Features in ADOGRC 14.2
Introducing ADOGRC 14.2, the latest update to our Unified Governance, Risk & Compliance (GRC) suite.
A key highlight for users is the integration of a Model Context Protocol (MCP) server, which opens the door to connecting ADOGRC with AI systems such as large language models (LLMs).
For administrators, this release introduces several powerful improvements:
Super admins with unrestricted system access
Automatic audit log files for continuous tracking of administrative actions
Support for preauthorized scopes in OIDC client configurations
Additionally, this release includes fixes for issues discovered in previous versions.
New Features for All Users
MCP Services
ADOGRC 14.3 now includes a Model Context Protocol (MCP) server, making it easier to connect with AI systems.
MCP is an open standard that enables AI applications to connect with external tools like ADOGRC. This allows information and capabilities to be exchanged smoothly between ADOGRC and systems such as large language models (LLMs), reducing the need for complex custom integrations.
Agent-based access: To use MCP, an agent is required that connects to the ADOGRC MCP server and communicates with the AI system. Typically, such an agent is developed or provided by the customer.
LLM subscription: Integrating with an LLM usually requires a subscription to the chosen LLM provider (e.g., OpenAI).
Preconfigured tools: ADOGRC comes with a set of ready-to-use tools that let you find models and objects by name and description, view their properties, and execute saved searches via natural-language prompts.
Extensibility: Additional tools can be configured to expose any functionality of the ADOGRC REST API by BOC Solution Engineers as part of customising projects.
Context-sensitive execution: All tools operate in the context of the user account under which the MCP requests are executed, ensuring that permissions and repository restrictions are respected.
This new integration capability makes it easier to connect ADOGRC to LLMs and other AI technologies for tasks such as natural-language queries, context-aware reporting, or AI-assisted analysis.
Customers who can provide their own agent (e.g., via internal developers) can enable MCP services in ADOGRC and use the preconfigured tools immediately. For additional requirements or to extend MCP capabilities with custom tools, contact your ADOGRC consultant. They can help assess your needs and initiate a customising project to configure the necessary tools for your use cases.
New Features for ADOGRC Administrators
Enable MCP Services
In the ADOGRC Administration, you can activate access to the new Model Context Protocol (MCP) server. To do this:
Enable access to the ADOGRC REST API
Activate the MCP services
Optionally, configure IP restrictions to limit which IP addresses can access the MCP server
Once access to the MCP server is enabled, a local agent is required to manage communication between your chosen LLM and ADOGRC. This agent is an independent component and is not provided out of the box.
With a properly configured agent, you can use the MCP services in ADOGRC. For example, you can ask your agent questions in natural language, which are then processed using the preconfigured MCP tools.
For details on enabling the MCP services, please refer to the section "MCP Services" in the Administration Help.
Guidance on using the MCP services and a reference implementation in Python for creating an agent is available via the BOC Developer Portal.
Super Admins
Super admins have unrestricted access to the entire system, including all tool components and database contents. This enables them to perform all administrative tasks without limitation.
One such super admin account (the user Admin) is created automatically during ADOGRC installation. To correlate administrative actions to specific individuals and track them in the audit log, additional users can be designated as super admins.
These users can then temporarily activate super admin mode to access to administrative functions and disable it again when it is no longer required.
For details on configuring administrators in ADOGRC, including super admins, global administrators, and sub-administrators, please refer to the section "Configure Users as Administrators in ADOGRC" in the Administration Help.
Audit Log Files
ADOGRC now automatically records administrative actions in log files. Audit entries are written to *_audit.log files located in the default /logs folder within the application server installation directory. This functionality is always active and cannot be disabled.
By default, sensitive data (such as user names and user properties) is encrypted in the audit logs. If needed, however, audit data can be deanonymised. Audit log files are also automatically included in the support information package (SIP).
The existing audit log that can be enabled manually in the ADOGRC Administration and exported as CSV still exists. However, it is scheduled for removal in a future ADOGRC version.
For details on the new audit log files, please refer to the section "Audit Log Files" in the Administration Help.
OIDC: Preauthorized Scopes
ADOGRC can act as an OpenID Provider (OP) and, in this role, authenticate users for external applications (OIDC clients), allowing them to sign in with their ADOGRC credentials.
New in ADOGRC 14.2: When configuring a client application to authenticate users via ADOGRC, it is now possible to define preauthorized scopes.
If an authorization request is sent where all requested scopes are preauthorized, and the user is already logged in, the request is granted immediately without displaying a consent dialog. If at least one of the requested scopes is not preauthorized, the consent screen is still shown.
This enhancement is especially relevant for micro frontend scenarios, where seamless access without repeated authorization is desired.
For details, please refer to the section "Authentication > OIDC" in the Administration Help.
Features in ADOGRC 14.1
Introducing ADOGRC 14.1, the latest update to our Unified Governance, Risk & Compliance (GRC) suite.
