Secoda Risk Management: For Information Security, Playing By The Rules Just Got Easier

United Kingdom/26 May 2004/PRMinds / For Information Security, playing by the rules just got easier RuleSafe v2 creates improved awareness and management of information security policies

London, UK 26th May 2004: With increased regulation such as Sarbanes-Oxley, and many organisations needing to show compliance with best practices like BS7799, Secoda Risk Management (, policy authoring and awareness specialist, has just made the CIO s and Chief Security Officer s jobs easier. Today, it has announced v2 of its RuleSafe web based policy awareness infrastructure that helps IT and security managers meet compliance targets and build a more security aware culture.

The challenge of creating effective security awareness is one of delivering the right information to those who need it at the time they need it, while at the same time avoiding information overload on staff. Today s business risk owner needs to manage the often contradictory requirements of having comprehensive policies covering all aspects of risk, while also providing staff with simple and fast access to relevant information. RuleSafe helps them achieve both without sacrificing detail.

RuleSafe presents information online, in a structured and easy-to-use way. Role-based guidance helps staff achieve real understanding of policies and go beyond mere tick-box compliance. Because RuleSafe communicates procedures as well as policies, dynamic events such as incident response and management can be co-ordinated using RuleSafe s knowledge deployment and feedback mechanisms.

RuleSafe v2 brings the following new benefits:
* Improved lifecycle management for policies and policy sets, with tools to streamline and manage the processes of developing, reviewing, updating and archiving policies
* Clear visibility of new or updated items, and the reason for change; eliminating the need for staff to re-read every policy each time a policy set is updated
* Enhanced search, listing and feedback features, making RuleSafe the most effective infrastructure for promoting awareness, deploying in-house surveys or questionnaires, and gathering policy compliance data across the enterprise
* New simplified search interface, making it even easier and quicker for staff to use
* Visible mapping of regulatory and external governance drivers to internal policies and vice-versa. Improves staff understanding of why particular policies are important, and provides tools and reporting mechanisms for risk owners and auditors carrying out applicability and compliance reviews

Adrian Wright, Managing Director of Secoda explains: RuleSafe overcomes the I didn t know where to find the policy on this, how they affected me and when was I supposed to use them issues. It is an effective way to communicate the organisation s policies to its staff. People can easily locate the exact policy that relates to a given situation. No more excuses, just immediate awareness of the relevant policies and guidance.

For appropriate industry standards like BS7799 part 2 / ISO17799, RuleSafe provides clear mapping of all applicable rules to internal policies, along with real-time displays showing actual audited compliance status across the enterprise.

Working individually or in a virtual workgroup users can customise RuleSafe by importing or developing their own policies on any subject. Alternatively, they can add readymade policies in the form of additional knowledge modules, providing an instant awareness and compliance solution in-a-box .

This third-generation policy awareness approach in RuleSafe is extensible to all other areas of business and operational risk management across many different business sectors. This includes public sector organisations, corporate governance, privacy and data protection, freedom of information, financial services regulations (Basel II), (anti) money laundering, pharmaceutical and healthcare (e.g. Caldicott principles and recommendations), HR, health and safety, and many more.

About RuleSafe

RuleSafe is a policy infrastructure with additional knowledge modules for specific external standards such as BS7799. The supplied knowledge module includes the external reference standards, allowing purchasers to map applicable drivers to internal policy sets, adding role based guidance in terminology most familiar to the user.

RuleSafe pricing starts at circa 16,000 for the base enterprise package for information security knowledge, including fundamentals training and implementation support. Ongoing support, maintenance and policy consultancy provided as additional services.

RuleSafe can work as an internal application, ASP or fully outsourced managed service.

RuleSafe manages complex sets of policies, allowing staff to navigate directly to just the most relevant information to their work. Staff can view as much or as little information as they need, when they need it, and in a format most useful to them. A typical search can filter through several hundred internal policy statements, delivering a report listing just the few things most relevant to the user and the tasks they are working on.

Online audit and compliance screens facilitate the entry and display of scorecard data against each policy, region or infrastructure, allowing risk owners to generate instant reports showing current compliance status and highlighting specific problem areas.

RuleSafe enables people in organisations to achieve real awareness of policies. Unique personalised reports help people understand exactly what is required of them for each particular task or project they undertake, while RuleSafe s expert content and compliance tracking helps organisations to implement security, privacy, regulatory and governance requirements.

About Secoda Risk Management

Secoda is a privately owned UK company founded in 2002 by former senior security officers in FTSE 100 and public sector organisations. Secoda s flagship product is RuleSafe , the foremost third-generation policy awareness solution on the market.

At Secoda, we know from experience that communication, awareness and training are crucial to managing risk. Therefore, our solutions and services are designed to enable managers to create, maintain and demonstrate a genuine ‘compliance culture’ across the enterprise.

More information at

Don't miss