<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"><channel><title>Openlane Updates | Blog and Changelog</title><description>Latest news from Openlane</description><link>https://www.theopenlane.io</link><item><title>[Changelog] Trust Center Subscriber Updates</title><link>https://www.theopenlane.io/company/changelog/#2026-07-09-trustcenter-subscribe</link><guid isPermaLink="true">https://www.theopenlane.io/company/changelog/#2026-07-09-trustcenter-subscribe</guid><description>Your customers can now subscribe to updates from your Trust Center, so they no longer have to check back manually to stay current on your security and compliance posture.

Subscribers can be automatically notified about subprocessor changes and new posts, keeping them informed as your program evolves without any extra work on your end.

This makes it easier to keep customers, prospects, and auditors in the loop, and reinforces the Trust Center as a living source of truth rather than a static snapshot.</description><pubDate>Thu, 09 Jul 2026 00:00:00 GMT</pubDate><category>changelog</category><category>feature</category><category>trust-center</category></item><item><title>[Changelog] SSO, Provisioning, and Support Access</title><link>https://www.theopenlane.io/company/changelog/#2026-07-01-sso-and-support-updates</link><guid isPermaLink="true">https://www.theopenlane.io/company/changelog/#2026-07-01-sso-and-support-updates</guid><description>We&apos;ve expanded SSO and organization access controls to give teams more flexibility when managing authentication, provisioning, and support access in Openlane.

Expanded SSO Controls — Organizations can now exempt specific domains or individual users from SSO enforcement. Organization owners continue to bypass SSO by default to support account recovery.

Just-in-Time Provisioning — SSO can now be used to automatically provision new organization members when they authenticate through your identity provider. This makes it easier to onboard users without manually inviting each person ahead of time.

Dedicated SSO URL — When SSO is enabled, your organization now gets a dedicated SSO URL that members can use to authenticate directly into your organization. If automatic provisioning is enabled, new members can also use this URL to sign up and be added to the organization.

SSO Enforcement Visibility — The members table now includes SSO enforcement details when SSO enforcement is enabled. You can see whether SSO applies to each user, and hover for additional context such as whether enforcement is based on domain rules or user-level exemptions.

Allowed Domains Update — Allowed Domains now only control automatic organization membership and no longer prevent you from directly inviting users from other domains. If you&apos;re not using SSO, we recommend enabling Auto Invite for your organization&apos;s domains. Auto Invite is not used when SSO is enabled.

Support Access — You can now enable or disable Openlane Support access to your organization without inviting individual Openlane team members. Support access is disabled by default, giving you full control over when Openlane can access your organization.</description><pubDate>Wed, 01 Jul 2026 00:00:00 GMT</pubDate><category>changelog</category><category>feature</category><category>auth</category><category>sso</category></item><item><title>[Blog] Creating Effective AI Usage Policies for Engineering Teams</title><link>https://www.theopenlane.io/blog/ai-usage-policy-guide</link><guid isPermaLink="true">https://www.theopenlane.io/blog/ai-usage-policy-guide</guid><description>Creating Effective AI Usage Policies for Engineering Teams</description><pubDate>Tue, 30 Jun 2026 19:05:35 GMT</pubDate><category>blog</category></item><item><title>[Changelog] Improved Controls Reporting</title><link>https://www.theopenlane.io/company/changelog/#2026-06-29-sso-and-support-updates</link><guid isPermaLink="true">https://www.theopenlane.io/company/changelog/#2026-06-29-sso-and-support-updates</guid><description>We’ve updated the Controls report to make it easier to understand control coverage across your organization and frameworks.

You can now switch between organization control and framework views, making it easier to see how your internal controls map to framework requirements. The report also shows key details like owners, approval status, evidence, linked policies, framework mappings, and related organization controls in one place.

We’ve also added report filters to help you quickly identify gaps, including controls with no owner, no evidence, evidence in a non-approved state, no linked policies, or no linked organization controls.

These updates make it easier to navigate your controls, assign ownership, track evidence, and understand where your compliance program is complete or needs attention.</description><pubDate>Mon, 29 Jun 2026 00:00:00 GMT</pubDate><category>changelog</category><category>feature</category><category>compliance</category></item><item><title>[Changelog] Role Management</title><link>https://www.theopenlane.io/company/changelog/#2026-06-24-role-management</link><guid isPermaLink="true">https://www.theopenlane.io/company/changelog/#2026-06-24-role-management</guid><description>We&apos;ve expanded role management to give organizations more precise control over what each user can see and do in Openlane.

