Release Notes

Source documents now support drag-and-drop bulk upload, SOPs use a structured step editor, controls are categorized by how they're satisfied, and every concept in Govantic has a consistent color theme for quick visual identification.

• Bulk drag-and-drop upload — upload multiple source documents and policies at once. Drag files onto the upload area or click to select. Each file shows upload progress, an editable display name, and auto-detected category from the filename.
• SOP step editor — SOPs now have a numbered step structure. Each step has a title and rich text content. Add, remove, and reorder steps in a split-panel layout with a step list sidebar and full editor panel. Legacy SOPs with unstructured content are still supported.
• Control type categories — controls are now organized by how they are satisfied: Monitored (automated), Policy, SOP, Evidence, or Review. Filter cards at the top of the Controls page show per-type counts and let you drill into each category. Monitored controls include an additional agent filter.
• Evidence-control mapping — link evidence to controls directly from the control detail page. Add existing evidence from your library or create new evidence inline. Evidence appears as teal badges with artifact counts.
• Policy-control mapping — link policies to controls and vice versa. Policies appear as orange badges on control detail, controls appear as green badges on policy detail. Search and link from either direction.
• Color-coded theme system — every concept in Govantic now has a unique color for instant visual identification: Requirements (blue), Controls (gray), Monitoring Tests (green), Policies (teal), Evidence (purple), SOPs (orange), Source Documents (yellow), and Agents (cyan). Colors are consistent across sidebar icons, list pages, detail pages, badges, and the dashboard.

Controls now have a responsible person auto-assigned from your security roles, requirements can be created and mapped manually, and Policies and SOPs get a full WYSIWYG editor with PDF export and version restore.

• Control responsible person — each control can now have an assigned responsible person from your personnel register. When controls are imported, activated from the catalog, or seeded with a new workspace, the person holding the highest-priority security role (lowest ordinal) is auto-assigned. A new toggle on security role creation lets you bulk-assign all unassigned controls.
• Manual requirements — create, edit, archive, and manage requirements directly from the UI with automatic REQ-XXX code assignment. Manually map or unmap requirements to controls and frameworks to customize your compliance program.
• Govantic AI auto-sync — the compiled knowledge base automatically regenerates whenever requirements in the Govantic AI framework are added, removed, edited, or archived, keeping agents up to date without manual intervention.
• Rich text editor for Policies & SOPs — a full WYSIWYG editor with formatting toolbar (bold, italic, underline, headings, lists, text alignment, font size, colors, highlights, tables, links, images, and code blocks) replaces the plain text area. Copy-pasting from Word, PDFs, and web pages preserves formatting.
• Markdown descriptions — description fields across Requirements, Controls, Policies, and SOPs now support rich text editing and render as formatted content. Requirements and Controls editing moved from modals to dedicated full-width pages.
• Archive Policies & SOPs — soft-delete documents with a single click. Filter lists by status (Active or Archived). Archived documents are read-only and excluded from compilation.
• PDF download & version restore — download any Policy or SOP (current or historical version) as a branded PDF. Restore a previous version with one click, which creates a new revision preserving the full history.
• Editor quality fixes — text alignment (center, right, justify) now renders correctly in read-only views and PDF exports. Toolbar buttons removed from keyboard tab order. Highlighted text background renders correctly in exported PDFs.

Requirements are now organized by category for every framework, a new Auditor Guidance field tells you what to expect during audits, and you can import an entire framework from Drata in one click — requirements, controls, and mappings included.

• Requirement categories — filter requirements by category within each framework. SOC 2: Security, Availability, Processing Integrity, Confidentiality, Privacy. ISO 27001: Context of the Organization, Leadership, Planning, Support, Operation, Performance Evaluation, Improvement, and Annex A sub-categories. HIPAA: Breach Notification, Privacy, Security General Rules, Administrative/Physical/Technical Safeguards, and more.
• Govantic AI categories — compiled requirements are automatically categorized into 15 categories (Access Control, Data Protection, Communication Security, Network Security, Incident Response, Change Management, Risk Management, Governance, Human Resources, Physical Security, Business Continuity, Vendor Management, Asset Management, Monitoring & Logging, Other) by the Knowledge Compiler
• Auditor Guidance — every requirement now includes a "What auditors look for" section explaining what evidence and processes auditors typically expect
• Drata framework import — import an entire framework from Drata with one click, including all requirements, controls, and their mappings. Combined with the existing evidence import, you can now do a complete migration from Drata.
• Compiler Queue on Agent Status — view the Knowledge Compiler queue directly from the Agent Status page across documents, SOPs, policies, and the agents menu
• Help Center — a new Help Center on the website with searchable articles covering every feature in the platform

A unified inventory view of every entity in your workspace. See all your documents, evidence, personnel, computers, cloud resources, physical assets, vendors, and customers in one place. Apply filters and export the entire inventory as a CSV for auditors.

