RuleSafe FAQs

What is RuleSafe?

RuleSafe is an enterprise Governance, Risk and Compliance solution that lets organisations of all sizes to implement, improve and maintain compliance; by communicating, enforcing and measuring employee awareness and conformance with the company’s internal policies and procedures. Utilising the latest Microsoft technologies, the RuleSafe core application manages a database of policies, standards and guidance in the form of ‘structured information’. Unlike other paper and web-based sources of compliance documentation, RuleSafe’s information structure means that users can more easily locate the policies and supporting guidance they need to comply with, and places the user at the centre of a personalised compliance framework where they can instantly identify everything they need to do in order to comply with the organisation’s rules. The RuleSafe core also features automated workflow driven compliance processes, linked to email and web channel messaging and alerts, RSS news feeds and a comprehensive compliance testing regime; including employee knowledge tests, audit scorecard reporting and control assessments. All of these features interwork to deliver the most comprehensive and flexible solution in its class.

What does it do?

RuleSafe serves as a single, searchable, repository of policies, procedures, standards and other compliance or risk management documents that are held as 'structured information' and linked to metadata in such a way that each item of information can be linked to people, their job roles, organisational attributes and other concepts that allow compliance information, tasks and report data to be cross-referenced with people, assets and business units to delivery a comprehensive GRC framework for managing all risks and compliance-related activities across the organisation.

Why do I need RuleSafe?

It’s all about people and processes You only need open a newspaper to see how many major data security breaches, IT failures and regulatory problems there are. Nowadays, the old question of “could we suffer an incident?” has been replaced by “when will we suffer an incident?” followed by; “how costly or damaging will it be?” But this is not a time for complacency. The realisation that we cannot prevent all incidents from happening should not be allowed to keep us from doing whatever we can to minimise the possibilities for future breaches to occur, and putting effective controls and procedures in place to minimise the cost and disruption of any incident that does happen. Lets take a look at what we mean by terms like ‘cost’ and ‘disruption’ in the context of today’s economic and regulatory landscape: In 2007 Nationwide Building Society was fined nearly £1m for the loss of a laptop containing confidential customer information. Later the same year HM Revenue & Customs lost a poorly protected disk containing over 25 million personal records of UK child citizens. More recently there have been hundreds of similar data loss incidents involving the loss of millions of personal and sensitive business records across many sectors, but principally public sector health, local government, and national defence. The Poynter Report in the wake of the HMRC fiasco highlighted a number of key human and management issues, contributing to institutional deficiencies regarding security, such as a “lack of ownership and accountability” for sensitive information; a “lack of security education and awareness”; and the fact that guidance “should be simplified, shortened and made more accessible”. Looking at the many similar ‘aftermath’ reports from the other major publicised incidents, we can see similar findings and criticisms emerge in almost all cases. In the finance sector, increasing fines and regulatory sanctions are being levied against companies that fail to adequately address data security, while major breaches of personal data in the public sector leads to deterioration in public confidence and a growing mistrust of government by its citizens and foreign counterparts. In all cases the results are damaging and costly in more ways than mere monetary ones. In summary: the ability (or otherwise), to create, communicate, enforce and monitor employees’ compliance with a readily understandable set of core policies and procedures remains the lynchpin of organisational Governance, Risk and Compliance.

When should I consider deploying it?

2009: The year of living dangerously:
The increasing impact of the global credit crisis is causing an inevitable increase in crime and inappropriate behaviour generally, but also a commensurate rise in e-crime, scams and computer-related fraud. As jobs are lost or threatened, the incidents of information theft or sabotage are increasing - along with the likelihood that sacked or dismissed employees will seek compensation via employment tribunals or similar routes.
Good management of Governance, Risk and Compliance (GRC) regarding employees, third parties and the assets to which they have access are vital to (i) minimising the risk of information loss and (ii) ensuring a successful legal outcome for an organisation that must either take, or defend, an action involving employee, contractor or third party wrongdoing or negligence. This in turn demands that the organisation is able to prove it has followed best practice and taken due care to demonstrate the following: Clear and up-to-date policies and supporting guidance have been communicated to employees; Training and job-relevant guidance have been given to employees and routinely repeated and updated to ensure they remain aware, vigilant and in possession of the latest information; Verify that employees are aware of, and have formally acknowledged their accountability for: (a) adhering to the relevant policies and procedures, and (b) safeguarding specific assets or information for which they are the designated owner or custodian Employees have been knowledge-tested to ensure they fully comprehend policies and what is expected of them in their job; An effective framework for assessing and managing risks and monitoring compliance is in place and integrated with the entire operation of the business, in particular those areas identified as presenting the highest risks. Doing all of this cost-effectively, routinely and updating everything in near real-time requires a comprehensive GRC framework that ties together policy creation & communication + accountability, validation & ownership + risk management & reporting. Doing all of this manually, using simple paper-based or web-based documents is no longer a sufficiently cost-effective, quick or flexible means of managing governance, risks and compliance in organisations. Your time is money – so streamlining and automating your GRC operation will save you both time and money.

