachments in progress reports===
When submitting progress reports for measures, it is now possible to upload multiple documents simultaneously as evidence. This simplifies and speeds up the workflow for your Practitioner users, as the upload dialogue no longer needs to be opened repeatedly.

===New filtering options in the KPI ‘Measures of the OEs – By Status’ ===
For the KPI “OEs’ Measures – By Status”, it is now possible to filter content. You can search for specific reviews and organizational units. You can also restrict the KPI to a custom time period or to analysis periods.
::[[Datei:Bild13.png|left]] 
If audit management is enabled, you can also filter by audit programs and audits. This allows you to configure the KPI more precisely and focus on the information that is most relevant to you.


==New features in Data Protection==

===Improvements to the display of processing activities ===
This release improves how HITGuard displays processing activities in the organization tree view. Previously, all processing activities of a node, including those of all subordinate nodes, were displayed, resulting in a very extensive list. With this update, only the processing activities directly assigned to the selected node are now displayed. For a complete overview of all processing activities, the list view without a tree structure remains available.


==New features in supplier management==

===Improvement to the expiry function for suppliers ===
In this release, we have revised and simplified the expiry behavior for suppliers. An expired supplier is a supplier who is currently unable to log in via the Supplier Risk Management Portal and respond to a review. As a result, they are deactivated and no longer consume a license. An expired supplier whose expiry date lies in the past is automatically considered deactivated. For a supplier who is deactivated manually, the current date is set as the expiry date. In doing so, all login details for supplier users are also removed. The two deactivation methods therefore have the same effect.
You can find out more in our [[Special:MyLanguage/Lieferanten/en|Online help]].

===Internal contact persons for suppliers===
Previously, you already had the option to define an internal team that would be notified in good time before supplier contracts expire, meaning they could no longer be subject to reviews via the Supplier Risk Management Portal. With the new release, you can allocate responsibility in even greater detail. It is now possible to enter a specific team or an individual person (a HITGuard user) as the contact person for each supplier. This ensures that specific responsible parties are notified in a more targeted manner before the supplier’s contract expires.

===Extension of the filter functions for suppliers===
In addition to the existing option to restrict a KPI to specific suppliers, you now also have the option to specifically exclude suppliers from the KPI or to restrict the KPI to suppliers (all or only selected suppliers). This applies to all KPIs that represent risks, including but not limited to the “Risk Matrix”, “Risks/Opportunities by Status”, and “Risks by Threats”. You can also filter all KPIs that evaluate compliance reviews in this way. This applies, for example, to “Gap Analyses by Status” and “Compliance Fulfilment”.
::[[Datei:Bild14.png|left]] 


