> For the complete documentation index, see [llms.txt](https://intuitem.gitbook.io/ciso-assistant/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://intuitem.gitbook.io/ciso-assistant/product-docs/features/comments.md). # Comments Comments are short, dated, author-attributed notes attached directly to an object. They're the place for the back-and-forth that happens while work is in progress — clarifications, follow-up questions, agreed next steps — without touching the object's formal fields, status, or score. The panel is **collapsed by default** and shows the comment count next to the **Comments** heading, so it stays out of the way until you open it. ## Where comments appear A comment is always attached to exactly one object. Comments are supported on: | Object | Where you find the panel | | -------------------------- | ----------------------------------------------------------------- | | **Requirement assessment** | On the requirement detail and the respondent-mode assessment view | | **Risk scenario** | On the risk-scenario detail page and its edit form | | **Applied control** | On the applied-control detail page | | **Finding** | On the finding detail page | ## Anatomy of a comment Each comment carries: * a **body** (free text), * an **author** (the user who posted it), * a **creation timestamp**, shown as relative time ("just now", "5 minutes ago") and as a full date once it ages, * an **active / processed** state. Comments are ordered oldest-first, so a thread reads top to bottom like a conversation. Write in the composer at the bottom and **Post** — or press **Ctrl+Enter**. ## Processed vs. active Every comment is **active** when posted. Once a thread is resolved, its author can **Mark as processed** (and **Mark as active** to reopen it). Processed comments stay in the history but can be filtered out of the default view: when a thread has processed comments, a **Hide processed** / **Show processed (n)** toggle appears in the panel header. This keeps long threads readable — settled points collapse away without being deleted. ## Edited comments Comments can be edited by their author. The first time a comment's body actually changes, it's flagged as **edited**, and that marker stays on the comment from then on — so the thread always reflects when wording was changed after the fact. The original posting is what other participants saw; the **edited** tag tells them it was revised. ## Who can do what | Action | Who | | ---------------- | ----------------------------------------------------------------------------------------------------------------- | | Post a comment | Anyone with comment access in the object's [domain](/ciso-assistant/product-docs/concepts/foundations/domains.md) | | Edit a comment | The author only | | Delete a comment | The author, or an administrator | Respondents and auditees can post, edit, and delete their **own** comments on the objects they're assigned, so the discussion is two-way. ## Author privacy in respondent mode Comments are author-attributed, but a participant only sees an author's name and email if they're allowed to see that user. Third-party respondents and auditees have no access to the user directory, so for any comment they didn't write themselves the author is shown as the **Client name** configured in [branding settings](/ciso-assistant/product-docs/configuration/settings/branding.md), falling back to `***` when none is set. Their own comments still appear under their own name — internal reviewers' identities never leak into the third-party view. ## Enabling comments * The **comments** [feature flag](/ciso-assistant/product-docs/configuration/settings/feature-flags.md) is the master switch (default **on**). When off, the panel disappears from every object. * On audits, **Comments** is also a [field-visibility](/ciso-assistant/product-docs/guides/assessments/customize-audit.md) option — per audit you can make the thread visible to respondents, auditor-only, or hidden. This lets you keep comments enabled platform-wide while still hiding the discussion from third-party respondents on a sensitive audit. ## Related * [Audits](/ciso-assistant/product-docs/concepts/compliance/audits.md) — comments in the audit workflow * [Assignments / respondent mode](/ciso-assistant/product-docs/features/assignments.md) — the third-party review flow comments support * [Branding](/ciso-assistant/product-docs/configuration/settings/branding.md) — sets the **Client name** used as the masked-author label * [Feature flags](/ciso-assistant/product-docs/configuration/settings/feature-flags.md) — the **comments** switch --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://intuitem.gitbook.io/ciso-assistant/product-docs/features/comments.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.