Unicis Platform March 2026 Release: Controls Mapping, Notifications & REST API
March has been a productive month for the Unicis Platform. We're shipping two releases — on March 7 and March 31 — that together bring cross-framework Controls Mapping, a fully documented REST API, real-time notifications, three new compliance frameworks, and a range of security improvements and bug fixes.
🗺️ Release 1 — Controls Mapping (March 7, 2026)
Major Update: Controls Mapping
One of our most-requested features is now live: Controls Mapping across multiple frameworks and standards.
Security and compliance teams often work across several overlapping frameworks simultaneously — ISO 27001, GDPR, NIST, NIS2, MVSP, and more. Understanding how controls relate to each other has historically been a manual, error-prone effort.
With this release, the Unicis Platform makes that work visual, structured, and actionable:
- Mapped control count — see at a glance how many controls are linked between frameworks
- Detailed relationship view — explore the specific connections between individual controls across standards
- Linked tasks — immediately see which tasks are tied to mapped controls, connecting compliance evidence to framework obligations
A new Controls Mapping Matrix gives teams a full visual overview of the mapping status between any two frameworks or standards — making it easy to spot gaps, overlaps, and shared coverage without toggling between spreadsheets.
Explore supported framework mappings in our Frameworks documentation.
New Features
Tasks
- Export tasks in HTML, PDF, Excel, and CSV formats — share evidence with auditors or stakeholders in the format they need
- Bulk import via Excel or CSV with task template support — standardize recurring compliance activities and onboard new frameworks faster
Cybersecurity Management System
- The Statement of Applicability (SoA) can now be exported in HTML, PDF, and Excel directly from the platform, keeping it in sync with your control selections without any manual rebuild in external tools
Security
- Updated Prisma and Next.js to their latest stable versions
Fixes
- Fixed issues affecting Cybersecurity controls selection
- Updated platform pricing display
- Fixed issues in the Risk Management dashboard
With Unicis, you can manage tasks for security, privacy, and compliance team in one place.
Collaborate across multiple teams on gap analysis, procedure registers, transfer impact assessments, risk management, and AI assistance.
Get compliant in weeks, not months.
🔔 Release 2 — Notifications & REST API (March 31, 2026)
Major Update: Notifications
Staying on top of compliance work now happens automatically. A new in-app notification bell keeps users informed with a real-time unread count. Notifications are also delivered over email and web push channels, with per-user preferences giving each team member full control over what they receive and how.
Notifications cover the following events — each independently configurable per channel (in-app, email, push):
- Task due
- Task created
- Task updated
- Task commented
- Task deleted
- File uploaded
Major Update: REST API
The Unicis Platform REST API is now officially documented and production-ready.
An OpenAPI 3.0 specification is accessible via Swagger UI at /api-docs. API access is secured via Bearer Token authentication — keys can be generated in Team Settings. All endpoints follow a consistent JSON response envelope:
{ "data": ..., "error": null }
The API covers the full breadth of the platform's core modules:
| Module | Description |
|---|---|
| Tasks | Create, read, update, and manage compliance tasks |
| Cybersecurity Controls (CSC) | Access and manage cybersecurity control data |
| Risk Management | Read and update risk register entries |
| PIA | Privacy Impact Assessment records |
| RPA | Records of Processing Activities |
| TIA | Transfer Impact Assessments |
| API Keys | Manage API key lifecycle programmatically |
| AI Chatbot | Integrate AI-assisted compliance guidance into your workflows |
Webhooks: task.due_date event
A new webhook event fires whenever a due date is set or changed on a task — enabling downstream automation such as reminders, project tool sync, or dashboard updates.
New Frameworks
- OWASP ASVS v5 — Application Security Verification Standard for web application security testing. More details OWASP ASVS.
- PCI DSS v4.0.1 — Payment Card Industry Data Security Standard, latest revision. More details on PCI DSS.
- ISO/IEC 42001 — AI Management System Standard for responsible AI governance. More details on ISO/IEC 42001.
Security
- Bearer token verification: expiration checks and team-scoped access enforced on all API calls
- SBOM (Software Bill of Materials) generated and published — supporting supply chain transparency and CRA-readiness
- SAST scan on Bearer token handling — vulnerabilities reviewed and resolved
npm audit fixapplied across all dependencies
Fixes
- Fixed Team Create button missing from the Teams interface
- Fixed Billing modal:
country (en)key returning an object instead of a string
What's Next
With Controls Mapping live and the REST API open, we're focused on deeper integrations, automated gap detection, expanded framework coverage, and more notification and webhook event types. Follow our progress and share your ideas on the public roadmap.
Star us on GitHub to support our open-source journey and stay updated with the latest releases!
Thank you for being part of the Unicis community. If you have questions or want to explore the new API with your team, reach out via Discord or contact us directly.