==General==

<div lang="de" dir="ltr" class="mw-content-ltr">
===Neue verfügbare Normen===
Mit diesem Update werden allen Kunden die folgenden Normen für die Auswertung bereitgestellt:
*B3S Gesundheit 1.3.1 - Branchenspezifischer Sicherheitsstandard „Medizinische Versorgung“
*BSIG - Gesetz über das Bundesamt für Sicherheit in der Informationstechnik und über die Sicherheit in der Informationstechnik von Einrichtungen (BSI-Gesetz – BSIG)
*EN ISO 22301:2019 - Sicherheit und Resilienz - Business Continuity Management System - Anforderungen (ISO 22301:2019)
*EN ISO 31000-2018 - Risikomanagement - Leitlinien (ISO 31000:2018)
*KI-Verordnung - Verordnung (EU) 2024/1689 des Europäischen Parlaments und des Rates vom 13. Juni 2024 zur Festlegung harmonisierter Vorschriften für künstliche Intelligenz
*NISG2026 - Bundesgesetz zur Gewährleistung eines hohen Cybersicherheitsniveaus von Netz- und Informationssystemen (Netz- und Informationssystemsicherheitsgesetz 2026 – NISG 2026)
*ÖNORM D 4901 - Risikomanagement für Organisationen und Systeme - Anforderungen an das Risikomanagementsystem - Anleitung zur Umsetzung der ISO 31000
*RKEG - Resilienz kritischer Einrichtungen-Gesetz
*RKE/CER Richtlinie - Richtlinie (EU) 2022/2557 des Europäischen Parlaments und des Rates vom 14. Dezember 2022 über die Resilienz kritischer Einrichtungen und zur Aufhebung der Richtlinie 2008/114/EG des Rates
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
===Anpassung bestehender Normen===
Die Norm EN ISO/IEC 42001:2023 wurde im Annex A um die Kapitel A.2 bis A.10 erweitert. 
In den Normen KDR sowie KDR-OG wurden jeweils die Paragrafen § 6, § 11, § 52 und § 53 ergänzt. Neben der Erweiterung gab es kleine Anpassungen bei Norm-Mapping, Sortierreihenfolge und Stammdaten der Normen.
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
===Verbesserungen in der Arbeit mit den Wissensdatenbanken===
Um die Arbeit mit Wissensdatenbanken zu erleichtern, haben wir die Darstellung und vieles in der Interaktion in der zweiten Registerkarte „Themen“ der Wissensdatenbank überarbeitet. Themen lassen sich nun per Doppelklick öffnen und bearbeiten, alle anderen verlinkten Elemente lassen sich auf dieser Seite nicht nur wie bisher verknüpfen, sondern auch mit einem eigenen Button entknüpfen. Das erlaubt effizienteres Überarbeiten von Wissensdatenbanken.
::[[Datei:Bild15.png|left]] 
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
===Vorlagen für Risiken und Chancen in Wissensdatenbanken===
Die Verwaltung von Risiken- und Chancenvorlagen in Wissensdatenbanken wurde ergänzt. Damit kann man Risiken und Chancen in Wissensdatenbanken vorbereiten und später in der Arbeit mit HITGuard auf diese Vorlagen zugreifen. 
Die Risiken und Chancen können dabei in der Wissensdatenbank ein oder mehreren dort frei definierbaren Kategorien zugewiesen werden. Das hilft beim Filtern der Risiken und Chancen im Rahmen der Verwendung dieser Vorlagen für eine Risiko- bzw. Chancenanlage. 
Die Anlage erfolgt direkt im Risiko bzw. der Chance, wo für Expert-Benutzer nun ein Buch-Button zu sehen ist, mit dem man auf die Vorlagen aus den Wissensdatenbanken zugreifen kann.
::[[Datei:Bild16.png|left]] 
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
===Erweiterung des Imports für Risiken===
Die Risikoerfassung über Import wurde erweitert, sodass man nun Risiken beim Import weiteren Eigenschaften ausstatten kann. Dies umfasst die Strategie, Anmerkungen, den Sachbearbeiter und den Status des Risikos. Damit können Sie nicht nur wie bisher „aktive“, sondern auch „akzeptierte“ oder „eingereichte“ Risiken importieren. Eingereichte Risiken lösen wie gehabt eine Meldung an Managementsystemverantwortliche aus.
Mehr zum Import mit Excel finden sie hier in der [[Special:MyLanguage/Datenimport#Risiken_importieren|Online-Hilfe]]
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
===Import von Benutzern===
Die Importfunktion unter Administration > Datenimporte wurde erweitert. Jetzt können Sie auch Benutzer einfach und schnell per Excel importiert und aktualisiert werden.
::[[Datei:Bild17.png|left]] 
Eine Importvorlage für Benutzer finden Sie in unserer [[Special:MyLanguage/Datenimport#Benutzerverwaltung|Online-Hilfe]]
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
===Import von Themen zu Wissensdatenbanken===
In HITGuard kann man die unterschiedlichen Elemente von Wissensdatenbanken importieren. Bisher hat das nur Prüffragen, Maßnahmen, Kontrollen und Begründungsvorlagen umfasst. Mit dem neuen Release wurde die Importfunktion unter Administration > Datenimporte wurde so erweitert, dass Sie jetzt zusätzlich zu den bisher verfügbaren Elementen der Wissensdatenbank auch Themen, Risiken und Bedrohungen per Excel importieren können. Zusätzlich ist es möglich, die Verknüpfung von Themen und Prüffragen bereits in diesem Excel zu erfassen und ebenso zu importieren. Das spart Zeit beim Erstellen von Wissensdatenbanken und macht Anlagen und Updates einfacher und schneller.
Eine erweiterte Importvorlage für Wissensdatenbanken finden Sie in unserer [[Special:MyLanguage/Datenimport#Elemente_f%C3%BCr_Wissensdatenbanken_(WDBs)_importieren|Online-Hilfe]]
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
===Import von Beziehungen zu Ressourcen===
Eine zusätzliche Erweiterung der Importfunktion findet sich bei den Ressourcen, für die jetzt die neue Importart „Ressourcenverbindung“ zur Verfügung steht. Damit können Sie Beziehungen zwischen Ressourcen und anderen Strukturelementen erstellen bzw. aktualisieren. Das erspart Ihnen das manuelle Einpflegen von Beziehungen beim Erfassen von Informationsverbünden.
::[[Datei:Bild18.png|left]] 
Eine Importvorlage für Ressourcenverbindungen finden Sie in unserer [[Special:MyLanguage/Datenimport#Ressourcenverbindungen_importieren|Online-Hilfe]]
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
===Erweiterung der REST API===
Die Importmöglichkeiten über REST API wurden ebenfalls erweitert. Alle Änderungen, die in den Punkten 7.5, 7.6. und 7.8 erklärt werden, wurden auch für die REST-API Schnittstelle umgesetzt. Somit können Sie auch Risiken in unterschiedlichen Status sowie Beziehungen zwischen Ressourcen über die Rest API importieren.
Mehr dazu erfahren Sie in der [[Special:MyLanguage/Datenimport/-export_Schnittstelle|Online-Hilfe]]
</div>

