Release Notes

A unified inventory view of every entity in your workspace. See all your documents, evidence, personnel, computers, cloud resources, physical assets, vendors, and customers in one place. Apply filters and export the entire inventory as a CSV for auditors.

• Unified view — all entity types in one page with sorting and filtering
• CSV export — respects your current filters, hand it directly to auditors
• Audit-ready — covers SOC 2 and ISO 27001 asset management control requirements
• Knowledge sources — count with breakdown by policies, SOPs, and source documents

Every control now tracks its health with live test results. A dedicated Monitoring Tests page shows every agent run with filterable results, structured detail modals, and downloadable PDF reports. Plus, a new import wizard lets you migrate your existing evidence library from other GRC tools.

• Control health badges — Passing, Failing, Erroring, or Not Tested, visible on the controls list and detail pages
• Monitoring Tests page — agent and control filters, result badges, and clickable detail modals
• Branded PDF reports — structured sections with control info, summary, stats, and detailed results
• One-click retest — trigger a retest on any control, requests signed with HMAC-SHA256
• Drata import — migrate your evidence library with personnel matching by email and control linking by code

Every workspace now ships with the Govantic AI framework — an internal compliance engine that learns from your source documents, policies, and SOPs. Unlike external frameworks (SOC 2, ISO 27001), this one enforces how your organization actually works. It's auto-provisioned on workspace creation and updates continuously as the Knowledge Compiler processes your documents.

• Zero setup — auto-provisioned on every new workspace
• Auto-mapped requirements — compiled requirements from the Knowledge Compiler are linked to the Govantic AI framework automatically
• Virtual linking — controls like Chat Monitoring and Continuous Security Training cover all compiled requirements
• Filtered knowledge base — the consolidated requirements markdown is scoped to Govantic AI requirements for agent evaluation
• Side-by-side — works alongside SOC 2, ISO 27001, HIPAA, and other external frameworks simultaneously

A major accuracy upgrade. The Communication Agent now runs a two-pass evaluation: the first pass flags potential violations, then a confirmation pass re-evaluates each flag against the last 24 hours of channel history. This catches cases where earlier context (like confirming data was anonymized) makes a flag irrelevant. We also added three new engagement features.

• Two-pass confirmation — flagged violations are re-evaluated with 24 hours of channel history before creating incidents
• Rich context — channel topic, purpose, company name, and user job titles included in every evaluation
• Bot awareness — automated notifications (Stripe alerts, meeting summaries) evaluated with extra scrutiny to avoid false flags
• Friendly Reminders — proactive nudges posted as thread replies before issues happen, with a dedicated reminders channel for managers
• Compliance Quizzes — fun, LLM-generated quizzes delivered via DM to all channel members on a configurable schedule with correct/wrong/teach-me feedback
• PII detection — SSNs, credit card numbers, and other sensitive data patterns
• Softer language — thread replies now use cautious phrasing ("may have been" instead of "was")

The first Govantic agent is live. The Communication Agent connects to your Slack workspace, automatically joins all public channels, and monitors messages in real-time against your compiled requirements. It flags policy violations, answers compliance questions when mentioned, and processes both messages and thread replies.

• Real-time monitoring — event-driven evaluation of all messages and thread replies across public channels
• Auto-join — all public channels joined automatically with rate-limited pacing, no manual setup
• Compliance Q&A — mention the bot to ask compliance questions in any channel or thread
• Private channels — supported when the bot is invited
• 10-minute window — only evaluates recent messages to stay current; older messages from downtime are skipped
• Multi-workspace — per-workspace bot identity resolution
• Test channel — dedicated mode for safe end-to-end testing without creating real incidents

A centralized library for all your compliance artifacts. Upload evidence, attach implementation guidance, set per-artifact renewal schedules, and maintain a full version history. Renewal dates are auto-computed based on the cadence you choose — and when an artifact expires, renew it with one click while preserving the historical record.

• Version history — upload and manage compliance artifacts with full historical tracking
• Renewal schedules — per-artifact cadence (3, 6, 12 months, or custom) with auto-computed renewal dates
• Implementation guidance — collapsible text field on each evidence item explaining what's needed
• Custom creation dates — backdate artifacts when importing pre-existing evidence
• One-click renewal — archives the old version and creates a fresh artifact
• Migration-ready — idempotent import support for bringing evidence from other platforms

Controls have been completely redesigned. They're now organized by category in a flat, filterable list — no more tabs. Each control shows its linked requirements and frameworks, and you can drill into any control to see its full mapping. Mark controls as Out of Scope with a documented reason, and filter between Active and Out of Scope views.