• Unified view — all entity types in one page with sorting and filtering
• CSV export — respects your current filters, hand it directly to auditors
• Audit-ready — covers SOC 2 and ISO 27001 asset management control requirements
• Knowledge sources — count with breakdown by policies, SOPs, and source documents

Every control now tracks its health with live test results. A dedicated Monitoring Tests page shows every agent run with filterable results, structured detail modals, and downloadable PDF reports. Plus, a new import wizard lets you migrate your existing evidence library from other GRC tools.

• Control health badges — Passing, Failing, Erroring, or Not Tested, visible on the controls list and detail pages
• Monitoring Tests page — agent and control filters, result badges, and clickable detail modals
• Branded PDF reports — structured sections with control info, summary, stats, and detailed results
• One-click retest — trigger a retest on any control, requests signed with HMAC-SHA256
• Drata import — migrate your evidence library with personnel matching by email and control linking by code

Every workspace now ships with the Govantic AI framework — an internal compliance engine that learns from your source documents, policies, and SOPs. Unlike external frameworks (SOC 2, ISO 27001), this one enforces how your organization actually works. It's auto-provisioned on workspace creation and updates continuously as the Knowledge Compiler processes your documents.

• Zero setup — auto-provisioned on every new workspace
• Auto-mapped requirements — compiled requirements from the Knowledge Compiler are linked to the Govantic AI framework automatically
• Virtual linking — controls like Chat Monitoring and Continuous Security Training cover all compiled requirements
• Filtered knowledge base — the consolidated requirements markdown is scoped to Govantic AI requirements for agent evaluation
• Side-by-side — works alongside SOC 2, ISO 27001, HIPAA, and other external frameworks simultaneously

A major accuracy upgrade. The Communication Agent now runs a two-pass evaluation: the first pass flags potential violations, then a confirmation pass re-evaluates each flag against the last 24 hours of channel history. This catches cases where earlier context (like confirming data was anonymized) makes a flag irrelevant. We also added three new engagement features.

• Two-pass confirmation — flagged violations are re-evaluated with 24 hours of channel history before creating incidents
• Rich context — channel topic, purpose, company name, and user job titles included in every evaluation
• Bot awareness — automated notifications (Stripe alerts, meeting summaries) evaluated with extra scrutiny to avoid false flags
• Friendly Reminders — proactive nudges posted as thread replies before issues happen, with a dedicated reminders channel for managers
• Compliance Quizzes — fun, LLM-generated quizzes delivered via DM to all channel members on a configurable schedule with correct/wrong/teach-me feedback
• PII detection — SSNs, credit card numbers, and other sensitive data patterns
• Softer language — thread replies now use cautious phrasing ("may have been" instead of "was")

The first Govantic agent is live. The Communication Agent connects to your Slack workspace, automatically joins all public channels, and monitors messages in real-time against your compiled requirements. It flags policy violations, answers compliance questions when mentioned, and processes both messages and thread replies.

• Real-time monitoring — event-driven evaluation of all messages and thread replies across public channels
• Auto-join — all public channels joined automatically with rate-limited pacing, no manual setup
• Compliance Q&A — mention the bot to ask compliance questions in any channel or thread
• Private channels — supported when the bot is invited
• 10-minute window — only evaluates recent messages to stay current; older messages from downtime are skipped
• Multi-workspace — per-workspace bot identity resolution
• Test channel — dedicated mode for safe end-to-end testing without creating real incidents

A centralized library for all your compliance artifacts. Upload evidence, attach implementation guidance, set per-artifact renewal schedules, and maintain a full version history. Renewal dates are auto-computed based on the cadence you choose — and when an artifact expires, renew it with one click while preserving the historical record.

• Version history — upload and manage compliance artifacts with full historical tracking
• Renewal schedules — per-artifact cadence (3, 6, 12 months, or custom) with auto-computed renewal dates
• Implementation guidance — collapsible text field on each evidence item explaining what's needed
• Custom creation dates — backdate artifacts when importing pre-existing evidence
• One-click renewal — archives the old version and creates a fresh artifact
• Migration-ready — idempotent import support for bringing evidence from other platforms

Controls have been completely redesigned. They're now organized by category in a flat, filterable list — no more tabs. Each control shows its linked requirements and frameworks, and you can drill into any control to see its full mapping. Mark controls as Out of Scope with a documented reason, and filter between Active and Out of Scope views.