Super Admin — A new organization-level role with full administrative access, including user management, billing, and organization settings. Designed for owners who need unrestricted access across the platform.

Auditor — A read-only role built for external auditors and compliance reviewers. Auditors can view evidence, controls, and documentation without the ability to make changes — keeping your audit process clean and your data intact.

Functional Roles — In addition to base organization roles, users can now be granted functional roles that scope their permissions to a specific area of the platform. Available roles include:

- Campaign Manager — Manage campaigns, assessments, templates, and email configuration
- Compliance Manager — Manage compliance programs, controls, evidence, and mapped controls
- Group Manager — Manage organization groups
- Policy Manager — Manage all policies and procedures
- Registry Manager — Manage assets, entities, contacts, platforms, and system details
- Risk Manager — Manage risks, vulnerabilities, findings, and remediation
- Workflow Manager — Manage workflow automation and task assignment

Functional roles can be layered on top of any base organization role, letting you give team members access to exactly what they need without over-provisioning.

Learn more about roles and authorization in the Openlane docs.</description><pubDate>Wed, 24 Jun 2026 00:00:00 GMT</pubDate><category>changelog</category><category>feature</category><category>auth</category></item><item><title>[Changelog] Document Integrations</title><link>https://www.theopenlane.io/company/changelog/#2026-06-10-document-integrations</link><guid isPermaLink="true">https://www.theopenlane.io/company/changelog/#2026-06-10-document-integrations</guid><description>We&apos;re expanding document management options to give teams more flexibility in how they store and maintain their compliance policies.

Google Drive — Sync policies directly from Google Drive for a live, read-only view in Openlane while continuing to manage edits natively in Drive. Changes in Drive are reflected automatically, keeping your policies always up to date without duplicating work.

Externally managed documents — Upload Word Documents and other externally managed files to view them directly in Openlane while retaining full editing control in the native editor of your choice.

Learn more about integrations in Openlane.</description><pubDate>Wed, 10 Jun 2026 00:00:00 GMT</pubDate><category>changelog</category><category>feature</category><category>integrations</category><category>compliance</category></item><item><title>[Blog] Confusing Frameworks with Requirements</title><link>https://www.theopenlane.io/blog/compliance-tools-frameworks-vs-requirements</link><guid isPermaLink="true">https://www.theopenlane.io/blog/compliance-tools-frameworks-vs-requirements</guid><description>Confusing Frameworks with Requirements</description><pubDate>Thu, 07 May 2026 18:00:00 GMT</pubDate><category>blog</category></item><item><title>[Changelog] Native Integrations</title><link>https://www.theopenlane.io/company/changelog/#2026-05-01-native-integrations</link><guid isPermaLink="true">https://www.theopenlane.io/company/changelog/#2026-05-01-native-integrations</guid><description>We’ve released the first set of integrations for Openlane, including support for Google Workspace, GitHub, Slack, GCP Security Command Center (SCC), and AWS.

Compliance automation only works when it reflects how teams actually operate. These integrations help bring operational data directly into your compliance program with the ability to filter out noise, focus on what matters, and turn real system context into usable evidence alongside the processes teams already rely on today.

This release is the foundation for a growing integrations ecosystem, with more providers and deeper workflows already on the way.

Learn more about integrations in Openlane.</description><pubDate>Fri, 01 May 2026 00:00:00 GMT</pubDate><category>changelog</category><category>feature</category><category>integrations</category><category>compliance</category></item><item><title>[Changelog] Major Usability Improvements to Exposure</title><link>https://www.theopenlane.io/company/changelog/#2026-04-23-exposure-updates</link><guid isPermaLink="true">https://www.theopenlane.io/company/changelog/#2026-04-23-exposure-updates</guid><description>Openlane&apos;s Exposure features now have better vulnerability and findings filters, Integrations that provide automated vulnerability and findings creation, and deeper relationships between vulnerabilities, scans, reviews, remediations, and controls. 