Translations:HITGuard Release April 2026/23/en

2026-04-09T08:18:07Z

KoKl: Die Seite wurde neu angelegt: „==General==“

==General==

Translations:HITGuard Release April 2026/22/en

2026-04-09T08:18:02Z

===Extension of the filter functions for suppliers===
In addition to the existing option to restrict a KPI to specific suppliers, you now also have the option to specifically exclude suppliers from the KPI or to restrict the KPI to suppliers (all or only selected suppliers). This applies to all KPIs that represent risks, including but not limited to the “Risk Matrix”, “Risks/Opportunities by Status”, and “Risks by Threats”. You can also filter all KPIs that evaluate compliance reviews in this way. This applies, for example, to “Gap Analyses by Status” and “Compliance Fulfilment”.
::[[Datei:Bild14.png|left]]

Translations:HITGuard Release April 2026/21/en

2026-04-09T08:17:54Z

KoKl: Die Seite wurde neu angelegt: „===Internal contact persons for suppliers=== Previously, you already had the option to define an internal team that would be notified in good time before supplier contracts expire, meaning they could no longer be subject to reviews via the Supplier Risk Management Portal. With the new release, you can allocate responsibility in even greater detail. It is now possible to enter a specific team or an individual person (a HITGuard user) as the contact person…“

===Internal contact persons for suppliers===
Previously, you already had the option to define an internal team that would be notified in good time before supplier contracts expire, meaning they could no longer be subject to reviews via the Supplier Risk Management Portal. With the new release, you can allocate responsibility in even greater detail. It is now possible to enter a specific team or an individual person (a HITGuard user) as the contact person for each supplier. This ensures that specific responsible parties are notified in a more targeted manner before the supplier’s contract expires.

Translations:HITGuard Release April 2026/20/en

2026-04-09T08:17:46Z

KoKl: Die Seite wurde neu angelegt: „===Improvement to the expiry function for suppliers === In this release, we have revised and simplified the expiry behavior for suppliers. An expired supplier is a supplier who is currently unable to log in via the Supplier Risk Management Portal and respond to a review. As a result, they are deactivated and no longer consume a license. An expired supplier whose expiry date lies in the past is automatically considered deactivated. For a supplier who is d…“

===Improvement to the expiry function for suppliers ===
In this release, we have revised and simplified the expiry behavior for suppliers. An expired supplier is a supplier who is currently unable to log in via the Supplier Risk Management Portal and respond to a review. As a result, they are deactivated and no longer consume a license. An expired supplier whose expiry date lies in the past is automatically considered deactivated. For a supplier who is deactivated manually, the current date is set as the expiry date. In doing so, all login details for supplier users are also removed. The two deactivation methods therefore have the same effect.
You can find out more in our [[Special:MyLanguage/Lieferanten/en|Online help]].

Translations:HITGuard Release April 2026/19/en

2026-04-09T08:17:39Z

KoKl: Die Seite wurde neu angelegt: „==New features in supplier management==“

==New features in supplier management==

Translations:HITGuard Release April 2026/18/en

2026-04-09T08:17:34Z

KoKl: Die Seite wurde neu angelegt: „===Improvements to the display of processing activities === This release improves how HITGuard displays processing activities in the organization tree view. Previously, all processing activities of a node, including those of all subordinate nodes, were displayed, resulting in a very extensive list. With this update, only the processing activities directly assigned to the selected node are now displayed. For a complete overview of all processing activities…“

===Improvements to the display of processing activities ===
This release improves how HITGuard displays processing activities in the organization tree view. Previously, all processing activities of a node, including those of all subordinate nodes, were displayed, resulting in a very extensive list. With this update, only the processing activities directly assigned to the selected node are now displayed. For a complete overview of all processing activities, the list view without a tree structure remains available.

