Thursday, December 1, 2011

10 Golden Arrows of Information Security

1. Password Control

  • Protect your password(s) at all times
  • Change your passwords regularly and if you believe it has been compromised
  • When you leave your computer – secure it (Ctrl-Alt-Del) and log-off from protected systems
  • Ensure that your password is sufficiently complex that you can remember it but it cannot be guessed by others.

2. Preventing Computer VirusesPreventing Computer Viruses

  • Ensure that all media and transmitted files are virus scanned before they are downloaded onto Company systems
  • Be suspicious of e-mail attachments from unknown origins
  • If you think your computer has a virus or you have a message to that effect – STOP using the PC – and tell your line/network manager
  • Please report all faults promptly.

3. Email Use

  • E-mails are monitored and must be business related
  • You must not send or forward chain letters, or emails containing offensive, abusive, racist or sexist comments
  • Personal e-mails must not be sent externally by the Company’s email facility

Internet Use4. Internet Use

  • Your activity on the internet will be monitored
  • Only connect to the Internet via the Company’s network
  • Ensure that authorised and downloaded files from the internet are virus scanned
  • Do not browse, download, duplicate or transmit data from the internet which is pornographic, racist, sexist, vulgar or obscene. 

5. “Need to Know” Principle

  • Only tell others what they need to know, in order to do their job
  • Ask yourself the question “Is that person really who they say they are and how can their identity be verified?” (Call them back, find them on a company address book)
  • Don’t inadvertently reveal Secret, Confidential or Personal-in-Confidence information to others, for example if you are talking in a public area, or someone tries to trick you into releasing it.

6. Protecting Company Information

  • Use the Company’s classification process to protect sensitive information; the levels are: 
  • Secret (information if released to unauthorised persons could cause serious damage to the Company’s business/reputation)
  • Confidential (information if released to unauthorised persons could cause damage to the Company’s business or reputation)
  • Personal-in-Confidence (Information held internally by the Company that relates to individuals)
  • If a Company document (electronic/paper) does not have a visible classification marking it must be assumed to have an Internal  classification
  • Classification should normally be placed on top left hand corner of document.

7. Protecting Your Information OnlineProtecting Your Information Online

  • Ensure personal details are not given out onto the Internet without personal authority
  • Never reply to an e-mail request to forward personal or banking details - email is not secure
  • Do not reply or click on a link in an unsolicited email

8. Data Protection Act 1988

  • Personal data is any information about a living, identifiable individual that is held, or going to be held on a computer, other electronic equipment, within paper files, or on video or audio tape
  • Strict rules govern the release of Data Protection information
  • If in doubt regarding the handling or release of Data Protection information please refer the matter to your line manager

Security of Customer Payment Information9. Security of Customer Payment Information

  • The Company is required to protect card payment details including name and account number at all times
  • All documents containing card payment details must be secured (lock and key) at all times
  • Card numbers must not be displayed in clear in emails or other documentation
  • Documents containing card payment details must be destroyed by using a cross cut shredder.

10. Disposal of Sensitive Information

  • Documents containing sensitive (Secret, Confidential, Personal-in-Confidence) information must be disposed of by cross cut shredder
  • Company owned computer equipment must not be disposed of without permission and must follow the instructions detailed on the Company’s Intranet.
Posted by: Sultan Noori in Need for Compliance | Tagged , , , , | Leave a comment
Wednesday, July 27, 2011

The ultimate purpose of CRM

Times have changed; to survive and thrive in this cut throat business world small to mid-size organisations now have to invest in systems to help them manage and integrate their various processes. Customer Relationship Management System is one of them. The ultimate purpose of CRM, like any other organisational initiative, is to increase profit. In the case of CRM this is achieved mainly by providing a better service to your customers than your competitors. CRM not only improves the service to customers; a good CRM system will also reduce costs, wastage, and complaints.

CRM systems enables managers to streamline the entire process from lead generation to managing huge marketing campaigns. Every time your customer has contact with you, the details of their history with you are available to whoever is serving them. With all the information you have about your customers you are in a much better position to focus your marketing efforts. Through this system CRM enables instant market research as well far better than any market survey. Good CRM also helps you grow your business: customers stay with you longer; customer churn rates reduce; referrals to new customers increase from increasing numbers of satisfied customers; demand reduces on fire-fighting and trouble-shooting staff, and overall the organization’s service flows and teams work more efficiently and more happily.

How does a CRM system achieve all this? There is a simple answer to this; through the  integration of major marketing processes. CRM system allows you to transfer lead information seamlessly between marketing and sales, ensuring you present the right messages at the right time. Better alignment between marketing and sales will improve the effectiveness of campaigns, and provide a stronger return on your software – and marketing – investments.

Posted by: Anjum Noori in Emerging Technologies | Tagged , , , | Leave a comment
Tuesday, June 21, 2011

The Art of SEO

I was deeply contemplating  SEO (Search Engine Optimisation) the other day and as I contemplated over the principles, practices and perceptions, I could not help but feel that SEO truly is an art. A digital art, and so as a cheesy pun I thought this week I would write my blog on SEO and the art of SEO.

