RuleSafe FAQsClick on each question to view answer, or select 'Expand all'
Refresh the page to close all opened sections again
Expand all Collapse all
- What is RuleSafe Compliance Management Centre?
RuleSafe is an enterprise Governance, Risk and Compliance solution that helps organisations of all sizes to implement, improve and maintain compliance; by communicating, enforcing and measuring employee awareness and conformance with the company’s internal policies and procedures, and external regulations and standards. Utilising the latest Microsoft technologies, the RuleSafe core application manages a database of policies, standards and guidance in the form of ‘structured information’. Unlike other paper and web-based sources of compliance documentation, RuleSafe’s information structure means that users can more easily locate the policies and supporting guidance they need to comply with, and places the user at the centre of a personalised compliance framework where they can instantly identify everything they need to do in order to comply with the organisation’s rules. The RuleSafe core also features automated workflow driven compliance processes, linked to email and web channel messaging and alerts, RSS news feeds and a comprehensive compliance testing regime; including employee knowledge tests, audit scorecard reporting and control assessments. RuleSafe also includes a document management system, a multimedia e-learning platform and a quiz module to validate the users’ awareness and understanding of your policies. This functionality is combined with dashboard reporting to drive your compliance initiatives. All of these features interwork to deliver the most comprehensive and flexible solution in its class.
- What is RuleSafe Risk Management Centre?
RuleSafe Risk Management Centre replaces the arduous task of sending and collating Spreadsheet / paper based risk management processes. The risk management centre is highly configurable to your requirements and your risk methodology. It incorporates; an asset / risk register, assessment tools, action plans, dashboard reporting and risk trending. The Risk Classification Register defines classes of assets and risk areas e.g. systems, information, buildings, financial, regulation. The Asset / Risk register Master is a central database of all recorded assets/risks and asset/risk types along with assigned owners and organisational structure attributes. The RuleSafe assessment tools convert any paper-based assessment into online assessment tools and deploy across the enterprise. You can add weightings and offsets to take account of relative importance of each question and risk rating entered (e.g. questions and responses on regulatory issues can be given higher prominence in the final scoring). Also included is an automatic mathematical integrity check on each completed assessment. A Risk remedial action planning is incorporated into the assessment process. Risk remedial action planning is incorporated into the assessment process. Consolidated graphical reports with detailed drill-down views show the Risk Status of current assessments and historical data. The historical data is used to calculate risk trending, demonstrating the direction of specific risk types.
- What does RuleSafe do?
RuleSafe serves as a single, searchable, repository of policies, procedures, standards and other compliance or risk management documents that are held as 'structured information' and linked to metadata in such a way that each item of information can be linked to people, their job roles, organisational attributes and other concepts that allow compliance and risk information, tasks and report data to be cross-referenced with people, processes, assets and business units to deliver a comprehensive GRC framework for managing all risks and compliance-related activities across the organisation.
- Why do I need RuleSafe?
It’s all about people and processes. You only need open a newspaper to see how many major data security breaches, IT failures and regulatory problems there are. Nowadays, the old question of “could we suffer an incident?” has been replaced by “when will we suffer an incident?” followed by; “how costly or damaging will it be?” But this is not a time for complacency. The realisation that we cannot prevent all incidents from happening should not be allowed to keep us from doing whatever we can to minimise the possibilities for future breaches to occur, and putting effective controls and procedures in place to minimise the cost and disruption of any incident that does happen. Let us take a look at what we mean by terms like ‘cost’ and ‘disruption’ in the context of today’s economic and regulatory landscape: In 2007 Nationwide Building Society was fined nearly £1m for the loss of a laptop containing confidential customer information. Later the same year HM Revenue & Customs lost a poorly protected disk containing over 25 million personal records of UK child citizens. More recently there have been hundreds of similar data loss incidents involving the loss of millions of personal and sensitive business records across many sectors, but principally public sector health, local government, and national defence. Recent high profile cyber-attacks, compliance failings have included RSA, Epsilion, Sony, HSBC (NHFA), Bank of Scotland, Coutts and Willis to name a few. The Poynter Report in the wake of the HMRC fiasco highlighted a number of key human and management issues, contributing to institutional deficiencies regarding security, such as a “lack of ownership and accountability” for sensitive information; a “lack of security education and awareness”; and the fact that guidance “should be simplified, shortened and made more accessible”. Looking at the many similar ‘aftermath’ reports from the other major publicised incidents, we can see similar findings and criticisms emerge in almost all cases. In the finance sector, increasing fines and regulatory sanctions are being levied against companies that fail to adequately address data security, while major breaches of personal data in the public sector leads to deterioration in public confidence and a growing mistrust of government by its citizens and foreign counterparts. In all cases the results are damaging and costly in more ways than mere monetary ones. In summary: the ability (or otherwise), to create, communicate, enforce and monitor employees’ compliance with a readily understandable set of core policies and procedures remains the lynchpin of organisational Governance, Risk and Compliance.