Translations:HITGuard Release April 2026/17/en

2026-04-09T08:17:28Z

KoKl: Die Seite wurde neu angelegt: „==New features in Data Protection==“

==New features in Data Protection==

Translations:HITGuard Release April 2026/16/en

2026-04-09T08:17:23Z

KoKl: Die Seite wurde neu angelegt: „===New filtering options in the KPI ‘Measures of the OEs – By Status’ === For the KPI “OEs’ Measures – By Status”, it is now possible to filter content. You can search for specific reviews and organizational units. You can also restrict the KPI to a custom time period or to analysis periods. ::left If audit management is enabled, you can also filter by audit programs and audits. This allows you to configu…“

===New filtering options in the KPI ‘Measures of the OEs – By Status’ ===
For the KPI “OEs’ Measures – By Status”, it is now possible to filter content. You can search for specific reviews and organizational units. You can also restrict the KPI to a custom time period or to analysis periods.
::[[Datei:Bild13.png|left]] 
If audit management is enabled, you can also filter by audit programs and audits. This allows you to configure the KPI more precisely and focus on the information that is most relevant to you.

HITGuard Release April 2026/en

2026-04-09T08:17:21Z

KoKl: Die Seite wurde neu angelegt: „==New features in case management==“

==New features in Risk Management==

===Updating risks as a Practitioner===
From this release onwards, risks and opportunities can be proactively updated by the risk owners or advisors in their role as Practitioner users. The new ‘Update risk/opportunity’ button is available for this purpose under My Tasks.
::[[Datei:Bild1.png|left]] 
Expert and Professional users of a management system still have the option of requesting that an advisor update a risk. To do this, there is now a ‘Request update’ button at the bottom of the risk maintenance form (next to ‘Save’ and ‘Close’). This replaces the ‘Request review’ button that was previously located on risks (top right).
::[[Datei:Bild2.png|left]] 
Once an update is initiated, the interface is read-only for experts and professionals in the management system. The risk’s status is set to ‘Update Pending’. Clicking the violet “Update Pending” button displays the changes already entered by the advisor, and experts or professionals can revert these changes by selecting “Reject update”. Experts/professionals or practitioner users can leave comments for their colleagues explaining their respective workflow steps. These can then be viewed at via the new “Messages & History” button.
::[[Datei:Bild3.png|left]] 
While the risk is being updated, a Practitioner user can edit the risk’s master data or the measures and controls for risk treatment as part of an update.
::[[Datei:Bild4.png|left]] 
After saving the changes and when submitting the update, HITGuard summarizes the changes in a separate overview (“Show changes”). This allows Advisors to compare old and new values. Later, when reviewing the update, the Professional or Expert will also see the same overview. This makes it easier to assess whether to reject or accept the update, or whether further changes need to be incorporated. You can see how the overview looks for the expert and professional below:
::[[Datei:Bild5.png|left]] 
During the update, the risk owner or advisor first enters a justification. Later, the Professional or Expert can edit this justification. HITGuard then files these jointly created entries in the risk’s timeline, creating a traceable history of the workflow steps and changes to the risk.
::[[Datei:Bild6.png|left|thumb|500px]] 
You can find out more about the new workflow in our [[Special:MyLanguage/Risikobewertung/en#Workflow_zur_Risikobewertung|Online help]].

===Attaching Documents to a Risk===
Some customers wished to store documentation relating to risks. Expert and Professional users can now attach one or more documents or links to a risk. Practitioner users can now also use this functionality when creating or updating a risk.

===New KPI “Resources by Protection Requirements”===
To provide a better overview of the protection requirement classes of your resources, we have implemented a new KPI: Under the “Risk Management” section, you will now find the KPI “Resources by Protection Requirements”. This allows you to view your assets grouped by protection requirements in a doughnut chart. You can also filter by protection objectives or display specific model segments.
::[[Datei:Bild7.png|left]] 
You can find out mor about this new KPI in our [[Special:MyLanguage/Risikomanagement_Dashboard/en#Ressourcen_nach_Schutzbedarfen|Online help]].

