Releases#
On this page you will find an overview of all released versions of the ISMS add-on with the associated changes, improvements, and bug fixes. The latest version is always at the top of the table.
| Version | Date | Changelog |
|---|---|---|
| ISMS 1.6.3 | - | [Bug] Threats and vulnerabilities were not exported [Bug] Some parts of the code were not compatible with i-doit 37 |
| ISMS 1.6.2 | - | [Bug] In risk assessments, the probability of occurrence could not be imported via CSV [Bug] During a fresh installation, the default risk classes were not created correctly [Bug] Fresh installation of the ISMS add-on resulted in an error |
| ISMS 1.6.1 | - | [Improvement] Updated existing import catalogs [Improvement] Template adjustments for i-doit 35 compatibility [Bug] Risk assessments in the Report Manager could lead to errors when threat or vulnerability were not set [Bug] When deleting records of audit deviations, relationship objects to SOA measures were not deleted. |
| ISMS 1.6 | - | [New Feature] New object type "Security Incident" [New Feature] New category "Security Incident" [Improvement] NIS2 requirements added as import catalog, generic import profile extended [Improvement] Improved display of standard requirement texts [Bug] In the views "ISMS Risk Assessment" and "ISMS Risk Assessment object-based", not all background colors were printed by default [Bug] When duplicating the "Risk Assessment" category, the values for "Probability of Occurrence" and "Probability of Occurrence after Treatment" were not transferred |
| ISMS 1.5.6 | - | [New Feature] When creating/editing risk assessments, the risk class for the current slider setting is displayed and updated on changes [Improvement] In view mode of risk assessments, the impact level is now also shown for damage scenarios [Improvement] The risk class is displayed in view mode of risk assessments [Improvement] CSV import of requirements from the IT-Grundschutz Compendium 2023 added [Bug] Color picker switched to Coloris to restore compatibility with i-doit >= 29 [Bug] List view of risk assessment no longer worked correctly for i-doit >= 30 |
| ISMS 1.5.5 | - | [Improvement] New attribute "Risk Owner" in the "Risk Assessment" category and automatic migration of contact assignment with the role "Risk Owner" into the new attribute [Improvement] CSS formatting added for displaying standard requirement text [Bug] Compatibility with i-doit 27 restored [Bug] The CSV import of some Annex A measures (version 2022) did not work correctly [Bug] The implementation status of measures was not correctly displayed in the view mode of risk assessments [Bug] Only SOA measures are shown in the virtual category "Assigned Measures" |
| ISMS 1.5.4 | - | [New Feature] Introduction of attributes of the new ISO 27002, assignment of attributes to requirements/measures [Improvement] Attribute "Implemented by" in the "Applicability" category can now be populated via CSV import [Bug] The attribute "Scope" of the "ISMS" category could not be output in the Report Manager (and thus also not in the Documents add-on) [Bug] Category lists caused an internal server error in i-doit 25 [Bug] List editing of the "Risk Assessment" category set the probability of occurrence to 0 [Bug] The risk recorder was not correctly displayed and saved with PHP 8 [Bug] The probability of occurrence was not saved when the description of the probability of occurrence was empty [Bug] With PHP 8, after creating a damage scenario, the individual assessment criteria were no longer automatically created [Bug] The language constants of the implementation status were not translated in the display view |
| ISMS 1.5.3 | - | [Improvement] CSV import catalog for Annex A measures of the new ISO 27001 added [Bug] Threats and vulnerabilities were not saved during risk assessment when the system was running under PHP 8 [Bug] The list view of the "Typical Vulnerabilities" category did not work under PHP 8 [Bug] In some Report Manager views, value owners and risk owners were displayed even when the person or contact assignment was archived/deleted [Bug] |
| ISMS 1.5.2 | - | [Improvement] Compatibility with i-doit 1.19 [Improvement] Compatibility with PHP 8.0 [Improvement] Visual adjustments to the new layout of i-doit 1.19 [Bug] The column headings of the view "ISMS Risk Assessment object-based" were partially incorrectly assigned [Bug] The CSV export of the probability of occurrence after treatment was partially incorrect when the probability of occurrence before treatment was also included |