- When should I consider deploying it?
"2012: The year of living dangerously:"
The increasing impact of the global credit crisis is causing an inevitable increase in crime and inappropriate behaviour generally, but also a commensurate rise in e-crime, scams and computer-related fraud. As jobs are lost or threatened, the incidents of information theft or sabotage are increasing - along with the likelihood that sacked or dismissed employees will seek compensation via employment tribunals or similar routes. This scenario combined with the increase in cyber-attacks and loss of data through lack of awareness and increasing regulatory requirements is creating an ever increasingly hostile environment for compliance, risk and security professionals.
Good management of Governance, Risk and Compliance (GRC) regarding employees, third parties and the assets to which they have access are vital to (i) minimising the risk of information loss and (ii) ensuring a successful legal outcome for an organisation that must either take, or defend, an action involving employee, contractor or third party wrongdoing or negligence. This in turn demands that the organisation is able to prove it has followed best practice and taken due care to demonstrate the following: Clear and up-to-date policies and supporting guidance have been communicated to employees; Training and job-relevant guidance have been given to employees and routinely repeated and updated to ensure they remain aware, vigilant and in possession of the latest information; Verify that employees are aware of, and have formally acknowledged their accountability for: (a) adhering to the relevant policies and procedures, and (b) safeguarding specific assets or information for which they are the designated owner or custodian Employees have been knowledge-tested to ensure they fully comprehend policies and what is expected of them in their job; An effective framework for assessing and managing risks and monitoring compliance is in place and integrated with the entire operation of the business, in particular those areas identified as presenting the highest risks. Doing all of this cost-effectively, routinely and updating everything in near real-time requires a comprehensive GRC framework that ties together policy creation & communication + accountability, validation & ownership + risk management & reporting. Doing all of this manually, using simple paper-based or web-based documents is no longer a sufficiently cost-effective, quick or flexible means of managing governance, risks and compliance in organisations. Your time is money – so streamlining and automating your GRC operation will save you both time and money.
- Where is it installed and managed?
RuleSafe delivers a ready-made, out-of-the-box Governance, Risk & Compliance management framework. Available in three package versions to suit different sized organisations: RuleSafe Enterprise: Onsite GRC solution for organisations of 250+ users. Deployed on your existing intranet IIS and SQL servers. Annuity licensing with bundled installation, training, support and 4 major functional upgrades per year included. PoliServer Appliance: a ready-to-go 1U server package preinstalled with the latest version of RuleSafe, SQL Server database, sample policy sets and templates and a collection of free management and monitoring tools. Includes 12 months secure automated backup service. PoliServer Appliance is the quickest way to get your GRC programme online and delivering results. RuleSafe SME: Secure private hosted SaaS version of RuleSafe, database, tools and resources, putting your employees on line and getting them ‘in line’ today! Suitable for SME organisations of 50 to 250 employees, RuleSafe SME is the most cost-effective and comprehensive GRC solution in its class. Pricing starts from just USD$3 /£2 per user, per month – including email support and regular updates service.
- How does RuleSafe deliver a return-on-investment (ROI)?
RuleSafe is an information management framework that encourages the owners of internal policies and standards to present their policies as ‘structured information’ when they author or publish their policies using the RuleSafe framework. The value and ROI savings of structured information are multiple: Firstly, having structured the information once within the RuleSafe knowledge framework; the information becomes searchable and can be more easily cross-referenced to relevant supporting standards and external compliance targets – as well as to policies covering other risk stakeholder areas. This means that employees can quickly find (or be automatically served with) all of the information relevant to them, in a uniform and easy to understand format - rather than, in a haphazard fashion, one subject at a time, or having to waste effort trawling through numerous internal sites or sources looking for everything they need. Second, the costs associated with maintaining and updating structured information are significantly lower than with unstructured or disparate sources of information. This is particularly true when we multiply cost savings across all of the risk areas of a business. In other words the time and effort of maintaining, updating and promoting a single risk management document set (RMADS), multiplied by all the policy or risk areas throughout the organisation such as Information Security, Data Protection/Privacy, IT Policies & Standards, Health & Safety, HR Policy, Legal, Regulatory etc. The greater the quantity of information managed – the more pronounced the cost savings become. Thirdly, structured information in the form of policies, standards, awareness and knowledge test materials, can be more efficiently managed as a collaborative responsibility. For example, RuleSafe is built around a 5-level authorisation structure that allows a risk stakeholder (e.g. the policy owner) to delegate the responsibility for authoring changes or additions to the policy to a more junior or contracted worker, but still retaining overall control of the review and publication status of the documentation. Features allowing secure online collaboration and review of draft policies and standards, with automatic notification of changes and updates to all parties involved; removing the need for numerous meetings or manually chasing reviewers for input or approval or documents. Some of the biggest cost savings and maximum ROI arises from the combined effects of these collaborative benefits. Probably the most difficult element to measure from an ROI perspective is your organisation’s reputation which in the current economic environment can be a dynamic business advantage. For further information on other areas that produce ROI please contact us.