===More options for displaying the protection requirements in overviews===
To make better use of the synergies between multiple management systems, new display options for protection requirement classes are now available. Under Administration > Resources and Administration > Suppliers, the protection requirement classes are displayed as colored icons in the first column of the table. You now also include the protection requirement classifications of all other management systems. The most critical value, i.e. the highest protection requirement class of the resource, is displayed. The new KPI (see section 1.3) also offers this configuration option.
::[[Datei:Bild8.png|left]] 

===New overview in the ‘load configuration’ section in structural analysis===
To make it easier to work with saved configurations in the structure analysis, we have introduced the ability to search, filter and sort within the saved views. This makes it easier to quickly locate saved views again.
::[[Datei:Bild9.png|left]] 

===Extension to Compliance reporting ===
To make the evaluation of reviews more flexible and useful, we have expanded the filtering options for the Compliance Spider KPIs. This applies to the KPI ‘Compliance Fulfilment’, a central evaluation mechanism, as well as ‘Question Coverage Percentage’ and ‘Question Coverage Total’, which provide you with an overview of the progress of your reviews. You can now filter by reviews, analysis periods or custom-defined periods. 
In addition, customers using the Audit Management module can restrict the display to audit programs and audits. Customers using the Supplier Management module can now restrict the three KPIs mentioned above, as well as the KPI “Compliance by knowledge bases”, to supplier audits only or exclude them entirely.


==New features in Audit Management==

===More customization options in the Audit Report===
To enable you to streamline your audit reports, we have revised the settings in the audit report, non-conformity analysis report and compliance report . It is now possible to evaluate objects of review in detail without necessarily printing details of the audit questions. This allows for detailed evaluations whilst maintaining streamlined reports.
To this end, the options from the ‘Objects of Review’ section have been integrated into the existing ‘Detailed Evaluation’ section. In this report options section, you can now configure detailed settings for objects of review and/or audit questions separately.
::[[Datei:Bild10.png|left]] 

<div class="mw-translate-fuzzy">
===Pre-assigning the responsible user in an audit===
With the new release, HITGuard automatically sets the person responsible for an organizational unit as the person in charge of an audit as soon as you select the organizational unit when creating the audit. This allows you to leverage the information from their master data more effectively for pre-assignment and thus create audits more quickly.
</div>

===New Audit type available===
To support the recording of different types of audit related activities, we have introduced the new audit type “Inspection”. Customers often wish to record results from tests or reviews carried out by external service providers or supplier reviews without implying that these constitute an audit against a standard. The “Inspection” audit type allows this distinction to be made.


==New features in case management==

===Create and assign reviews directly in a dossier===
From this release onwards, reviews can be created and assigned directly within the Case Management dossiers. To this end, the dossier now features the same ‘Create’ buttons as those found in the review overviews from Risk and Audit Management.
::[[Datei:Bild11.png|left]] 


==New features for measures & controls==

===Entering multiple responsible persons for measures===
From now on, multiple responsible parties (multiple individuals, multiple teams, or a combination of individuals and teams) can be assigned to measures. This allows you to assign measures to those responsible for implementation more flexibly.
::[[Datei:Bild12.png|left]] 
You can find out more in our [[Special:MyLanguage/Fortschrittsmeldungen/en|Online help]].

===Selecting multiple attachments in progress reports===
When submitting progress reports for measures, it is now possible to upload multiple documents simultaneously as evidence. This simplifies and speeds up the workflow for your Practitioner users, as the upload dialogue no longer needs to be opened repeatedly.