New Features for Administrators
New Section in Online Documentation
We have published a new section in our Online Documentation with short guides for administrators. We are starting off with a guide on how to apply a hotfix to an existing ADOGRC installation and a troubleshooting guide for email notifications with some pointers on where to look for common issues. You can find both guides in the section ADOGRC Administration Guides and Tutorials.
New Administration Features in the Base Product ADONIS 17.1
As ADOGRC 14.1 is built upon ADONIS 17.1, administrators automatically benefit from a range of additional improvements.
- SCIM Support: this feature allows for management of user accounts via a standardised REST protocol. This opens new ways to automatically create or delete users directly from an external authentication solution like Microsoft Entra ID.
- ADOGRC as OpenID Provider: using this feature, Administrators can configure ADOGRC as OpenID Provider which allows users to log in to other applications with their ADOGRC user and password
- Easier File Management configuration: up until now allowed file types and maximal file size had to be configured on both the Application Server and the Web Server. This has been consolidated and can now be configured entirely in the ADOGRC Administration.
- Unshare and Delete Users: if users have been shared to multiple repositories, it is no longer necessary to unshare them from each separately. The Unshare and Delete feature takes care of all with one click.
- Support Access: this feature, which is only available for SaaS customers, greatly simplifies handling when they create a Support Ticket at BOC. If customers activate this feature, it will allow temporary access for the responsible BOC employees handling the ticket to the environment. This will speed up analysis and resolution of your Support Tickets.
You can find more details on all new features in the ADONIS 17.1 What's New section.
Features in ADOGRC 14.0
Introducing ADOGRC 14.0, the latest update to our Unified Governance, Risk & Compliance (GRC) suite.
Following the major enhancements in ADOGRC 13.0, this release comes packed with new features as well. It introduces two powerful new scenarios — Business Continuity Management (BCM) and the Digital Operational Resilience Act (DORA) — as part of our ADOGRC Information & Cybersecurity Focus Edition.
In addition to that you can leverage synergies with our base product ADONIS 17.0 which also comes with a long list of features and improvements.
Let's explore the new features of ADOGRC 14.0 in detail.
New Scenario: DORA
To be able to document and operationalize your DORA scenario, ADOGRC 14 adds six new object types, namely Function, Third Party Provider, Business Impact Analysis, Criticality Analysis, Protection Requirement Analysis and Contract to its portfolio.
All of these new object types can be operationalized with workflows, that include features like scheduling, notifications, and reminders, as well as My Dashboards for contributors, Inventory dashboards and Insight dashboards for contextual views and direct access to reports.
Find out more on DORA in our ADOGRC blog: Understanding Digital Operational Resilience Act (DORA) and our DORA Solution page.
All new object types are available for all users of the ADOGRC Standard Application Library, the new release workflows and dashboards depend on the license.
New Scenario: Business Continuity Management (BCM)
Complementing the DORA scenario, BCM leverages several of the new object types that are now contained in the ADOGRC Standard Library, most prominently the Function and Business Impact Analysis. Workflows, Dashboards and Insights included.
Find out more on BCM in our ADOGRC blog: Mastering Business Continuity Management (BCM) and our BCM Solution page.
All new object types are available for all users of the ADOGRC Standard Application Library, the new release workflows and dashboards depend on the license.
ADONIS 17.0 Feature Highlights
As ADOGRC 14.0 is built upon ADONIS 17.0, you automatically benefit from a range of additional features and improvements. Here are some of the highlights:
All New AI Assistant: Leverage the Power of AI to Design, Understand and Analyse Processes
Let AI help you modelling in natural language, explain existing models to a user and ask questions as an analyst to improve and optimize a process. Find details on this powerful new feature in the ADONIS news on the AI Assistant.
Process Drafter: Create Process Proposals the easy way
The Process Drafter is a guided path to design a new process in a few simple steps. Just add the steps and end result of a process in a tabular view and the Process Drafter takes care of the rest. Find details in the ADONIS news on the Process Drafter.
ADONIS Process Mining Essentials
This new add-on assists you when perfecting processes: extract and visualise data, compare observed and expected behaviour and analyse process efficiency. Find details on this add-on in the ADONIS news on the Process Mining Essentials
Aside from these highlights there is a host of other new and improved functionality too long to list here. Find details on all new and improved features on the New Features in ADONIS 17.0 page.
New Features for All Users
Click Less with Master Data Inheritance for Multiple Objects
In ADOGRC, assessment objects — such as Risk Assessments, Control Tests, Control Executions, and Control Objective Assessments — can be easily derived from a parent object, i.e. a Risk, Control, or Control Objective, automatically inheriting key data, such as detailed descriptions and guidelines for the assessment.
With the new Master Data Inheritance functionality, you can now re-trigger inheritance at any time for a single or multiple objects at once. This ensures that derived objects stay up to date, especially during the setup phase, keeping your data consistent with minimal effort.
Filter for Escalated Objects on Start Page
The ADOGRC start page gives you a quick overview over the number of currently escalated objects. This number now excludes objects where all tasks have already been performed, e.g. if an object has already been released or the assessment has already been done. The filter for escalated objects on the respective dashboard has also been adapted to the same behaviour. This improvement helps to focus on the critical open tasks that need immediate attention.
