Features Email notification is sent to user on change of password / RBAC / disabling of 2FA by License Admin in User Management (SEC-3541) New option in User Management to send password reset to an existing user via email token (SEC-3540) New option to send email invite to a user created via User Management (SEC-3539) TISAX and ISO27001:2022 (without statements) included to wizard (SEC-3649) Improvements Email templates were updated to a new design (SEC-3609) License validity information is added to select tenant screen (SEC-3566) Organization Management - removal of irrelevant MFA option (SEC-3590) Organization Management - removal of XML config file (JSON is now the only option) (SEC-3610) Renaming Tenant to Organization on several places in application (SEC-3593) Rework of 2FA authentication to a new model where License Admin can only disable 2FA for user (SEC-3568) Bug Fixes Automatic session expiration shall return user back to login page (SEC-3519) Editing organization threw license error when organization limit was reached (SEC-3638) Enabling 2FA on License User without any organization role disabled access to tabs in Account screen (SEC-3640) Green confirmation dialog of added roles via Organization Users was shown even on cancelled operation (SEC-3594) RBAC role Full Access User was still shown as Tenant Master in Account (SEC-3627) Unexpected unsaved changes modal in Organization Management after hitting save (SEC-3628) User Management - License Admin can see and manage RBAC roles only for organizations under license with Admin role (SEC-3598)

Major [Data] New regulation with mappings to atomic requirements – Príloha 1 k vyhláške NBÚ 227/2025 (SEC-3603) [License 01] Added License Management screen to review available licenses (SEC-3433) [License 02] Securea Support now manages licenses and License Admin roles (SEC-3520) [License 03] Only License Admins can now access the Administration section (Organization, User, and License Management) (SEC-3468) [License 04] Organization Management now displays only organizations with licenses managed by the License Admin (SEC-3587) [License 05] User Management screen allows License Admins to assign licenses to users (SEC-3569) [License 06] License Admins can see only user licenses they manage (SEC-3487) [License 07] User Management hides user role assignments for organizations not managed by the License Admin (SEC-3543) [License 08] Added tooltip in User Management showing the license assigned to each organization (SEC-3538) [License 09] Only License Users with a valid license can access organization data (SEC-3469) [License 10] User license is now automatically assigned to all users via Organization → Organization Users (SEC-3565) [Menu] Menu structure reorganized, renamed items, and added missing breadcrumbs (SEC-3586) [User 01] Users can now exist as standalone objects without being assigned to an organization (SEC-3444) [User 02] Users can now exist with only email and username (auto-generated) (SEC-3478) [User 03] Users can now log in using email in addition to username (SEC-3450) [User 04] New password setup screen allows setting a password without knowing the old one (for new users) (SEC-3516) [User 05] Login process now requires all users to set up 2-factor authentication (SEC-3431) [User 06] Required user details must be filled in by the user during the login process (SEC-3489) [User 07] Organization selection is skipped during login for users without an organization (SEC-3526) [User 08] Account menu item is now accessible even for users without an organization (SEC-3432) [User 09] Users can be added directly to an organization by providing only their email via Organization → Organization Users (SEC-3459) [User 10] Users invited via Organization → Organization Users receive an email with a token allowing them to set their initial password (SEC-3456) [User 11] Users can now verify their own email via the Account menu (a verification link is sent) (SEC-3476) [User 12] Users receive an email notification to both old and new addresses when a License Admin changes their email (SEC-3504) [Wizard 1] Organization creation wizard can be launched from Organization Management (or from Account for new License Admins without an organization) (SEC-3471) [Wizard 2] Wizard allows creating an organization from licenses with available organization limits (SEC-3472) [Wizard 3] Wizard collects basic organization information (SEC-3475) [Wizard 4] Wizard collects information about the organization’s industry (SEC-3474) [Wizard 5] Wizard allows selecting only those regulations relevant for company compliance (SEC-3477) [Wizard 6] Wizard allows inviting users during the organization creation process (SEC-3485) [Wizard 7] Wizard summary lets you review all steps and choose the next action for the newly created organization (SEC-3486) Improvements Columns in User Management have been redesigned, reordered, and had their filters fixed (SEC-3522) Organization is now automatically selected after creation (SEC-3571) Organization name is now displayed directly in the menu as the first item instead of the word Organization (SEC-3542) Term Tenant Master (RBAC role) was changed to Full Access User (SEC-3585) Term Tenant was replaced with Organization in new features (older features will be updated gradually) (SEC-3602) Bug Fixes Fixed issue where duplicated RBAC roles could be assigned to users, causing errors during role deletion (SEC-3557) Fixed issue where unsaved changes dialog in Organization Management appeared even when no changes were made (SEC-3422) Removed the Admin column from User Management as it displayed irrelevant information (SEC-3521) Removed untranslated and empty sub-windows from Controls and Threats browsers (SEC-3518)