- Who typically uses it?
RuleSafe is used by Public and Private sector organisations and business units of any size from SMEs with a hundred users to Enterprises with hundreds of thousands of users. RuleSafe is a web based platform with modules that provide solutions for Risk and compliance. Typically it is used by entities that wish to improve their compliance and risk cultures and processes, boost productivity and efficiency and reduce costs. RuleSafe is used to automate risk and compliance processes, reduce data, compliance and security breaches while increasing quality and productivity across the organisation.
Compliance Teams use RuleSafe to communicate policies and regulations to staff, track understanding and compliance at individual, business unit and corporate levels, through dashboards and benchmarking.
Risk Management teams use RuleSafe to create a register of risks, designate responsible parties, complete regular assessments and report their findings. RuleSafe also monitors your risk appetite trends.
Information Security and Information Technology departments reduce information breaches by creating better awareness and understanding of risks and best practices.
Human resources use RuleSafe as an online induction manual, communication of internal processes, and tracking of who has read and agreed to comply with corporate standards. RuleSafe also provides an online self-help guidance to reduce common queries of employees.
Internal and external audit teams record audit findings to maintain a central register of audits across the business.
Quality management teams use RuleSafe to record and track their processes to achieve accreditation.
RuleSafe stores and communicates Business Continuity Plans in the event of a disaster, for fast retrieval. RuleSafe also stores Business Continuity tests and provides a gap analysis of those findings.
- Is it for every organisation?
RuleSafe is a highly configurable and scalable Governance Risk and Compliance system providing Risk, Compliance and security solutions. The software is Modular, so you invest in the parts or the whole to suit your needs. It easily adapts to any industry or size of organisation in both the Public and Private sectors. The solutions are available at enterprise level through to a SME version, which is a Secure private hosted SaaS version of RuleSafe. RuleSafe can also be delivered on a preconfigured server, PoliServer, allowing you to plug it into your network and deploy it instantaneously. RuleSafe is designed to match your needs, culture terminology or language. RuleSafe will manage your policies and procedures and regulatory requirements that involve communicating, understanding and adherence by your staff. Secoda provide a guarantee that it will deliver to your specification.
- How does it work?
RuleSafe is a software solution to manage your Risk, Compliance, Security, and regulatory requirements. The solution links the three pillars of GRC, namely People, Processes and Technology. It identifies and provides specific guidance, training, testing, workflow reminders escalations and updates for all your internal policies and procedures, regulatory requirements and international or local standards/ best practices, e.g. ISO and BSI. RuleSafe maps internal policies and procedures to external standards and regulations.
RuleSafe for compliance is a central repository of all of your policies procedures and regulations that is structured to make the information easily searchable at user role, specific processes, and other definable criteria. Existing data is easy to import, and Secoda can provide a complete service to integrate existing documentation, structure and terminology to match your existing environment. RuleSafe for Risk replaces your existing paper based processes with a central register of plans, assessments, remediation plans, and historical tracking and trending.
- What benefits does it deliver?
RuleSafe provides numerous benefits so we detail only a dozen here, for further information or detail contact us. RuleSafe is modular, so you only invest in what you require.
- It is scalable to meet any size of organisation or business unit.
- The solution is easy to use so avoids training users.
- RuleSafe is role based to avoid information overload.
- RuleSafe is highly configurable to match your processes, culture, structure, terminology and language.
- The software provides dashboards and reports to save you time and effort.
- There are collaboration and communication tools to cut time and ensure the necessary parties are involved and informed.
- RuleSafe provides a central repository for all your organisation’s policies, procedures, regulations, risks and assets to avoid duplication of effort and easy searchability.
- The software automates processes, reminders, escalations and communications saving your time and resources.
- Compliance, Risk or Audit Scorecards provide instant up to date status to ensure you are in control. RuleSafe delivers the capability to easily manage your internal and external audits.
- RuleSafe provides the ability to ensure through their sign-up that Third parties adhere to your procedures and policies to mitigate the risks involved in out-sourcing.
- There is an exception management process for those aspects of non-compliance, or exceptional processing to ensure that you maintain control and save processing time.
- In essence it saves you time, money and resources while increasing productivity and efficiency and reducing risk, compliance and security breaches.