• Integration-first — connect Slack, Gmail, Teams, or Zoom once, then manage individual controls
• Category layout — clean card grid with green border for active, grayed out for out-of-scope
• Out of Scope — mark any control with a documented reason (shown in an orange box), easily re-include later
• Framework filter — filter Controls and Requirements pages by framework, click from a framework to see only its mapped items
• Compliance mapping — control detail shows requirement pills (blue) and framework pills (purple)
• In-scope by default — controls are enabled when provisioned, opt out instead of opt in

Add compliance frameworks from a curated catalog with a single click. Before committing, a readiness ring shows how much of the framework you already cover thanks to shared controls that are already passing. Once added, a live dashboard tracks your progress with requirement and control counts.

• Framework catalog — one-click provisioning for SOC 2, ISO 27001, HIPAA, and more (385+ requirements across all frameworks)
• GAP analysis — readiness ring shows your coverage percentage before adding a framework
• Passing-based readiness — only controls that are actually passing count toward coverage, not just ones that exist
• Live dashboard — stat cards for Requirements, Controls, and Knowledge Sources with clickable links to pre-filtered list views
• Compliance rings — green at 100%, orange for partial, red at 0% on the main dashboard
• Auto backfill — new controls and requirements pushed automatically when the catalog is updated

Track your third-party vendors, manage customer relationships, and maintain contracts with SLA obligations — all from within Govantic. Contract obligations are surfaced directly in the grid with full filtering and sorting for quick access during audits.

• Vendor register — third-party risk management with contact details and risk classification
• Customer management — contract tracking, SLA terms, and obligation monitoring
• Obligations grid — visible in the contracts grid with filtering and sorting
• Audit coverage — maps to SOC 2 vendor management and customer commitment requirements

Register and track your entire infrastructure footprint. Cloud resources are categorized by type with assigned administrators, and physical assets including servers, routers, and office locations are tracked with personnel links. Everything SOC 2 and ISO 27001 require for asset management.

• Cloud resources — categorized by Containers, Buckets, Servers, Databases, Network, and VPCs
• Administrator assignment — each resource linked to a personnel record
• Physical assets — on-premise servers, routers, and networking equipment
• Locations — office locations entity linked to personnel records
• Endpoint tracking — computers associated to personnel
• Unified reporting — all entities appear in the Asset Inventory

Build your organizational structure under Settings. Create Business Units, assign personnel to them, designate unit leads, and visualize it all in an auto-generated org chart. The new Security Roles feature lets you define roles and track competencies in a Skills Matrix — essential for SOC 2 and ISO 27001 personnel security controls.

• Business Units — with responsible personnel and unit leads
• Org chart — auto-generated visualization of your organizational structure
• Multi-unit personnel — staff linked to one or many business units
• Security Roles — define roles with a dedicated Skills Matrix tab
• Competency tracking — track who is qualified for what, mapped to personnel security requirements

Upload your policies, SOPs, and source documents — the Knowledge Compiler agent extracts structured requirements using your configured LLM. It supports PDF, Word, Excel, and plain text files. When you upload a new revision and describe the changes, the compiler re-extracts requirements while maintaining full traceability back to the exact revision that produced them.

• AI-powered extraction — structured requirements from policies, SOPs, and source documents
• File support — PDF, Word (.docx/.doc), Excel (.xlsx/.xls), and plain text
• Revision system — upload a new version with a change description to guide focused recompilation
• Full traceability — every requirement links back to the specific document revision it was compiled from
• Auto-generated codes — REQ-001, REQ-002, etc. with sequential numbering per workspace
• Framework mapping — compiled requirements are automatically linked to the Govantic AI framework
• Knowledge base — consolidated markdown generated after each compile, used by all monitoring agents
• Multi-provider LLM — choose between OpenAI or Claude per workspace in Agent Settings
• Compiler Queue — real-time status tracking with pending, running, completed, and failed jobs

Govantic is live. Sign up with Google in one click or create an account with email. The platform enforces terms and conditions acceptance on signup and is fully responsive on mobile.

• Google OAuth — one-click sign-in and sign-up
• Terms enforcement — acceptance required on registration
• Mobile-ready — fully responsive experience across all devices
• Live dashboard — compliance rings and stat cards for frameworks, requirements, controls, knowledge sources, and integrations

We're launching our public release notes page so you can stay up to date with everything we ship. You can also subscribe to the RSS feed to get updates in Slack or your favorite reader.

• Timeline view — chronological feed of all platform updates
• RSS feed — subscribe in Slack or your favorite reader
• Tagged entries — features, improvements, fixes, and security