A running record of what's landed in ScanPosture, newest first. No roadmap items, no maybes — only changes that are live in the product.
Two new pages dedicated to procurement and SecOps reviews: /security publishes the four pillars (UK residency, read-only, verified publisher, UK company), eight technical-control areas, the framework readiness vs certification split, and a coordinated-disclosure process at security@scanposture.com. /sub-processors lists every vendor with purpose, data category and processing region, grouped by region.
A dedicated public status subdomain. Live operational status with a hero card, monitored-services grid, 30-day uptime history, incident timeline, and email + Atom subscriptions for incident notifications. Browser tab title reflects current overall status (✓ / ⚠ / ✕).
All customer data now stored in our Supabase region in London. Application traffic and email delivery routed through UK / EU infrastructure end-to-end. No US round-trip and no replica outside the United Kingdom.
A dedicated demo Supabase project in London powers the public demo at demo.scanposture.com. Demo trial signup is now blocked at three layers (link, page redirect, API) and routes prospects to the live signup on app.scanposture.com.
Reports now explicitly support the external-assessor audience: framework readiness views map onto Cyber Essentials, ISO 27001, GDPR Article 32, NIST CSF, CIS Controls and SOC 2 evidence requests during third-party assessments.
Login screen rebuilt with proof cards (continuous monitoring, drift detection, prioritised actions, framework readiness), MSP white-label support, and an MFA-first session flow.
The check registry now totals 201 unique checks, evaluated across nine weighted security domains: Identity & Authentication, Privileged Access, Conditional Access & Policy Enforcement, Account Lifecycle & Governance, Application & Non-Human Identity Security, Data Access & Collaboration Security, Monitoring / Drift / Posture, Logging & Audit, and Device Security.
Findings now map onto six compliance frameworks: Cyber Essentials, ISO 27001, GDPR Article 32, NIST CSF, CIS Controls and SOC 2. Each view is a readiness lens, not certification.
Every completed scan gets an AI-generated executive summary. Individual findings have an "Explain this finding" + AI remediation helper. Both are clearly labelled as AI-generated and sit alongside the step-by-step Microsoft-sourced remediation guides.
Fleet-wide visibility across managed customer tenants, role-based access (MSP admin, MSP analyst, customer admin, customer viewer), MSP branding on customer-facing reports where enabled, per-customer drill-down from the fleet view.
Want incident notifications instead of feature updates? Subscribe on the status page — email or Atom.