Enhancements and Optimizations
We’ve made several improvements to boost your experience, including:
- Email Notifications are now sorted alphabetically for a better overview of upcoming tasks.
- Add Resource objects as assets to Risks, Risk Assessments, Controls, Control Executions and Control Testings .
- Find recently used objects in the Quick Access tab of the Explorer so you can seamlessly continue with your tasks.
- Inclusive UI – German interface texts are now properly gendered.
User Interface Improvements:
- Optimized Start Page Layout – Uses available space more efficiently.
- Resizable Dialogs – Resize Master Data and workflow dialogs according to your screen size.
- Better Tooltips – Optimized layout when hovering over long texts.
- Enhanced Contrast in Assessment Dialogs for improved readability.
New Features for Users of the ADOGRC Standard Application Library
New Object Types for Business Continuity & Operational Resilience
To support the new BCM and DORA scenarios, the ADOGRC Standard Application Library has been extended with several new object types, including Function, Third Party Provider, and Business Impact Analysis. These additions build a strong foundation for modeling resilience, risk, and regulatory requirements across operational and cybersecurity domains.
Full list of new object types:
| Object Type | Purpose |
|---|---|
| Function | The Function maps business functions and serves as an overarching object for processes. |
| Third Party Provider | A (ICT-) Third Party Provider is a service provider that provides information or communication technology to the company. It is also a contracting party or ICT sub-service provider in an ICT service supply chain. |
| Contract | A Contract represents the contractual relationship between the company and an external service provider. It is central to the management of ICT service relationships. |
| Business Impact Analysis | A Business Impact Analysis is used to determine the BCM relevance of the analyzed assets based on damage potential over various time dimensions. |
| Criticality Analysis | A Criticality Analysis assesses the criticality of Functions, (business) Processes and other assets with regard to regulatory requirements and operational impact. It supports the prioritization of protection measures. |
| Protection Requirement Analysis | A Protection Requirement Analysis is used to determine the protection requirements of Functions, (business) Processes and other assets to evaluate their protection goals (CIAA). |
| Country | The Country is used to represent the geographical location of Organizational Units, Third Party Providers, or other relevant entities. It supports geographical analysis and classification. |
| Currency | The Currency is used to represent, assess, and convert financial values. It supports standardization and comparability across different regions. |
| License Activity | A Licence Activity describes an activity of a company or Third Party Provider that is approved or supervised by an authority. It is used to capture regulatory frameworks. |
The new object types enable you to capture critical business dependencies and perform targeted analyses — helping you build a stronger, more resilient organization.
Standard Catalog for Countries, Currencies and License Activities
ADOGRC 14.0 ships with a comprehensive list of Countries, Currencies and Licensing Activities which can be imported to allow you to use these new object types right away without having to create them.
Extensions to Existing Object Types
The following object types have been extended to better support BCM and DORA scenarios:
| Object Type | New Chapters |
|---|---|
| Application | DORA, BCM, Criticality/Protection |
| Application Service | Criticality/Protection |
| Document | Criticality/Protection |
| Entity | BCM, Criticality/Protection |
| External Partner | BCM |
| Node | Criticality/Protection |
| Organisational Unit | Details on company, BCM |
| Performer | BCM |
| Process | Criticality/Protection |
| Resource | BCM, Criticality/Protection |
For the Process object type, the existing chapter BCM has been extended with the highlighted attributes and relations shown below:
New Features for Administrators
Enhanced Tabular Dashboard Configuration
ADOGRC 14.0 takes user experience to the next level with advanced configurations for tabular views. New options in the ADOGRC Administration offer in-depth control over tabular dashboards, allowing to add and remove columns as needed so users can access the exact information required for their daily tasks.
Each column can be configured to be always visible or available on demand, ensuring a clean, streamlined interface without sacrificing flexibility. This balance between clarity and customization enables users to maintain an uncluttered tables while seamlessly bringing in additional data whenever needed.
The Properties Management feature allows administrators to adapt the metamodel and data model to fit their organization's needs at any time. Paired with the Tabular Dashboard Configuration, these changes are now seamlessly visible and easily accessible to end users — right where they expect them.
Administration Help
We now provide a dedicated manual for ADOGRC Administrators. This contains all relevant information to manage the functionality of our base product ADONIS as well as ADOGRC specific settings and configurations. You can find the Administration Help in the ADOGRC Documentation space.
Further Configuration Options
We’ve added new customization options in the ADOGRC Administration:
- Customizable Action Button
– Choose whether it opens Insights, Properties, or the workflow menu. - Adaptable UI - Option to hide Inventories and Catalogs from the global toolbar in case they are not used.
For details regarding these new options, please refer to our Setup Guide.
We've also improved the setup process for new ADOGRC installations. At startup, ADOGRC checks that the required Technical Users and System Roles exist. If any are missing, they are automatically created.