Features License is now required for tenant creation (licenses are assigned by Securea support) (SEC-1871) New option to add sample assets from predefined templates (only for tenants created from master data) (SEC-3327) New tenants can now be created from predefined master data (such tenant is enabled for future automated upgrades) (SEC-3413) Improvements Author in Report Browser displays username instead of user ID (SEC-3238) Caching mechanism optimized to handle larger datasets (SEC-3367) Dropdown components are now resizable, and new size is remembered in local browser storage (SEC-3140) Formatting of numbers in tables is unified (SEC-2801) Improved performance of loading Asset Threats in Asset Browser (SEC-3380) Relogin via reminder no longer requires second-factor authentication (SEC-1937) Threshold for Asset Value is now used in reports through new ‘Value Severity’ column (SEC-2701) Threshold values for Maturity added (not used yet) (SEC-3366) Threshold values for Threats renamed and reorganized in browsers and reports (SEC-3333) User view preferences stored locally in the browser have been reorganized and cleaned up (SEC-3247) Bug Fixes Dashboard Security Posture widget color corruption in collapsed mode fixed (SEC-3364) Fixed sorting on columns in Report Browser (SEC-3160) Re-login request could pop up immediately after user login (SEC-3399) Select Tenant screen showed scrollbar even if it was not needed (SEC-3150) Unsaved changes modal was missing when leaving a newly added entry unsaved (SEC-3329)

Features Asset Hierarchy – Primary and Supporting assets (SEC-2664) Improvements Assessment Points from Clause were added to all reports containing Clause Description (SEC-3080) Dashboard Security Posture Widget – algorithm for Maturity % in collapsed view changed to display % of requirements with Maturity at target level or higher (SEC-3324) Performance – optimized loading of asset mappings when adding a new asset (SEC-3277) Performance – optimized loading of threshold-related columns in tables (SEC-3278) Performance – optimized loading time for Assets in Control subtable (Control selected) in Security Requirements Fulfillment screen (SEC-2181) Performance – optimized loading time for Security Requirements Fulfillment screen (SEC-3290) Predefined system values (such as asset CIA attributes) are now automatically translated in tables in browsers (SEC-3241) Scrollbars were redesigned to remain permanently visible (SEC-3285) Bug Fixes Dashboard Security Posture Widget – color spectrum was lost after expanding and collapsing the widget (SEC-3313) Error “Model not found” could be encountered when using breadcrumbs in different browsers (SEC-3314) Expanding a dashboard widget on a layout containing a scrollbar displayed the expanded widget in the wrong screen position (SEC-3315) Incorrect data in Control Description field in Security Requirements Fulfillment (SEC-3338) Performance – some screens triggered API requests for the previous screen even after the user switched to a different one (SEC-3318)

Improvements Assign Users screen allows user to paste multiple email addresses from clipboard (SEC-3078) Changed expand and collapse behavior on sidebar menu (SEC-2742) Improved loading times on dashboard when collapsing expanded widget (SEC-2675) Improved memory management when expanding and collapsing dashboard widgets (SEC-2995) Redesigned Personalization tab in User Settings (SEC-2699) Setting dashboard as a primary no longer requires user to enter password (SEC-3237) Warning about loosing data added to edit mode when clicking a redirect within Securea with unsaved changes (SEC-2639) Bug Fixes Blank Name and Description fields for Risk Register Report in report browser (SEC-3292) Corrected wrong API endpoint for CSV import of regulations (SEC-3274) Dashboard layout editor button is now hidden for mobile devices (SEC-3165) Improved performance for adding an asset linked to an asset class (SEC-3268) Missing field descriptions for fields when adding a new clause (SEC-3291) Removed short blip when opening Regulation Checklist (SEC-2740) Save button in Assign users screen failed to disappear upon successful save (SEC-3221) Unsupported option to import full tenant as a CSV removed from dropdown (SEC-3275) Previous changes: Changes for v2.4.4

