Feature Requests

We’re making it possible to link custom fields directly to data from resources like assets, employees, systems, suppliers, and customers. This removes the need for manual input, keeps workflows up to date, and reduces maintenance.

We’re making it possible to use values from connected data assets, employees, systems, suppliers, and customers in numeric calculations. This unlocks more advanced use cases, like inherited risk scoring or modeling asset hierarchies, and helps ensure more accurate and flexible risk assessments.

We’re adding a global search so you can find information across all sections from one place. Right now, search is limited to individual areas, which makes it hard to locate what you need quickly. This update removes that friction and helps you search the entire platform more efficiently.

We’re updating how data connections are displayed and managed to make them easier to understand and use. Today, the experience can feel inconsistent, which makes it harder to work with linked data effectively. This improvement will create a clearer, more consistent experience and set the foundation for supporting more advanced use cases across countries and compliance needs.

We’re adding support for OR conditions in custom fields to make it easier to show a field when any of several conditions are met - not just all. This helps reduce duplicated questions, workarounds, and makes it faster to build and maintain forms, especially needed for easier support of DORA incident reporting.

I’d like to propose a feature enhancement that, while initially motivated by specific guidance in Spain, could provide meaningful value across different jurisdictions by aligning with core GDPR principles and growing expectations around transparency. Specifically, it would be highly useful if the Trust Center allowed for the publication of a "first-layer summary" of the Records of Processing Activities (ROPA). This summary would typically include: Purpose of processing Legal basis Data disclosures or transfers Information on how to exercise data subject rights Version control (visible and internally managed) Although public disclosure of ROPA is not legally required in most EU countries or other regions, this approach supports the principle of transparency outlined in Article 5 of the GDPR. In Spain, for example, the Data Protection Authority (AEPD) explicitly recommends this practice as a way to demonstrate accountability and build trust. Being able to manage versions of this information within the platform — similarly to how policy documents are currently handled — would also improve consistency, auditability, and operational efficiency.

It would be very beneficial for the general user friendliness if setting up approval flows was a lot more flexible. E.g. that you can choose for each task you create individually whether it should contain an approval flow or not, and then be able to either create the approval directly from the task or use a fixed approval flow. As approval flows currently are fixed to either being implemented for all tasks or none at all, this decreases the ease of use and general customizability related to tasks, as most people will have a mix of approval requiring tasks and non approval requiring tasks.

It would be really beneficial if Formalize could include a BCP (Business Continuity Plan) module where teams can build their own BCP strategies and assign them to specific processes, assets, etc. A useful feature could be a small wizard to guide users through detailing a BCP, especially for smaller companies that may not have much experience with BCP design and implementation. The wizard could help them define a BCP for critical processes. For more experienced users, there could be an option to build their own BCPs without using the wizard. Additionally, BCPs could be linked to risks as a mitigation strategy.

It would be great if for text fields AI smart fill was an option

The Activity Log will now record any changes made to the Data Connections of elements with activity log support.