<div lang="de" dir="ltr" class="mw-content-ltr">
===Neue Filtermöglichkeiten im KPI „Maßnahmen der OEs - Nach Status“===
Für den KPI „Maßnahmen der OEs – Nach Status“ ist es ab jetzt möglich, die Inhalte zu filtern. Sie können nach bestimmten Überprüfungen und Organisationseinheiten suchen. Außerdem können Sie den Zeitraum auch auf bestimmte von-bis-Daten oder auf Analysezeiträume einschränken.
::[[Datei:Bild13.png|left]] 
Bei aktiviertem Auditmanagement kann man zusätzlich auch nach Auditprogrammen und Audits filtern. Dies erlaubt ihnen den KPI präziser einzustellen und die Aufmerksamkeit auf die für sie wesentlichen Informationen zu richten.
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
==Neues im Datenschutz==
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
===Verbesserung der Anzeige von Verarbeitungstätigkeiten ===
Die Anzeige der VTs im Organisationsbaum wurde verbessert. Bisher wurden alle VTs eines Knotens inklusive jener aller untergeordneten Knoten dargestellt, was zu einer sehr umfangreichen Liste führte. Mit dem Update werden nun ausschließlich die VTs angezeigt, die direkt dem ausgewählten Knoten zugeordnet sind. Für eine vollständige Übersicht über alle VTs steht weiterhin die alternative Listenansicht ohne Baumstruktur zur Verfügung.
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
==Neues im Lieferantenmanagement==
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
===Verbesserung der Ablauffunktion von Lieferanten ===
In diesem Release haben wir das Ablaufverhalten für Lieferanten überarbeitet und vereinfacht. Ein abgelaufener Lieferant, ist ein Lieferant, der sich aktuell nicht über das Lieferantenrisikomanagementportal anmelden und eine Überprüfung beantworten kann. Dadurch ist er deaktiviert und verbraucht auch keine Lizenz mehr. Ein abgelaufener Lieferant, dessen Ablaufdatum in der Vergangenheit liegt, gilt als deaktiviert. Für einen Lieferanten, den man manuell deaktiviert, wird das aktuelle Datum als Ablaufdatum gesetzt. Dabei werden auch alle Zugangsdaten für Lieferantenbenutzer entfernt. Die beiden Funktionen werden somit deckungsgleich.
Mehr dazu erfahren Sie auch in der [[Special:MyLanguage/Lieferanten|Online-Hilfe]]
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
===Interne Ansprechpartner für Lieferanten===
Bisher hatten Sie bereits die Möglichkeit ein internes Team zu definieren, das informiert wird, rechtzeitig, bevor die Lieferanten ablaufen und damit nicht mehr über das Lieferantenrisikomanagementportal mit Überprüfungen bedacht werden können. Mit dem neuen Release können sie die Verantwortlichkeit noch granularer aufteilen. Jetzt ist es möglich für jeden Lieferanten ein spezifisches Team oder eine einzelne Person (einen HITGuard User als Ansprechpartner einzutragen. Damit werden gezielter einzelne verantwortliche Stellen vor dem Ablauf des Lieferanten darauf nochmal aufmerksam gemacht.
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
===Erweiterung der Filterfunktionen für Lieferanten===
Zusätzlich zu der bereits bestehenden Möglichkeit einen KPI auf Lieferanten einzuschränken, haben Sie nun auch die Möglichkeiten Lieferanten gezielt aus dem KPI auszuschließen bzw. die KPI nur für Ergebnisse zu ein oder mehreren ausgewählten Lieferanten anzuzeigen. Dies betrifft alle KPIs, die Risiken darstellen, von dem „Risikomatrix“-KPI, über „Risiken/Chancen nach Status“ bis zu „Risiken nach Bedrohungen“. Außerdem können sie alle KPIs, die Compliance-Überprüfungen auswerten so filtern. Dies betrifft beispielsweise „Abweichungsanalysen nach Status“ und „Compliance Erfüllung“.
::[[Datei:Bild14.png|left]] 
Mehr dazu erfahren Sie in der [[Special:MyLanguage/Risikomanagement_Dashboard|Online-Hilfe]]
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
==Allgemeines==
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
===Neue verfügbare Normen===
Mit diesem Update werden allen Kunden die folgenden Normen für die Auswertung bereitgestellt:
*B3S Gesundheit 1.3.1 - Branchenspezifischer Sicherheitsstandard „Medizinische Versorgung“
*BSIG - Gesetz über das Bundesamt für Sicherheit in der Informationstechnik und über die Sicherheit in der Informationstechnik von Einrichtungen (BSI-Gesetz – BSIG)
*EN ISO 22301:2019 - Sicherheit und Resilienz - Business Continuity Management System - Anforderungen (ISO 22301:2019)
*EN ISO 31000-2018 - Risikomanagement - Leitlinien (ISO 31000:2018)
*KI-Verordnung - Verordnung (EU) 2024/1689 des Europäischen Parlaments und des Rates vom 13. Juni 2024 zur Festlegung harmonisierter Vorschriften für künstliche Intelligenz
*NISG2026 - Bundesgesetz zur Gewährleistung eines hohen Cybersicherheitsniveaus von Netz- und Informationssystemen (Netz- und Informationssystemsicherheitsgesetz 2026 – NISG 2026)