- What sizes of organisation can it handle?
RuleSafe is used by Public and Private sector organisations and business units of any size from SMEs with a hundred users to enterprises with hundreds of thousands of users. The solution is available as an enterprise solution through to an SME offering, a Secure private hosted SaaS version of RuleSafe. The software can fulfil any organisational size, sector as it is available on a modular basis, at all levels.
- How do users access and interact with RuleSafe?
RuleSafe is a web based application that users access from their existing internet browsers. Through integration with your active directory the software will identify the user, their role and rights within RuleSafe. RuleSafe is designed to be user friendly and intuitive, and incorporates an online help system to avoid any need to train your staff. Training is provided free for data owners and administrators to fully understand and appreciate the capabilities of the software. The RuleSafe core also features automated workflow driven compliance processes, linked to email and web channel messaging and alerts, RSS news feeds and a comprehensive testing regime; including employee knowledge tests, audit scorecard reporting and control assessments. This functionality is combined with dashboard reporting at individual and managerial level. Scorecards provide status of your risk, compliance and audit status
- Where is it installed?
RuleSafe Enterprise is typically installed on one of your in-house servers, by your IT resources assisted by Secoda. PoliServer is a 1U server pre-configured with RuleSafe set up with your data by Secoda for immediate deployment by you within your network. RuleSafe SME is a secure private hosted SaaS version of RuleSafe and is usually the choice of smaller organisations or business units avoiding any internal technology resources.
- Who uses RuleSafe Policy Manager?
RuleSafe Policy Manager is typically used by Compliance Officers, Security Officers, Quality Managers, Operational Managers, Human Resources and others who need to create, update and communicate policies and procedures to relevant parties within an organisation. Employees use RuleSafe for guidance and support, accessing the corporate and business unit policies, procedures and forms from a centralised database.
RuleSafe is used by Private and Public organisations from any market sector. RuleSafe is designed to be configured to meet your organisations requirements, structure and terminology and is very easy to set-up and manage. If you do not have the time and resources then Secoda will work to your specifications to provide a turnkey solution.
- What does Policy Manager do for me?
Policy Manager provides a central repository for storing all of your principles, policies, procedures, controls, and associates data and regulatory requirements. It has an integral document management system, with templates and wizards to create new policies and update exiting ones. RuleSafe delivers a collaboration tool for the authoring, commenting, and approval of all new and updated policies. This includes a full auditable lifecycle for every policy, whether live, under implementation or archived. RuleSafe allows for data to be structured to an organisation’s needs for quick and easy search. Policy manager has its own very simple document management module.
- What does Compliance Manager do for me?
RuleSafe Policy Manager controls all of your internal communications to staff regarding compliance. The module tracks the status of compliance at corporate, business unit and individual levels. Policy Manager monitors and reports individual’s reading and acceptance of all policies. The policy dashboard displays the individual’s required compliance actions, new and changed policies that need reading, tests to be taken, and the individual’s level of compliance at the business unit or corporate level.
- Can I trial RuleSafe?
Bona Fide parties can trial RuleSafe on a Software as a Service platform for a limited period. For more information contact Secoda Risk Management for advice.
- Can I import my existing policies?
Existing policies can be easily integrated into RuleSafe. Secoda also provide an integration service, which includes the structuring of data, and policy health check if desired.
- Does RuleSafe include training and guidance functionality?
RuleSafe has a multimedia audio – video training module for online content and courses. The solution allows you to structure your data for fast research. You can save and share common searches with your colleagues and employees.
- What is included in support and maintenance?
Secoda provides customers with telephone and email support on top of the integral help function. Training is provided to all data owners and administrators.
Maintenance includes access to regular updates to RuleSafe functionality for the modules you have invested in. Customers are encouraged to provide suggestions and feedback as Secoda use these suggestions to develop the overall functionality of RuleSafe.
- Is there any limit on the number of policies and procedures that I can add?
There are no limits to the number of policies and procedures you can add. You can also add supporting documentation such as forms and evidential documentation in Microsoft Word, Excel, PowerPoint, Visio and PDF for example.
- Can I add plans such as Business Continuity?
Yes, you can use RuleSafe to hold and disseminate your continuity plans. The Software as a Service (Cloud) version of RuleSafe provides quick access to plans if an event occurs.
- Is RuleSafe only designed for Compliance and Risk Management?
RuleSafe is a business tool and is used by any part of the organisation that needs to centrally store and disseminate information across the organisation. For instance it is used by HR and IT support units / help desks to reduce the repetitive process of responding to common queries by staff. It is used to centralise call centres and operational support staff who need to access information, forms and procedures and provide the correct data to their customers, reducing training/experience requirements For more information contact Secoda who will advise how RuleSafe can be best used.