RuleSafe Improves Awareness, Management of Information Security Policies
London, UK – May 26, 2004: With increased regulation such as Sarbanes-Oxley, and many organisations needing to show compliance with best practices like BS7799, Secoda Risk Management (http://www.secoda.com), policy authoring and awareness specialist, has just made the CIO’s and Chief Security Officer’s jobs easier. Today, it has announced v2 of its RuleSafe web based policy awareness infrastructure that helps IT and security managers meet compliance targets and build a more security aware culture.
The challenge of creating effective security awareness is one of delivering the right information to those who need it at the time they need it, while at the same time avoiding information overload on staff. Today’s business risk owner needs to manage the often contradictory requirements of having comprehensive policies covering all aspects of risk, while also providing staff with simple and fast access to relevant information. RuleSafe helps them achieve both without sacrificing detail.
RuleSafe presents information online, in a structured and easy-to-use way. Role-based guidance helps staff achieve real understanding of policies and go beyond mere tick-box compliance. Because RuleSafe communicates procedures as well as policies, dynamic events such as incident response and management can be co-ordinated using RuleSafe’s knowledge deployment and feedback mechanisms.
RuleSafe v2 brings the following new benefits:
Improved lifecycle management for policies and policy sets, with tools to streamline and manage the processes of developing, reviewing, updating and archiving policies
Clear visibility of new or updated items, and the reason for change; eliminating the need for staff to re-read every policy each time a policy set is updated
Enhanced search, listing and feedback features, making RuleSafe the most effective infrastructure for promoting awareness, deploying in-house surveys or questionnaires, and gathering policy compliance data across the enterprise
New simplified search interface, making it even easier and quicker for staff to use
Visible mapping of regulatory and external governance drivers to internal policies and vice-versa. Improves staff understanding of why particular policies are important, and provides tools and reporting mechanisms for risk owners and auditors carrying out applicability and compliance reviews
Adrian Wright, Managing Director of Secoda explains: “RuleSafe overcomes the “I didn’t know where to find the policy on this, how they affected me and when was I supposed to use them” issues. It is an effective way to communicate the organisation’s policies to its staff. People can easily locate the exact policy that relates to a given situation. No more excuses, just immediate awareness of the relevant policies and guidance.”
For appropriate industry standards like BS7799 part 2 / ISO17799, RuleSafe provides clear mapping of all applicable rules to internal policies, along with real-time displays showing actual audited compliance status across the enterprise.
Working individually or in a virtual workgroup users can customise RuleSafe by importing or developing their own policies on any subject. Alternatively, they can add readymade policies in the form of additional knowledge modules, providing ‘an instant awareness and compliance solution in-a-box’.
This third-generation policy awareness approach in RuleSafe is extensible to all other areas of business and operational risk management across many different business sectors. This includes public sector organisations, corporate governance, privacy and data protection, freedom of information, financial services regulations (Basel II), (anti) money laundering, pharmaceutical and healthcare (e.g. Caldicott principles and recommendations), HR, health and safety, and many more.
RuleSafe is a policy infrastructure with additional knowledge modules for specific external standards such as BS7799. The supplied knowledge module includes the external reference standards, allowing purchasers to map applicable drivers to internal policy sets, adding role based guidance in terminology most familiar to the user. RuleSafe can work as an internal application, ASP or fully outsourced managed service.
About Secoda Risk Management
Secoda is a privately owned UK company founded in 2002. More information is available at http://www.secoda.com