| ISMS 1.5.1 | - | [New Feature] New object type "default Requirements" for requirements from standards (e.g. ISO 27001, ISO 27002) [New Feature] Calculation of implementation status based on assigned measures in the "Deviations" category [New Feature] "Toggleable" attributes for risk identification and risk title for the "Risk Assessment" category in tenant settings [New Feature] Risk matrix labeling can be overridden via expert settings [New Feature] A direct link to the risk assessment is displayed in relevant report views and can be used in the Report Manager [Improvement] New attributes in the "Deviations" category for the Audit object type [Bug] An error message was displayed when saving categories without files [Bug] Some functions of the ISMS add-on were loaded even when the add-on was deactivated |
| ISMS 1.5 | - | [New Feature] New object type "Event" with new category "Risk Assessment (Event)" available for documenting risks using an event-based methodology [New Feature] New object type "Audit" with new category "Audit" available for documenting audits [New Feature] New category "Deviations" for documenting audit deviations [New Feature] New attributes in the "Risk Assessment" category: "Risk Recorder", "Interviewed Persons" in the "Risk Evaluation" section and "Reviewer", "Review Date", "Review Result", "Review Result (Document)" in the new "Review of Risk Treatment Effectiveness" section [New Feature] Use of a new internal attribute type for uploading documents directly into categories without using the "File" category, to control access to documents via the respective category rights [Improvement] Clearer graphical representation of the "Risk Assessment" category [Improvement] Implementation status of SOA measures is displayed in the risk assessment view [Improvement] Adjustment of report views to adequately display events [Improvement] Update of requirements in the IT-Grundschutz import file to version 2021 [Change] The report view "Risk Treatment Plan (RTP)" is now based on all used risks (event or threat-vulnerability combination) instead of all available threats [Bug] In the virtual category "Assigned Measures", measures assigned multiple times were also displayed multiple times [Bug] Database tables were not all deleted when uninstalling the add-on [Bug] Archived or deleted assessment criteria and damage scenarios were still partially displayed [Bug] An error message was displayed when creating a new object if the "Assigned Measures" category was to be shown on the overview page [Bug] Fix for missing or incorrectly assigned translations [Bug] Correction of some typos in CSV import catalogs [Bug] The slider position "not evaluated" for probability of occurrence and impact was partially not saved correctly |
| ISMS 1.4.1 | - | [New Feature] New object type "Virtual ISMS Location" available [New Feature] Risk assessments can be imported via CSV [Improvement] Visual improvements of the sliders for risk evaluation [Change] SOA measures assigned to risk assessments are now separated with line breaks in reports instead of commas [Bug] In the list view of risk assessments, overridden risk classes were partially displayed incorrectly [Bug] With older PHP versions, an error message occurred after installing the add-on [Bug] When sorting by ISMS relevance, a database error occurred in the object list [Bug] The English translations of the risk formulas were incorrect [Bug] Translations were missing in the Dialog Admin [Bug] Horizontal scrolling in wide report views no longer worked [Bug] Entries in some Dialog Admin tables could not be edited [Bug] The "Copy evaluation before treatment" button did not transfer the probability of occurrence value |
| ISMS 1.4 | - | [New Feature] Asymmetric risk matrix, risk matrix color values can now be overridden [New Feature] Name, color, and number of risk classes are now configurable [New Feature] New menu item "ISMS" under "Extras" [New Feature] New "ISMS" right in the authorization system [Improvement] Extension of available output columns in the list view of risk assessments [Improvement] Print views of report views revised, print button added [Improvement] Wording adjustment in the risk assessment [Improvement] The updated documentation for the ISMS add-on can now be found here: https://isms.readthedocs.io [Change] Configuration of risk classes and formula under "Extras" - no longer in tenant settings [Change] Minimum requirement i-doit version 1.14.2 or higher [Change] Adjustment of all categories and report