Openlane now provides a more holistic end to end lifecycle of what risks and exposures exist, who owns them, how they&apos;ll be remediated, what control(s) dictate those remediations, and what SLA is applied.</description><pubDate>Thu, 23 Apr 2026 00:00:00 GMT</pubDate><category>changelog</category><category>feature</category><category>compliance</category><category>exposure</category></item><item><title>[Blog] Integrations Built for Signal, Not Noise</title><link>https://www.theopenlane.io/blog/compliance-automation-integrations-vs-evidence</link><guid isPermaLink="true">https://www.theopenlane.io/blog/compliance-automation-integrations-vs-evidence</guid><description>Integrations Built for Signal, Not Noise</description><pubDate>Thu, 09 Apr 2026 20:35:05 GMT</pubDate><category>blog</category><category>compliance</category><category>engineering</category><category>soc2</category></item><item><title>[Changelog] Registry Updates: Platforms, System Details, and Better Entity Management</title><link>https://www.theopenlane.io/company/changelog/#2026-04-02-registry-updates</link><guid isPermaLink="true">https://www.theopenlane.io/company/changelog/#2026-04-02-registry-updates</guid><description>Openlane&apos;s Registry capability was expanded with new platform and system-detail objects and relationships, which allow for trust boundary definitions and association to personnel for future user access reviews and centralized system access tracking. Entities (Vendors) can be associated to platforms and systems easily, adding an additional layer of visibility surrounding what vendors you work with, what you&apos;ve bought from them, how those systems exist in your compliance landscape, and who can access them.</description><pubDate>Thu, 02 Apr 2026 00:00:00 GMT</pubDate><category>changelog</category><category>feature</category><category>compliance</category><category>registry</category></item><item><title>[Changelog] Vendor Risk Scoring</title><link>https://www.theopenlane.io/company/changelog/#2026-03-18-vendor-risk</link><guid isPermaLink="true">https://www.theopenlane.io/company/changelog/#2026-03-18-vendor-risk</guid><description>Openlane&apos;s risk workflows now include additional risk fields, risk categories and types, CSV mapping support, responsible-party improvements, and vendor risk scoring capabilities. These allow the questions you have about your vendors (like &quot;do they have a SOC2?&quot;) to be easily answered, and for you to standardize how you deal with Third Party Risk Management.</description><pubDate>Wed, 18 Mar 2026 00:00:00 GMT</pubDate><category>changelog</category><category>feature</category><category>compliance</category><category>exposure</category></item><item><title>[Changelog] Exposure View is Now Available</title><link>https://www.theopenlane.io/company/changelog/#2026-03-04-exposure</link><guid isPermaLink="true">https://www.theopenlane.io/company/changelog/#2026-03-04-exposure</guid><description>Openlane now includes a new Exposure section in the console with foundational screens for Vulnerabilities, Scans, Findings, and Remediations.

This section establishes the foundation for centralized visibility into security exposures across integrated systems. Teams will be able to review findings, track remediation activity, and connect vulnerabilities to their broader compliance program.</description><pubDate>Wed, 04 Mar 2026 00:00:00 GMT</pubDate><category>changelog</category><category>feature</category><category>compliance</category><category>exposure</category></item><item><title>[Changelog] Registry Is Now Available</title><link>https://www.theopenlane.io/company/changelog/#2026-02-24-registry</link><guid isPermaLink="true">https://www.theopenlane.io/company/changelog/#2026-02-24-registry</guid><description>Openlane now includes a unified Registry for tracking vendors, assets, and personnel.

The Registry provides a centralized source of truth for the entities that power your compliance program. Teams can document vendor relationships, associate assets with controls and frameworks, and manage personnel records, all directly connected to evidence and assessments within Openlane.

By linking vendors, systems, and people to your controls and workflows, the registry reduces duplication, improves visibility, and ensures your compliance program reflects how your organization actually operates.</description><pubDate>Tue, 24 Feb 2026 00:00:00 GMT</pubDate><category>changelog</category><category>feature</category><category>compliance</category><category>registry</category></item><item><title>[Changelog] Added Support for FedRAMP Moderate and ISO 42001</title><link>https://www.theopenlane.io/company/changelog/#2026-02-18-additional-frameworks</link><guid isPermaLink="true">https://www.theopenlane.io/company/changelog/#2026-02-18-additional-frameworks</guid><description>Openlane now supports additional compliance frameworks: FedRAMP Moderate and ISO 42001.

