February 2024 - Tasks, Improved Questionnaire, and AI Assistance

This release contains big net-new functionality and feature enhancements.

Date: 02/21/2024

New Features

Task Management

Users can now track critical “things to do” related to their AI Governance process in Credo AI via Task Management. Users can track outstanding tasks, set due dates for tasks, assign tasks to individuals or team members, and see all their open tasks in one place. Each task should have a Type, Assignment, Stage (Incomplete or Complete) and Due Date.

Task Management

Questionnaire Management

Users can now create, edit, and publish Questionnaires on their own. Navigate to Policy Center in your left nav → Questionnaires to edit, create and publish Questionnaires. Once you create a Questionnaire, add questions and define alerts for Questionnaire answers. Once a Questionnaire is published, it will be accessible to Credo AI users.


Question Multi-Select

Through a feature enhancement, users can now add multi-select fields to Questionnaires.

Experimental Features

This release introduces our suite of experimental large language model (LLM)-powered features to help with use case intake and risk management. For more information, please see our LLM FAQ.

AI Use Case Intake with AI Assist ✨ (Experimental)

This feature allows users to upload existing documentation about an AI Use Case to automatically populate relevant metadata fields.

AI Assist File

AI-Powered Risk Scenario Recommendations ✨ (Experimental)

This feature improves the recommendations for specific risk scenarios relevant to a particular Use Case.

AI Risk Recommendations

AI-Powered Control Recommendations ✨ (Experimental)

This feature improves recommendations for specific risk-mitigating controls relevant to mitigate a specific risk scenario.

Deprecated Features

Control Attestation

Attestation at the control level has at best been unused and at worst confusing. It is also not something seen in GRC paradigms where attestation (i.e. responsibility) is at a higher level: either system or organization (see Vanta as an example). Removal of control attestation is to better reflect GRC practice.

Recommended Alternative

The issue of ensuring a control’s quality is still an important one, but separate from attestation. We currently support this for technical controls through alerts (e.g. a metric is out of bounds) and working on future functionality for other automated auditing tools (e.g. check if uploaded text is relevant or meets specific character counts, etc.). Manual management of control quality can also be handled with task assignment and complete/incomplete status as discussed.

NOTE: We have hidden the UI for attestation, but not deleted your data. If it's critical to migrate this data over to task assignment & completion, please reach out to Customer Success.