In the past year I have trained many people on SEO, and each time I trained a group of people I would always ask them a question to begin with, a simple looking question that has a hundred answers.

“What is the Internet?”

Think about this for just one moment… Now when I asked this question I would always get hit with people giving me the purpose of the Internet but no one really knew what it was. But intriguingly the number of times I heard “Google” is the Internet was amazing, so this got me thinking, people think Google is the Internet so “search” for them is the primary function of the Internet.

If Google is being perceived as the Internet to many modern day browsers and search is their primary function of using the Internet that means optimising websites for search engines could never have been more important. Just think about it, traditionally businesses go out to customers, reaching them with promotions and adverts, expensive campaigns and sponsorship. But the Internet has delivered an avenue where customers are searching for products and services, as a business owner this is very exciting, people are searching for my products everyday, with an active purchase intention. That’s great!

But this is where the art comes in, how to get my website in the top 10 results of search engines to get a slice of that delicious pie which is buzzing with users wanting my product.

Before actually looking at the art I want to outline, search engines are businesses with a product. Their product is to deliver the most relevantreliable and accessible search results. SEO is the process that shows search engines your website and online business presence is the most relevant, reliable and accessible in relation to the search that people are putting in.

Spiders/Bots/Crawlers: These are the search engines henchmen that read websites and determine who should be in those top 10 positions. So how to get those results:

SEO revolves around 2 main elements:
1. On-page Optimisation
2. Off-page Optimisation

On-page is focused around your actual website as an entity, the content, structure, keyword density, domestic links and design. Most people will commit suicide the fact I have included design in that list, but contact me if you want to debate over that.

Off-page is focused around how external sources link to your website and the weighting of those sources, different links give different value so simply having 1 million links could mean nothing unless they have a high value. Also not in the distant past social media was considered a part of off-page optimisation, but with that exploding it has its own realm now SMO (Social Media Optimisation), but that’s for another blog.

Now personally my philosophy is simple, “get your own house in order before stepping out”, this essentially means, get your basics right, don’t buy a gazillion links before you have even looked at the content on your own website. SEO is an art because it is fragile and is process driven and if you take shortcuts you will not nowhere.

To finish once I was training a group of individuals and at the end of the session, there was a lady and she looked like if she had seen a ghost. I asked her “Whats the matter…are you OK?” she replied “It truly is a whole new world the Internet, I never knew the potential”

Blog contributed by Akmal Saleem.

Posted by: Sultan Noori in Emerging Technologies | Tagged , , , , , | 1 Comment
Sunday, February 6, 2011

Are we doing enough to reduce identity theft and fraud?

In the past few years, there has been an increase in identity theft reported by various organisations. The economy and the society have to bear billions of pounds of losses caused by identity (ID) theft. According to the Home Office, ID frauds cost the UK economy nearly £1.7 billion a year. Although FSA, Home Office and other fraud prevention organisations like CIFAS are taking proactive measures in reducing fraud, the question is, are private sector organisations doing enough to combat fraud?

In 2008, more than 16.5 million people were placed at risk when their identities were lost or stolen by the financial services firms, reported by Computer Weekly.

Last year (2010), CIFAS, the not for profit association dedicated to prevention of fraud in UK identified and protected over 89,000 victims of identity theft. This has increased over nine-fold from 9,000 cases reported in 1999.

Almost every other retail business has an online presence. If you don’t have an online presence, you may be missing a business opportunity, which entices businesses to create ecommerce sites without realising the responsibility to the consumer it brings with it. Stealing an identity for professional criminals is easy, all you have to do is to go through someone’s paper waste and recover bills and invoices. Unless you live in Knightsbridge or South Kensington where due to the high rate of identity theft, residents take extra precautions in shredding every single invoice, people are generally laid back in how they dispose of important documents.

On the street, it is very easy to obtain official documents illegally. Consider opening a bank account and if you are a foreign student or just moved to UK you may have very little to none identity footprint. So how could you be eligible for a credit card, or bank account or even a mobile phone? The answer is to manufacture an identity through illegal means. Small and medium size financial organisations are aware of this and are most vulnerable but most use manual application forms while demanding paper based proof of identity documents from customers. Paper based procedures open the door for organised fraudsters and criminals to cheat the system. SMEs also tend to use manual identity verification sources to run identity and sanction checks which are time consuming. With high volumes, employees have to dedicate their time to running these checks instead of doing more productive work which causes pressure and often results in compromises in decision making. Simply put, more sophisticated systems are needed to solve these problems.

Similar problems exist for local authorities as most are suffering from project and hiring freezes. Council employees are under pressure to complete their work obligations because of shortage of staff. With increasing unemployment and layoffs, citizens are forced to claim benefits which further creates a strain on the council’s budget. Most councils rely on paper based procedures which like the SMEs in financial and retail sector, open room for the organised fraudsters to operate in.

Tabaq Software’s Fraud Prevention Solution is an automated online electronic ID authentication solution developed on top of the jComply GRC platform. The solution offers a risk based approach to identity authentication by directly integrating with data providers such as Experian, Complinet, World Check, MK Denial, FSA, UK Companies House, FOA and more. The paper based forms are replaced by workflow based online forms which run automatic checks with the subscribed data sources while maintaining a full audit trail to prove compliance. With email notifications and alerts, employees are equipped with a system that enhances productivity, efficiency and reduces the cost of compliance.