Organizations operating in regulated or AI-governed environments can now map controls, track evidence, and structure programs aligned to these standards directly within Openlane.

Framework support remains modular — teams can enable only what they need and manage multiple frameworks in parallel without duplicating work.</description><pubDate>Wed, 18 Feb 2026 00:00:00 GMT</pubDate><category>changelog</category><category>feature</category><category>compliance</category><category>frameworks</category></item><item><title>[Blog] How Openlane Built Its First AI Feature</title><link>https://www.theopenlane.io/blog/ai-for-compliance-how-openlane-built-ai-features</link><guid isPermaLink="true">https://www.theopenlane.io/blog/ai-for-compliance-how-openlane-built-ai-features</guid><description>How Openlane Built Its First AI Feature</description><pubDate>Tue, 17 Feb 2026 15:32:38 GMT</pubDate><category>blog</category><category>engineering</category><category>cybersecurity</category><category>openlane</category><category>AI for Compliance</category><category>soc2</category></item><item><title>[Changelog] Assessments Are Now Available</title><link>https://www.theopenlane.io/company/changelog/#2026-02-13-assessments</link><guid isPermaLink="true">https://www.theopenlane.io/company/changelog/#2026-02-13-assessments</guid><description>Assessments are now available in Openlane.

Teams can create structured assessments tied to controls and frameworks, assign ownership, collect responses, and track progress over time.

Assessments help operationalize compliance work - whether you’re preparing for an audit, reviewing vendor risk, or validating internal controls. Responses are connected directly to your program, reducing duplicate work and improving visibility across stakeholders.</description><pubDate>Fri, 13 Feb 2026 00:00:00 GMT</pubDate><category>changelog</category><category>feature</category><category>compliance</category><category>assessments</category></item><item><title>[Blog] Trust Center 101: What is a Trust Center and Should I Build One? </title><link>https://www.theopenlane.io/blog/what-is-a-trust-center-a-guide-for-growing-saas-companies</link><guid isPermaLink="true">https://www.theopenlane.io/blog/what-is-a-trust-center-a-guide-for-growing-saas-companies</guid><description>Trust Center 101: What is a Trust Center and Should I Build One? </description><pubDate>Tue, 10 Feb 2026 17:39:32 GMT</pubDate><category>blog</category><category>soc2</category><category>openlane</category><category>compliance</category><category>TrustCenter</category></item><item><title>[Changelog] Trust Center Launch</title><link>https://www.theopenlane.io/company/changelog/#2026-02-02-trust-center</link><guid isPermaLink="true">https://www.theopenlane.io/company/changelog/#2026-02-02-trust-center</guid><description>Today we’re launching the Openlane Trust Center.

The Trust Center gives organizations a structured, customer-facing view of their security and compliance posture. Teams can publish policies and supporting documentation, display framework attestations, and share materials with confidence.

This release includes:

- NDA-gated document access flows
- Customizable branding to match your organization
- Framework attestation displays for supported standards

The Trust Center is modular by design. Use it on its own, pair it with the Compliance Module, or integrate it into your existing workflows.

Trust should reflect real work — not static PDFs.</description><pubDate>Tue, 10 Feb 2026 00:00:00 GMT</pubDate><category>changelog</category><category>feature</category><category>trust-center</category></item><item><title>[Blog] Managing the Unmanageable</title><link>https://www.theopenlane.io/blog/vulnerability-management-at-scale</link><guid isPermaLink="true">https://www.theopenlane.io/blog/vulnerability-management-at-scale</guid><description>Managing the Unmanageable</description><pubDate>Thu, 05 Feb 2026 17:22:16 GMT</pubDate><category>blog</category><category>engineering</category><category>cybersecurity</category></item><item><title>[Changelog] AI-Powered Policy Generation and Control Question Drafting</title><link>https://www.theopenlane.io/company/changelog/#2026-02-03-ai</link><guid isPermaLink="true">https://www.theopenlane.io/company/changelog/#2026-02-03-ai</guid><description>We’re launching Openlane’s first AI-powered workflows.

Teams can now generate draft policies and get information about controls directly within their compliance program. The goal isn’t to replace expertise and customization, it’s to remove the friction of starting from a blank page and help first-time users with a good starting point.