Where is it installed and managed?

RuleSafe delivers a ready-made, out-of-the-box Governance, Risk & Compliance management framework. Available in three package versions to suit different sized organisations: RuleSafe Enterprise: Onsite GRC solution for organisations of 250+ users. Deployed on your existing intranet IIS and SQL servers. Annuity licensing with bundled installation, training, support and 4 major functional upgrades per year included. PoliServer Appliance: a ready-to-go 1U server package preinstalled with the latest version of RuleSafe, SQL Server database, sample policy sets and templates and a collection of free management and monitoring tools. Includes 12 months secure automated backup service. PoliServer Appliance is the quickest way to get your GRC programme online and delivering results. RuleSafe SME: Secure private hosted SaaS verson of RuleSafe, database, tools and resources, putting your employees on line and getting them ‘in line’ today! Suitable for SME organisations of 50 to 250 employees, RuleSafe SME is the most cost-effective and comprehensive GRC solution in its class. Pricing starts from just USD$3 /£2 per user, per month – including email support and regular updates service.

How does RuleSafe deliver a return-on-investment (ROI)?

RuleSafe is an information management framework that encourages the owners of internal policies and standards to present their policies as ‘structured information’ when they author or publish their policies using the RuleSafe framework. The value and ROI savings of structured information are multiple: Firstly, having structured the information once within the RuleSafe knowledge framework; the information becomes searchable and can be more easily cross-referenced to relevant supporting standards and external compliance targets – as well as to policies covering other risk stakeholder areas. This means that employees can quickly find (or be automatically served with) all of the information relevant to them, in a uniform and easy to understand format - rather than, in a haphazard fashion, one subject at a time, or having to waste effort trawling through numerous internal sites or sources looking for everything they need. Second, the costs associated with maintaining and updating structured information are significantly lower than with unstructured or disparate sources of information. This is particularly true when we multiply cost savings across all of the risk areas of a business. In other words the time and effort of maintaining, updating and promoting a single risk management document set (RMADS), multiplied by all the policy or risk areas throughout the organisation such as Information Security, Data Protection/Privacy, IT Policies & Standards, Health & Safety, HR Policy, Legal, Regulatory etc. The greater the quantity of information managed – the more pronounced the cost savings become. Thirdly, structured information in the form of policies, standards, awareness and knowledge test materials, can be more efficiently managed as a collaborative responsibility. For example, RuleSafe is built around a 5-level authorisation structure that allows a risk stakeholder (e.g. the policy owner) to delegate the responsibility for authoring changes or additions to the policy to a more junior or contracted worker, but still retaining overall control of the review and publication status of the documentation. Features allowing secure online collaboration and review of draft policies and standards, with automatic notification of changes and updates to all parties involved; removing the need for numerous meetings or manually chasing reviewers for input or approval or documents. Some of the biggest cost savings and maximum ROI arises from the combined effects of these collaborative benefits.

Who typically uses it?

Answer to third question

Who typically uses it?

Answer to third question

Is it for every organisation?

Answer to third question

How does it work?

Answer to third question

What benefits does it deliver?

Answer to third question

What sizes of organisation can it handle?

Answer to third question

How do users access and interact with RuleSafe?

Answer to third question

Where is it installed?

Answer to third question

?

Answer to third question

?

Answer to third question

?

Answer to third question

?

Answer to third question

?

Answer to third question

?

Answer to third question

?

Answer to third question

?

Answer to third question

?

Answer to third question

?

Answer to third question

?

Answer to third question

?

Answer to third question

?

Answer to third question

?

Answer to third question

?

Answer to third question

?

Answer to third question