Naq Product Update 2026

We listened to your feedback and rebuilt Naq from the ground up.

Your feedback shaped every decision in the rebuild of Naq. Below you'll find each concern you raised, alongside the specific capabilities we've built directly in response. This isn't a roadmap - it's already in the platform and we can't wait to show you.

01 - What we changed

You told us. Here's what we built.

Six themes emerged from your feedback. For each one, the concern you raised sits beside the specific capability now live in the platform.

Reporting Suite

You said

Visibility at every level

A consistent need for organisational-level insight into risk, compliance status, and incidents - with control over who gets informed and when.

Leadership reportingAlert managementStatus visibility

We built

✓Real-time progress, exportable evidence & smart notifications

Framework progress always visible - real-time completion % per standard
Risk register with 5×5 scoring and four clear rating bands (Low → Critical)
Incident and CAPA status tracked across the full lifecycle
Smart notifications: per-user controls for alerts, mentions & deadlines
PDF & DOCX export on documents, controls and evidence packages

Onboarding & Time-to-Value

You said

Getting to value, faster

Users wanted a shorter path from sign-up to working compliance programme - with structured guidance, templates, and clear progress from the start.

Guided setupTemplatesProgress clarity

We built

✓Pre-mapped controls, guided journeys & instant status

OCR document uploader and reader enabling automated onboarding of existing policies and procedures
Naq-managed control library pre-mapped to frameworks - start with a baseline, not a blank canvas
Each adopted framework becomes a live compliance programme from day one
Employee Portal auto-provisions training and document acknowledgement flows
Framework progress tracker shows exactly where you are and what remains
Naq Assistant provides instant summaries - no trawling to understand status

User & Access Management

You said

Self-serve without support tickets

Managing users and access should not require raising a ticket. Teams needed autonomy over their own people, tools, and access controls.

Self-serve adminAccess controlReduced friction

We built

✓Full People lifecycle management & vendor access tracking

People & Teams module: full employment lifecycle - active, leave, deactivated
Teams as first-class entities - assign ownership without single-person dependency
Vendor Access section: track per-user access levels and MFA status per SaaS tool
Account-level MFA toggle marks all users enabled in one action
DPA obligation tracking flags GDPR gaps proactively - no support ticket needed

UI/UX Improvements

You said

From repository to workflow tool

The platform was experienced as passive and document-heavy. Users wanted an active, guided experience that reduced cognitive load and surfaced what to do next.

Workflow-drivenReduced cognitive loadProgress indicators

We built

✓Status-aware, action-driven design across every module

Flow Engine governs every entity lifecycle - state, owner, and next action always visible
Controls link directly to evidence, risks, and frameworks - one place, not many tabs
CAPA lifecycle: root cause → corrective action → effectiveness review, step by step
Notification system surfaces exactly what needs attention and when
Human-readable IDs (e.g. SE-RSK-001) make every record instantly referenceable

Notifications, Version Control & Transparency

You said

Stay informed without chasing

The most consistent theme across all feedback: users should be automatically informed of changes, updates, and decisions - not left to discover them.

Proactive alertsChange transparencyVersion history

We built

✓Proactive notifications, semantic versioning & immutable history

Smart notifications: approval requests, assignments, state changes and deadlines - in-app and email
Semantic versioning (Major.Minor.Patch) reflects the nature of every document change
Immutable audit trail: every edit, approval and comment timestamped and attributed
Enforced review schedules - documents cannot go stale unnoticed

Compliance Scope & Localisation

You said

Beyond a single framework or jurisdiction

Customers operating across multiple regulations or outside the NHS/UK context needed broader framework coverage and the flexibility to define their own compliance pathways.

Multi-frameworkInternationalCustom pathways

We built

✓Multi-framework, multi-jurisdiction, fully configurable

Multi-framework workspace: ISO 27001, NHS DSPT, DCB0129, Cyber Essentials and more
Frameworks are first-class citizens - adopt any standard, map shared controls across all
Custom controls supplement the Naq-managed catalogue for organisation-specific needs
Enable multiple instances of the same framework so distinct scopes or products can be managed independently.

02 - Spotlight

The platform, module by module.

Eight capabilities working as one connected system. Each one is live in the platform today - short walkthroughs below.

Onboarding & Time-to-Value

Getting to value, faster. A shorter path from sign-up and migration to working compliance programme - with structured guidance, templates, and clear progress from the start.

OCR upload reads existing policies & procedures automatically
Pre-mapped control library - start with a baseline
Live compliance programme from day one
Auto-provisioned training & document acknowledgement flows
Progress tracker shows where you are & what's left
Instant status summaries - no manual trawling

Multi-Framework GRC

Run every standard you care about from a single workspace, with shared controls mapped across frameworks so nothing gets done twice.

ISO 27001, NHS DSPT, DCB0129, Cyber Essentials & more
Shared control mapping eliminates duplication
Real-time progress tracking per framework
Multi-framework workspace - one source of truth

Risk, Safety & CAPA

A unified risk and hazard practice with full incident logging and CAPA workflows that close the loop from root cause to corrective action.

5×5 Likelihood × Impact risk scoring
Full DCB0129 hazard log with Cause modelling
Unified Incident log covering multiple compliance event types
Linked CAPA closes loop from root cause to fix

Document Lifecycle

Every policy and procedure moves through a controlled workflow with semantic versioning and enforced reviews - no stale documents.

Draft → Submitted → Approved workflow
Semantic versioning (Major.Minor.Patch)
Scheduled review dates - no stale policies
PDF & DOCX export linked to controls & frameworks

Compliance Training

Structured courses, assessments and renewal cycles tracked per employee - and tied back to controls as evidence of competence.

Structured courses with quiz-based assessment
Completion & expiry tracking per employee
Automatic renewal cycles on expiry
Linked to controls as evidenced competence

Asset Registry

One place for people, devices and vendors - with proactive gap flagging for DPAs and access controls.

People, devices & vendors
Vendor DPA gap flagging for GDPR compliance
Per-user MFA & access tracking on SaaS tools
Full device lifecycle - procurement to disposal

AI Assistant

On-demand summaries and evidence evaluation across your programme - answers in seconds, without ever touching the formal record.

On-demand summaries of controls, risks & incidents
Evidence evaluation removes guesswork
Instant compliance status answers - no record trawling
Read-only advisory - never alters formal records

Connected by Design

Every entity links to every other - risks to controls, incidents to CAPA, evidence to frameworks - a live compliance knowledge graph.

Related entities link to each other across the platform
Risks linked to controls - gaps surfaced automatically
Incidents spawn CAPA, link to risks & evidence
A live compliance knowledge graph - not silos

03 - Frameworks supported

Adopt any standard. Map shared controls across all of them.

Frameworks are first-class citizens in Naq. Add the standards your customers and regulators care about, then run them in parallel without duplicating evidence or controls.

GDPR

Data protection

Cyber Essentials

UK baseline

Cyber Essentials Plus

Audited baseline

DSPT

NHS data security

DTAC

Digital health compliance

DCB0129

Clinical risk — manufacturer

ISO 27001

Information security

ISO 9001

Quality management

Custom frameworks

Your own standards

More coming soon…

04 - Roadmap

Where the platform is heading.

Shipped

Requirement focussed workflows
Full traceability across all entities
New and improved UI

In beta

Google Workspace integration
Microsoft 365 integration
Expanded AI import functionalities

Integrations for AWS, Azure, Slack & more
AI enhanced internal auditing tools
Business focussed configurability

See it in action

See Naq on your own data.

The team will be in touch to show you around.