*ÖNORM D 4901 - Risikomanagement für Organisationen und Systeme - Anforderungen an das Risikomanagementsystem - Anleitung zur Umsetzung der ISO 31000
*RKEG - Resilienz kritischer Einrichtungen-Gesetz
*RKE/CER Richtlinie - Richtlinie (EU) 2022/2557 des Europäischen Parlaments und des Rates vom 14. Dezember 2022 über die Resilienz kritischer Einrichtungen und zur Aufhebung der Richtlinie 2008/114/EG des Rates
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
===Anpassung bestehender Normen===
Die Norm EN ISO/IEC 42001:2023 wurde im Annex A um die Kapitel A.2 bis A.10 erweitert. 
In den Normen KDR sowie KDR-OG wurden jeweils die Paragrafen § 6, § 11, § 52 und § 53 ergänzt. Neben der Erweiterung gab es kleine Anpassungen bei Norm-Mapping, Sortierreihenfolge und Stammdaten der Normen.
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
===Verbesserungen in der Arbeit mit den Wissensdatenbanken===
Um die Arbeit mit Wissensdatenbanken zu erleichtern, haben wir die Darstellung und vieles in der Interaktion in der zweiten Registerkarte „Themen“ der Wissensdatenbank überarbeitet. Themen lassen sich nun per Doppelklick öffnen und bearbeiten, alle anderen verlinkten Elemente lassen sich auf dieser Seite nicht nur wie bisher verknüpfen, sondern auch mit einem eigenen Button entknüpfen. Das erlaubt effizienteres Überarbeiten von Wissensdatenbanken.
::[[Datei:Bild15.png|left]] 
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
===Vorlagen für Risiken und Chancen in Wissensdatenbanken===
Die Verwaltung von Risiken- und Chancenvorlagen in Wissensdatenbanken wurde ergänzt. Damit kann man Risiken und Chancen in Wissensdatenbanken vorbereiten und später in der Arbeit mit HITGuard auf diese Vorlagen zugreifen. 
Die Risiken und Chancen können dabei in der Wissensdatenbank ein oder mehreren dort frei definierbaren Kategorien zugewiesen werden. Das hilft beim Filtern der Risiken und Chancen im Rahmen der Verwendung dieser Vorlagen für eine Risiko- bzw. Chancenanlage. 
Die Anlage erfolgt direkt im Risiko bzw. der Chance, wo für Expert-Benutzer nun ein Buch-Button zu sehen ist, mit dem man auf die Vorlagen aus den Wissensdatenbanken zugreifen kann.
::[[Datei:Bild16.png|left]] 
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
===Erweiterung des Imports für Risiken===
Die Risikoerfassung über Import wurde erweitert, sodass man nun Risiken beim Import weiteren Eigenschaften ausstatten kann. Dies umfasst die Strategie, Anmerkungen, den Sachbearbeiter und den Status des Risikos. Damit können Sie nicht nur wie bisher „aktive“, sondern auch „akzeptierte“ oder „eingereichte“ Risiken importieren. Eingereichte Risiken lösen wie gehabt eine Meldung an Managementsystemverantwortliche aus.
Mehr zum Import mit Excel finden sie hier in der [[Special:MyLanguage/Datenimport#Risiken_importieren|Online-Hilfe]]
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
===Import von Benutzern===
Die Importfunktion unter Administration > Datenimporte wurde erweitert. Jetzt können Sie auch Benutzer einfach und schnell per Excel importiert und aktualisiert werden.
::[[Datei:Bild17.png|left]] 
Eine Importvorlage für Benutzer finden Sie in unserer [[Special:MyLanguage/Datenimport#Benutzerverwaltung|Online-Hilfe]]
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
===Import von Themen zu Wissensdatenbanken===
In HITGuard kann man die unterschiedlichen Elemente von Wissensdatenbanken importieren. Bisher hat das nur Prüffragen, Maßnahmen, Kontrollen und Begründungsvorlagen umfasst. Mit dem neuen Release wurde die Importfunktion unter Administration > Datenimporte wurde so erweitert, dass Sie jetzt zusätzlich zu den bisher verfügbaren Elementen der Wissensdatenbank auch Themen, Risiken und Bedrohungen per Excel importieren können. Zusätzlich ist es möglich, die Verknüpfung von Themen und Prüffragen bereits in diesem Excel zu erfassen und ebenso zu importieren. Das spart Zeit beim Erstellen von Wissensdatenbanken und macht Anlagen und Updates einfacher und schneller.
Eine erweiterte Importvorlage für Wissensdatenbanken finden Sie in unserer [[Special:MyLanguage/Datenimport#Elemente_f%C3%BCr_Wissensdatenbanken_(WDBs)_importieren|Online-Hilfe]]
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
===Import von Beziehungen zu Ressourcen===
Eine zusätzliche Erweiterung der Importfunktion findet sich bei den Ressourcen, für die jetzt die neue Importart „Ressourcenverbindung“ zur Verfügung steht. Damit können Sie Beziehungen zwischen Ressourcen und anderen Strukturelementen erstellen bzw. aktualisieren. Das erspart Ihnen das manuelle Einpflegen von Beziehungen beim Erfassen von Informationsverbünden.
::[[Datei:Bild18.png|left]] 
Eine Importvorlage für Ressourcenverbindungen finden Sie in unserer [[Special:MyLanguage/Datenimport#Ressourcenverbindungen_importieren|Online-Hilfe]]
</div>