• Integration-first — connect Slack, Gmail, Teams, or Zoom once, then manage individual controls
• Category layout — clean card grid with green border for active, grayed out for out-of-scope
• Out of Scope — mark any control with a documented reason (shown in an orange box), easily re-include later
• Framework filter — filter Controls and Requirements pages by framework, click from a framework to see only its mapped items
• Compliance mapping — control detail shows requirement pills (blue) and framework pills (purple)
• In-scope by default — controls are enabled when provisioned, opt out instead of opt in

Add compliance frameworks from a curated catalog with a single click. Before committing, a readiness ring shows how much of the framework you already cover thanks to shared controls that are already passing. Once added, a live dashboard tracks your progress with requirement and control counts.

• Framework catalog — one-click provisioning for SOC 2, ISO 27001, HIPAA, and more (385+ requirements across all frameworks)
• GAP analysis — readiness ring shows your coverage percentage before adding a framework
• Passing-based readiness — only controls that are actually passing count toward coverage, not just ones that exist
• Live dashboard — stat cards for Requirements, Controls, and Knowledge Sources with clickable links to pre-filtered list views
• Compliance rings — green at 100%, orange for partial, red at 0% on the main dashboard
• Auto backfill — new controls and requirements pushed automatically when the catalog is updated

Track your third-party vendors, manage customer relationships, and maintain contracts with SLA obligations — all from within Govantic. Contract obligations are surfaced directly in the grid with full filtering and sorting for quick access during audits.

• Vendor register — third-party risk management with contact details and risk classification
• Customer management — contract tracking, SLA terms, and obligation monitoring
• Obligations grid — visible in the contracts grid with filtering and sorting
• Audit coverage — maps to SOC 2 vendor management and customer commitment requirements

Register and track your entire infrastructure footprint. Cloud resources are categorized by type with assigned administrators, and physical assets including servers, routers, and office locations are tracked with personnel links. Everything SOC 2 and ISO 27001 require for asset management.

• Cloud resources — categorized by Containers, Buckets, Servers, Databases, Network, and VPCs
• Administrator assignment — each resource linked to a personnel record
• Physical assets — on-premise servers, routers, and networking equipment
• Locations — office locations entity linked to personnel records
• Endpoint tracking — computers associated to personnel
• Unified reporting — all entities appear in the Asset Inventory

Build your organizational structure under Settings. Create Business Units, assign personnel to them, designate unit leads, and visualize it all in an auto-generated org chart. The new Security Roles feature lets you define roles and track competencies in a Skills Matrix — essential for SOC 2 and ISO 27001 personnel security controls.

• Business Units — with responsible personnel and unit leads
• Org chart — auto-generated visualization of your organizational structure
• Multi-unit personnel — staff linked to one or many business units
• Security Roles — define roles with a dedicated Skills Matrix tab
• Competency tracking — track who is qualified for what, mapped to personnel security requirements

Upload your policies, SOPs, and source documents — the Knowledge Compiler agent extracts structured requirements using your configured LLM. It supports PDF, Word, Excel, and plain text files. When you upload a new revision and describe the changes, the compiler re-extracts requirements while maintaining full traceability back to the exact revision that produced them.

• AI-powered extraction — structured requirements from policies, SOPs, and source documents
• File support — PDF, Word (.docx/.doc), Excel (.xlsx/.xls), and plain text
• Revision system — upload a new version with a change description to guide focused recompilation
• Full traceability — every requirement links back to the specific document revision it was compiled from
• Auto-generated codes — REQ-001, REQ-002, etc. with sequential numbering per workspace
• Framework mapping — compiled requirements are automatically linked to the Govantic AI framework
• Knowledge base — consolidated markdown generated after each compile, used by all monitoring agents
• Multi-provider LLM — choose between OpenAI or Claude per workspace in Agent Settings
• Compiler Queue — real-time status tracking with pending, running, completed, and failed jobs

Govantic is live. Sign up with Google in one click or create an account with email. The platform enforces terms and conditions acceptance on signup and is fully responsive on mobile.

• Google OAuth — one-click sign-in and sign-up
• Terms enforcement — acceptance required on registration
• Mobile-ready — fully responsive experience across all devices
• Live dashboard — compliance rings and stat cards for frameworks, requirements, controls, knowledge sources, and integrations

We're launching our public release notes page so you can stay up to date with everything we ship. You can also subscribe to the RSS feed to get updates in Slack or your favorite reader.

• Timeline view — chronological feed of all platform updates
• RSS feed — subscribe in Slack or your favorite reader
• Tagged entries — features, improvements, fixes, and security