views to the new risk classes [Bug] Incorrect values were output for the attribute "Probability of Occurrence after Treatment" in the Report Manager [Bug] The "Applicability" category caused an error message in the Report Manager [Bug] There was an error when duplicating Annex A measures [Bug] Risk assessments with decimal numbers were partially not listed in the risk matrix [Bug] There were incorrect links in risk assessments after duplicating objects [Bug] Report "ISMS Residual Risk by Level" did not evaluate the level [Bug] Protection goals were newly created when objects or object groups that had risk assessments were duplicated [Bug] Risk treatment options could not be edited [Bug] Incorrect wording in the "Risk Treatment Plan" view [Bug] Applicability of SOA measure was not automatically set to "Yes" when adding to a risk assessment if the Measure category was not present [Bug] Archived and deleted objects should not be displayed in report views [Bug] The "ISMS Risk Assessment object-based" view showed all protection goals instead of only the assigned ones [Bug] Reindexing the search index after CSV import threw an error message [Bug] After editing ISMS object types, the relative paths to object type icons were lost [Bug] In the Report Manager, the "Probability of Occurrence after Treatment" column output the same as "Probability of Occurrence" [Bug] The Risk Treatment Plan report view did not work when the "Threat" category was empty [Bug] A database error appeared when deleting incomplete/archived/deleted category entries |
| ISMS 1.3.3 | - | [Bug] ISMS add-on cannot be installed on a fresh i-doit 1.14 installation |
| ISMS 1.3.2 | - | [New Feature] Report views can now be filtered by locations [New Feature] The "View" right on "Category in objects below a location" for the "ISMS" category is now respected in ISMS report views [New Feature] The consideration of location rights can be configured in the tenant settings [Bug] In the report view "ISMS Scope", the location is not displayed [Bug] Filter on scope does not work in the report views "ISMS Risk by Level" and "ISMS Residual Risk by Level" |
| ISMS 1.3.1 | - | [New Feature] Report view "ISMS Risk Matrix" extended with second risk matrix after risk treatment [Improvement] Visual improvements in the report view "ISMS Risk Matrix" [Bug] Reports are written to the wrong database during fresh installation in i-doit 1.13.1 (and higher) [Bug] Missing and incorrect translations in report view "ISMS Risk Matrix" |
| ISMS 1.3.0 | - | [New Feature] Creation of a new object type "Annex A Measure" [New Feature] Extension of the Assessment Criteria object type for textual description of impact [New Feature] New report view "SOA Completeness Check" [Improvement] New icons and images for ISMS object types [Improvement] BSI elementary threats split into threat and vulnerability and provided as CSV import [Improvement] Risk assessment extended with the attribute "Date of Risk Evaluation" [Improvement] Report view "Statement of Applicability (SOA)" extended [Improvement] Report view "Risk Matrix" uses new textual representation of impact [Improvement] Requirements from the BSI Grundschutz Compendium provided as CSV import [Improvement] Threats, vulnerabilities, and measures from the "Orientation Guide on Content and Requirements for Industry-Specific Security defaults (B3S) according to Section 8a(2) BSIG" (KRITIS) provided as CSV import [Change] Object type "Threat" renamed from "Threat" [Change] Removal of the unnecessary third threshold in the "ISMS" section of tenant settings [Change] Risk treatment options adjusted to ISO 31000 values [Change] Object type "Measure" renamed to "Measure (SOA)" [Bug] Missing object title in report view "ISMS Risk Assessment object-based" [Bug] Unevaluated damage scenarios lead to incorrect display in report views "ISMS Risk Assessment" and "... object-based" [Bug] Incorrect order of damage scenario evaluations in report views "ISMS Risk Assessment" and "... object-based" [Bug] Permission error in list editing of "Recommendations according to ISO 27002" category [Bug] SQL error in list editing of the "Applicability" attribute [Bug] "Recommendations according to ISO 27002" category cannot be added to the list view [Bug] Error in variable report [Bug] The attribute "ISMS Relevance" cannot be saved in list editing [Bug] Missing English translation of the report view "ISMS Risk Treatment Plan (RTP)" |
See also#
- ISMS Add-on — Overview of the ISMS add-on
- i-doit Add-ons — All available add-ons