<div lang="de" dir="ltr" class="mw-content-ltr">
===Erweiterung der REST API===
Die Importmöglichkeiten über REST API wurden ebenfalls erweitert. Alle Änderungen, die in den Punkten 7.5, 7.6. und 7.8 erklärt werden, wurden auch für die REST-API Schnittstelle umgesetzt. Somit können Sie auch Risiken in unterschiedlichen Status sowie Beziehungen zwischen Ressourcen über die Rest API importieren.
Mehr dazu erfahren Sie in der [[Special:MyLanguage/Datenimport/-export_Schnittstelle|Online-Hilfe]]
</div>

Translations:HITGuard Release April 2026/15/en

2026-04-09T08:17:14Z

===Selecting multiple attachments in progress reports===
When submitting progress reports for measures, it is now possible to upload multiple documents simultaneously as evidence. This simplifies and speeds up the workflow for your Practitioner users, as the upload dialogue no longer needs to be opened repeatedly.

Translations:HITGuard Release April 2026/14/en

2026-04-09T08:17:06Z

KoKl: Die Seite wurde neu angelegt: „===Entering multiple responsible persons for measures=== From now on, multiple responsible parties (multiple individuals, multiple teams, or a combination of individuals and teams) can be assigned to measures. This allows you to assign measures to those responsible for implementation more flexibly. ::left You can find out more in our Online help.“

===Entering multiple responsible persons for measures===
From now on, multiple responsible parties (multiple individuals, multiple teams, or a combination of individuals and teams) can be assigned to measures. This allows you to assign measures to those responsible for implementation more flexibly.
::[[Datei:Bild12.png|left]] 
You can find out more in our [[Special:MyLanguage/Fortschrittsmeldungen/en|Online help]].

Translations:HITGuard Release April 2026/13/en

2026-04-09T08:17:00Z

KoKl: Die Seite wurde neu angelegt: „==New features for measures & controls==“

==New features for measures & controls==

Translations:HITGuard Release April 2026/12/en

2026-04-09T08:16:55Z

KoKl: Die Seite wurde neu angelegt: „===Create and assign reviews directly in a dossier=== From this release onwards, reviews can be created and assigned directly within the Case Management dossiers. To this end, the dossier now features the same ‘Create’ buttons as those found in the review overviews from Risk and Audit Management. ::left “

===Create and assign reviews directly in a dossier===
From this release onwards, reviews can be created and assigned directly within the Case Management dossiers. To this end, the dossier now features the same ‘Create’ buttons as those found in the review overviews from Risk and Audit Management.
::[[Datei:Bild11.png|left]]

Translations:HITGuard Release April 2026/11/en

2026-04-09T08:16:50Z

KoKl: Die Seite wurde neu angelegt: „==New features in case management==“

==New features in case management==

Translations:HITGuard Release April 2026/33/en

2026-04-09T08:15:21Z

KoKl: Die Seite wurde neu angelegt: „===New Audit type available=== To support the recording of different types of audit related activities, we have introduced the new audit type “Inspection”. Customers often wish to record results from tests or reviews carried out by external service providers or supplier reviews without implying that these constitute an audit against a standard. The “Inspection” audit type allows this distinction to be made.“

===New Audit type available===
To support the recording of different types of audit related activities, we have introduced the new audit type “Inspection”. Customers often wish to record results from tests or reviews carried out by external service providers or supplier reviews without implying that these constitute an audit against a standard. The “Inspection” audit type allows this distinction to be made.

Translations:HITGuard Release April 2026/10/en

2026-04-09T08:15:15Z

KoKl: Die Seite wurde neu angelegt: „===Pre-assigning the responsible user in an audit=== With the new release, HITGuard automatically sets the person responsible for an organizational unit as the person in charge of an audit as soon as you select the organizational unit when creating the audit. This allows you to leverage the information from their master data more effectively for pre-assignment and thus create audits more quickly.“