New Features Control window in SoA View per clause supports navigation to Control details and hyperlink to Control-Asset assignment (SEC-2171) Dashboard Framework and Layout Editor (SEC-2479) Dashboard Governing Documents Widget (SEC-2545) Dashboard Highest Risk Assets and Highest Threats Widgets (SEC-2735) Dashboard Security Posture Widget (SEC-2597) Dashboard Select Tenant Widget (SEC-2930) Master Tenant user role can export all tenant data as a zip archive (SEC-2272) New threshold for Asset Value added (not used yet) (SEC-2700) Refactor of thresholds - added filter support for Severity columns (SEC-2989) Select tenant screen allows setup of favorite tenants (remembered locally in browser) (SEC-2935) Select tenant screen was redesigned to allow display of more tenants on one screen (SEC-2954) SoA View per clause supports comparison of before/after when overwriting clause with requirement data (SEC-2713) Tenant name is now included in filename of each exported file (SEC-2794) Improvements Added export and import of Tenant Configuration file (SEC-2164) Adjusted rendering of tenant image to zoom in if image is not in square format (SEC-2652) All ‘Remediation’ field names are renamed to ‘Corrective Action’ (SEC-2943) Change password notification reworked to toast notification engine (SEC-2941) Column “Days Until Review” added to Governing Documentation browser (SEC-2554) Column “Requirement Count” added to Governing Documentation browser (SEC-2557) Column Corrective Action was added to reports containing clauses (SEC-2942) Data Export with Master Tenant role now uses standard toast notifications (SEC-2831) Help center accessed via ‘?’ redirected to a different source site (SEC-2840) Item detail views adjusted to show all item properties (empty properties are displayed with ‘-’) (SEC-2802) Login expiration notification text changed to inform user about loss of unsaved changes (SEC-2756) Logout icon added to the bottom of main sidebar (SEC-2637) New filter for regulation checklist added to CSV export of clauses and clause-requirements (SEC-3141) New tooltip and icon for Reset button and unification of button order in top right corner (SEC-2812) Notification is shown whenever a user switches to a different tenant (SEC-2640) Notification was added to the cloning operation on tenant (SEC-3249) Overwrite All Changed Data in SoA View notifies users that entries not visible due to filter will also be overwritten (SEC-1684) Owner ID replaced with Owner Name in Governing Documentation Table in SoA View (SEC-949) Rename of “Regulations” to “Regulations Checklist” (SEC-2062) Requirement Fulfillment & Corrective Action fields added to requirement details in mapping screens (SEC-2962) Securea login screen is redesigned to better support vertical orientation (SEC-2638) Table columns with multiline texts display all rows in one line (SEC-2204) Tenant selection displayed on first user login reworked to show tenant list instead of a grid (SEC-3077) Toast notification moved from top right corner to bottom left corner (SEC-2587) URLs for Governing Documentation adjusted to notify user when redirecting outside of Securea (SEC-2804) Warning about unsupported web browser redesigned to use toast notification engine (SEC-3162) Bug Fixes ‘Overwrite All’ was not visible in ‘SoA view’ after editing clause details and returning to SoA view (SEC-2195) Added ‘Reset’ button to ‘Report Browsers’ for detailed reports (SEC-2567) Adding regulation showed wrong background in light mode (SEC-2809) Bigger area for tooltip ‘No thresholds set’ on menu item ‘Tenant’ (SEC-2546) Cloning of currently active tenant caused wrong data being shown in Securea (SEC-3223) Compliance manager was unable to see Generate Report button (SEC-2994) Default risk threshold descriptions were not loaded according to selected language (SEC-2854) Deletion of a tenant with an existing connection caused an inconsistent tenant state (scenario is now blocked) (SEC-3256) Disabled propagation from ‘Asset Class’ for ‘Asset Owner’ (SEC-2149) Export buttons in report manager are more consistent and have tooltips (SEC-2759) Filter did not work in Report Browser for all saved reports in Detailed Format (SEC-2696) Fixed ‘Overwrite all’ that got hidden after editing in SoA view screen (SEC-2595) Fixed loading-related error in ‘Asset Browser’ after propagation (SEC-2443) Fixed logo issue in tenant creation workflow (SEC-2577) Fixed redundant reset of the search filter when editing records that are the result of a search (SEC-2593) Horizontal arrows navigating between records did not scroll records back to the top (SEC-2747) Improved styling and responsiveness for certain resolutions in User Settings/User Management (SEC-2049) Light theme fix on delete tenant screen (SEC-2978) Light theme fixes on filter input (SEC-3143) Regulation selection criteria when adding a new report were not refreshed when switching between tenants (SEC-2808) Removed redundant “Export” buttons in catalogues and browsers (SEC-2806) Removed redundant word ‘Threat’ in Threat Browser Reset filter pop-up (SEC-2715) Securea enters not responding state after sorting some columns in mapping screen (SEC-3245) Several filter options not working in Security Requirements Fulfillment screen (SEC-2527) Switching to a different requirement in Security Posture screen did not scroll Requirement Description back to the top (SEC-2584) Tenant with one regulation was not able to generate a new report - field was disabled and regulation record was not prefilled (SEC-2798) User-friendly error messages on failed import (SEC-888)