AI-generated content is contextual to your organization’s structure and always editable, giving you a strong starting point without sacrificing control.</description><pubDate>Tue, 03 Feb 2026 00:00:00 GMT</pubDate><category>changelog</category><category>feature</category><category>ai</category><category>compliance</category></item><item><title>[Blog] Why DevOps Engineers Hate Compliance</title><link>https://www.theopenlane.io/blog/why-devops-engineers-hate-compliance</link><guid isPermaLink="true">https://www.theopenlane.io/blog/why-devops-engineers-hate-compliance</guid><description>Why DevOps Engineers Hate Compliance</description><pubDate>Wed, 10 Dec 2025 21:15:14 GMT</pubDate><category>blog</category><category>compliance</category><category>engineering</category></item><item><title>[Changelog] Custom Enums for Organization-Level Configuration</title><link>https://www.theopenlane.io/company/changelog/#2025-12-03-custom-enums</link><guid isPermaLink="true">https://www.theopenlane.io/company/changelog/#2025-12-03-custom-enums</guid><description>Organizations can now define custom enum values across supported fields in Openlane.

This allows teams to configure status values, categories, and other structured fields to match how they already operate — without reshaping internal processes to fit predefined options.

Openlane is built to adapt to your program, not the other way around.</description><pubDate>Wed, 03 Dec 2025 00:00:00 GMT</pubDate><category>changelog</category><category>feature</category><category>ui</category></item><item><title>[Changelog] New Homepage for Clearer Program Visibility</title><link>https://www.theopenlane.io/company/changelog/#2025-11-19-homepage</link><guid isPermaLink="true">https://www.theopenlane.io/company/changelog/#2025-11-19-homepage</guid><description>We’ve redesigned the Openlane homepage to give users immediate clarity when they log in.

The new experience surfaces relevant activity, open tasks, and key compliance metrics so teams can quickly see what needs attention.

The goal is simple: reduce friction and make compliance work easier to navigate.</description><pubDate>Wed, 19 Nov 2025 00:00:00 GMT</pubDate><category>changelog</category><category>feature</category><category>ui</category><category>compliance</category></item><item><title>[Changelog] Launched Policy Hub with Vetted Templates</title><link>https://www.theopenlane.io/company/changelog/#2025-11-12-policy-hub</link><guid isPermaLink="true">https://www.theopenlane.io/company/changelog/#2025-11-12-policy-hub</guid><description>We’re introducing the Openlane Policy Hub — a curated collection of vetted policy templates designed to help teams move faster.

Instead of starting from a blank page, organizations can now begin with practical, real-world policy foundations and adapt them to their environment.

The templates are maintained openly at https://github.com/theopenlane/policy-hub and are built to be improved collaboratively over time.</description><pubDate>Wed, 12 Nov 2025 00:00:00 GMT</pubDate><category>changelog</category><category>feature</category><category>compliance</category></item><item><title>[Changelog] Expanded SSO Support: Microsoft Entra ID and Generic OIDC</title><link>https://www.theopenlane.io/company/changelog/#2025-11-11-sso-entra</link><guid isPermaLink="true">https://www.theopenlane.io/company/changelog/#2025-11-11-sso-entra</guid><description>We’ve expanded Single Sign-On (SSO) support in Openlane.

In addition to existing providers — GitHub, Google Workspace, Okta, OneLogin, and Slack — organizations can now connect Microsoft Entra ID or any Generic OIDC provider.

This gives teams more flexibility to integrate Openlane with their existing identity infrastructure while maintaining centralized authentication and access controls.</description><pubDate>Tue, 11 Nov 2025 00:00:00 GMT</pubDate><category>changelog</category><category>feature</category><category>auth</category><category>sso</category></item><item><title>[Changelog] Initial Release of the Compliance Module</title><link>https://www.theopenlane.io/company/changelog/#2025-10-28-compliance-release</link><guid isPermaLink="true">https://www.theopenlane.io/company/changelog/#2025-10-28-compliance-release</guid><description>Today we’re launching the Openlane Compliance Module — the foundation for building and managing a structured, sustainable compliance program.

