Continuous Control in Action: New API and Integration Updates from IO

By John Whiting • 12 November 2025

When we first launched our Public API in 2024, it opened the door to a new era of flexibility and automation for our customers. For the first time, organisations could connect IO directly to the wider ecosystem of tools they already used, pulling, pushing, and analysing compliance data in real time.

Fast forward to today, and that vision has taken a huge leap forward. Over the past few weeks, we’ve rolled out major API enhancements, improvements to some of our native integrations and workflows, and our first Control Performance Monitors. Together, they’re transforming how organisations automate evidence collection, track risks, and maintain a live view of their security posture.

How Our Public API Has Evolved

Our first Public API release gave customers the ability to automate core ISMS workflows from logging incidents and managing assets to synchronising vulnerability data. You could quickly connect IO to platforms key to your business, reducing duplication and saving hours of manual effort.

Now, we’re building on that foundation with a set of new API endpoints that go even deeper, making it easier than ever to manage tasks, track risks, and create richer, more dynamic reports in your preferred analytics tools.

Deeper API Insights for Smarter Compliance

To-Do API Endpoint – Real-Time Visibility into Tasks

You can now pull all To-Dos assigned to the current user through the API (documentation available here).

This provides a complete, up-to-date picture of who’s responsible for what and how those actions are progressing. Whether you feed this into Tableau, Power BI, or your own dashboard, it’s a simple way to visualise workloads, monitor bottlenecks, and keep compliance momentum high.

Enhanced Risk API Endpoint – Bringing Context and Ownership Together

Our Risk endpoint has been expanded with even more valuable information, including risk owner, reference ID, and last updated date (documentation available here).

This means you can now connect risks to specific individuals and departments, rather than abstract categories.

One of our customers is already using this enhanced endpoint to feed data into Tableau dashboards. They can now see exactly who owns each risk, when it was last reviewed, and how it aligns with ongoing mitigation work, all outside of IO, alongside wider operational data.

To discover more about our API, visit: https://ismsonline.stoplight.io/

Compliance That Clicks Across Every Channel

Our vision for integration doesn’t stop at APIs. We’ve continued expanding our suite of native integrations, bringing critical compliance updates directly into the tools your teams already use every day.

Here’s What’s New

Microsoft Teams Notifications for Policy, Audit, and Management Review Updates

These new notifications extend our existing Teams capabilities beyond Risks and Tracks. You’ll now be alerted in real time when a policy is updated, an audit advances, or a management review moves to the next stage, keeping everyone aligned and informed.

Project Notifications via Microsoft Teams

Get updates instantly when project activities are assigned or when their status changes (Open, Awaiting Approval, Approved, Completed). No more chasing updates or digging through emails, your compliance actions now live right where collaboration happens.

Create Track Items from Jira

Our Jira integration is now two-way. Update the status of a Jira Issue to automatically create a Track Item in IO, and when that Track Item progresses, it can send a status update back to Jira.

This tight connection between these workflows ensures your audit trail remains consistent and your teams stay in sync.

Control Performance Monitors: From Policy to Proof

Another major milestone in recent weeks has been the launch of our first Control Performance Monitors, starting with Microsoft Entra and Microsoft Intune, released on the 27th of October 2025. These integrations mark a new stage in our Continuous Control journey, bringing live assurance directly into IO.

Many modern organisations rely heavily on the Microsoft 365 ecosystem to manage identity, access, and device compliance. With these new integrations, IO now seamlessly connects with Microsoft Entra and Intune, turning those everyday operational signals into automated evidence of control performance.

Microsoft Intune: Continuous Endpoint Compliance

Microsoft Intune is Microsoft’s endpoint management solution, ensuring that company devices, from laptops to mobiles, meet required security and configuration standards.

Within IO, Intune now provides live compliance data for devices, automatically evidencing controls such as ISO 27001 control 8.1 (User endpoint devices).

Instead of manually checking encryption status, OS patching, or screenshots for auditors, customers can see in real time whether their devices remain compliant. This delivers ongoing assurance that endpoint controls are enforced and functioning as intended.

Microsoft Entra: Live Identity and Access Assurance

Microsoft Entra governs identity and access management, managing authentication, conditional access, and MFA enforcement.

Within IO Entra feeds live authentication and MFA compliance data directly into the platform, helping organisations continuously demonstrate compliance with ISO 27001 controls 5.17 (Authentication), 8.27 (Identity management), and 8.28 (Access control).

This integration enables customers to instantly verify whether robust access controls are in place, eliminating the need for manual evidence gathering or spreadsheets. It’s proof, not promise, ensuring that your critical identity controls are always verified and up to date.

You can now automatically demonstrate that your key security controls, from device encryption to multi-factor authentication, are working continuously, not just at audit time.

It’s the perfect embodiment of our Continuous Control philosophy: real-time data, automated evidence, and constant confidence in your compliance posture.

Why These Releases Matter

Every new endpoint, integration, and monitor we deliver brings us closer to a world where compliance isn’t static or reactive; it’s connected, continuous, and helping you to build resilience within your business.

With these updates, customers can now:

Automate repetitive tasks like evidence logging and status updates
Centralise risk and action data for faster, smarter decision-making
Prove control performance continuously, not periodically
Save hours of manual reporting while strengthening their compliance posture

What’s Next: Expanding the Ecosystem

We’re already working on additional endpoints to unlock even deeper automation and new native integrations, as well as broadening our Control Performance Monitor offering with more integrations that support the tools essential to your business.

Experience Continuous Control for Yourself

If you’re ready to see these integrations in action and experience how IO can simplify, automate, and strengthen your information security, book a demo with our team today.

John Whiting

John is Head of Product Marketing at ISMS.online. With over a decade of experience working in startups and technology, John is dedicated to shaping compelling narratives around our offerings at ISMS.online ensuring we stay up to date with the ever-evolving information security landscape.

Introducing a New Enhanced Navigation: A Faster, Cleaner Way to Work in IO

IO is evolving again, this time with a major upgrade you’ll feel the moment you log in. We’re introducing a brand-new, enhanced navigat...

John Whiting

Cyber security 28 October 2025

continuous control made simple intune and entra now in isms.online banner

Continuous Control Made Simple: Intune and Entra Now in IO

At ISMS.online (IO), our mission is simple. To make information security management effortless. And that means helping you stay compliant not just ...

John Whiting

Cyber security 21 July 2025

New from ISMS.online: Teams-Based Risk Alerts and ARM Certification Tracking – Compliance Just Got More Connected

At ISMS.online, we believe compliance should work with your business, not against it. That’s why we continue to develop features that simplify day-...

John Whiting