This release introduces controls, programs, evidence tracking, framework mapping, and organizational scoping. Openlane now supports SOC 2, HIPAA, PCI DSS, ISO 27001, NIST CSF, NIST 800-53, and GDPR, allowing teams to manage one or multiple frameworks in a single, connected system without duplicating work.

The Compliance Module is built on top of Openlane’s core security and identity architecture, including:

- Authentication via SSO, social login, passkeys, and traditional credentials
- Support for SSO integrations and MFA enforcement
- Fine-grained permissions
- Group-based access controls
- and more

Compliance is ongoing work, not a point-in-time report, and this module is designed to support the real structure behind your program.</description><pubDate>Tue, 28 Oct 2025 00:00:00 GMT</pubDate><category>changelog</category><category>feature</category><category>compliance</category><category>frameworks</category></item><item><title>[Blog] The Hidden Costs of ‘Compliance-in-a-Can’ Solutions: Democratization’s Dark Side</title><link>https://www.theopenlane.io/blog/democratizations-dark-side</link><guid isPermaLink="true">https://www.theopenlane.io/blog/democratizations-dark-side</guid><description>The Hidden Costs of ‘Compliance-in-a-Can’ Solutions: Democratization’s Dark Side</description><pubDate>Mon, 29 Sep 2025 16:40:11 GMT</pubDate><category>blog</category><category>compliance</category><category>soc2</category></item><item><title>[Blog] SOC 2: A Practical Guide for Growing Companies</title><link>https://www.theopenlane.io/blog/soc-2-a-practical-guide-for-growing-companies</link><guid isPermaLink="true">https://www.theopenlane.io/blog/soc-2-a-practical-guide-for-growing-companies</guid><description>SOC 2: A Practical Guide for Growing Companies</description><pubDate>Fri, 15 Aug 2025 13:47:56 GMT</pubDate><category>blog</category><category>compliance</category><category>soc2</category></item><item><title>[Blog] The Compliance Barrier: Why SOC 2 Is Essential for Success</title><link>https://www.theopenlane.io/blog/the-compliance-barrier-why-soc-2-is-essential-for-success</link><guid isPermaLink="true">https://www.theopenlane.io/blog/the-compliance-barrier-why-soc-2-is-essential-for-success</guid><description>The Compliance Barrier: Why SOC 2 Is Essential for Success</description><pubDate>Tue, 20 May 2025 17:20:06 GMT</pubDate><category>blog</category><category>soc2</category><category>cybersecurity</category><category>news</category></item><item><title>[Blog] From 10 Seconds to 400ms: Optimizing GraphQL and Infrastructure at Openlane</title><link>https://www.theopenlane.io/blog/from-10-seconds-to-400ms-optimizing-graphql-and-infrastructure-at-openlane</link><guid isPermaLink="true">https://www.theopenlane.io/blog/from-10-seconds-to-400ms-optimizing-graphql-and-infrastructure-at-openlane</guid><description>From 10 Seconds to 400ms: Optimizing GraphQL and Infrastructure at Openlane</description><pubDate>Mon, 21 Apr 2025 22:00:00 GMT</pubDate><category>blog</category><category>engineering</category><category>performance</category><category>authz</category><category>graphql</category></item><item><title>[Blog] Navigating the Labyrinth of Cybersecurity Standards</title><link>https://www.theopenlane.io/blog/navigating-the-labyrinth-of-cybersecurity-standards</link><guid isPermaLink="true">https://www.theopenlane.io/blog/navigating-the-labyrinth-of-cybersecurity-standards</guid><description>Navigating the Labyrinth of Cybersecurity Standards</description><pubDate>Thu, 20 Feb 2025 23:00:00 GMT</pubDate><category>blog</category><category>compliance</category><category>soc2</category><category>cybersecurity</category></item><item><title>[Blog] A Welcome From Our CEO Kelsey Waters</title><link>https://www.theopenlane.io/blog/a-welcome-from-our-ceo-kelsey-waters</link><guid isPermaLink="true">https://www.theopenlane.io/blog/a-welcome-from-our-ceo-kelsey-waters</guid><description>A Welcome From Our CEO Kelsey Waters</description><pubDate>Wed, 30 Oct 2024 22:00:00 GMT</pubDate><category>blog</category><category>news</category><category>compliance</category><category>openlane</category></item></channel></rss>