To learn more about this system and how you can benefit from it, please email sales@tabaqsoftware.com or call Sultan Noori at 01344 668400.

Posted by: Sultan Noori in Need for Compliance | Tagged , , , , , | Leave a comment
Tuesday, December 7, 2010

Rich Internet Applications: JSF vs ASP.NET

Rich Internet Applications are Web-based applications that function as traditional desktop applications however Web browsers (or clients) are required to access but unlike traditional applications. The key benefit RIAs possesses is the functionality to interact and manipulate with data, rather than simply visualize or represent it. And that’s the reason users demand their applications to be much more interactive, dynamic and highly responsive. It makes developer task more challenging to meet user expectation.
Market for the server-side languages is crowded and lot of languages are being used by the developers like JSF, ASP.NET, Adobe Flex, PHP and more which promises RIA features. So how can a new developer understand and realize that which application is best for his application. To find out the appropriate server side language always remains the hot issue for the companies and developers. For this reason I am going to compare the features of different frameworks. 

Two main technologies I am going to talk about are ASP.NET and JSF; both represent next generation development frameworks. Comparison will be based on ease of development provided to developer, tools for the framework and support to other frameworks.

What is Web 2.0

The term Web 2.0 is commonly associated with web applications that facilitate interactive information sharing, interoperability, user-centered design, and collaboration on the World Wide Web. To better understand Web 2.0 we can divide it into three sections:

  • RIA (Rich Internet Applications) – RIA helps to achieve the behavior of desktop application on web browser.
  • SOA (Service Oriented Architecture) – It is one of the key section of Web 2.0 that includes buzz words like Feeds, RSS, Web Services and Mash ups.
  • Social Web – Web 2.0 tends to interact much more with end user, end user is not only user of application but also a participant whether it is interacting with wiki or doing podcast or blogging.

What are Rich Internet Applications?

Rich Internet applications (RIAs) are web applications that have some of the characteristics of desktop applications, typically delivered by way of an Ajax framework, proprietary web browser plug-ins, advanced JavaScript compiler technology, or independently via sandboxes or virtual machines. Examples of RIA frameworks that require browser extensions include Adobe Flex, Java FX and Microsoft Silverlight. Rich Internet Applications serve users through web browser, via browser plugin or by an independent sandbox (Independent Desktop Application).

Rich internet applications use a distributed-function model rather than the simple thin-client–server model. RIAs enrich user experiences in part due to their reduced reliance on network/server communications.

Overview of Technologies

JSF (Java Server Faces)

JSF is a rich featured framework of JAVA technology. JSF provides a set of standard features that makes it a powerful and standard among the existing technologies available for the development of web application based on java technologies. Some of the features have been given below to justify the above statement.

  • JSF is standard web user interface framework for Java.
  • Built on top of Servlet API.
  • JSF is a component framework
  • UI components are stored on the server.
  • Easy use of third party components.
  • Event driven programming model.
  • Events generated by user are handled on the server
  • Navigation handling.
  • Can automatically synchronize UI components
  • JSF supports multiple client devices.
  • JSF has extensible architecture.
  • International language support.
  • Extensive tool support (Sun, Oracle, IBM etc.)
  • Rapid application development approach.

ASP.NET

ASP.NET is a programming framework built on the common language runtime that can be used on a server to build powerful Web applications. The first version of ASP.NET offered several important advantages over previous Web development models. ASP.NET 2.0 improves upon that foundation by adding support for several new and exciting features in the areas of developer productivity, administration and management, extensibility, and performance.

ASP.NET is Platform to develop Rich Internet Application has simplified web development and provides rich components to develop web applications. The obstacle face by ASP.NET or Microsoft is integration with other frameworks, although ASP.NET can be used with any of .NET based technologies (C#, VB, J#).
Below are the features of ASP.NET:

  • Easy Programming Model
  • Flexible Language Options
  • Great Tool Support
  • Rich Class Framework
  • Enhanced Reliability
  • Memory Leak, DeadLock and Crash Protection
  • Easy Deployment
  • Dynamic update of running application
  • XML Web Services
  • Mobile Web Device Support

Comparison

This section compares the feature and functionality provided by the frameworks.

Features JSF ASP.NET
Security JSF used J2EE security features, where the possibilities are numerous and mature. Provides lots of security features but most the security features are ties to Windows Platform
Portability Once develop can run on any platform. Requires windows platform.
Ease of development Lots of tools provided in the market which visual development or RAD facility Microsoft Visual Studio provides extensive support and have made really easy to develop web applications.
Maintainability JSF code is based on MVC structured and is really easy to maintain. Visual Studio provides good visual support to maintain the code but sometimes make messy code when using lot of visual mode.
Integration JSF can be easily integrated with other frameworks like spring, struts, or more ASP.NET can easily use .NET based Frameworks only as an application framework.
Performance Reduces the data traffic and increase the performance by long term data cache Performance in ASP.NET is better than JSF one of the main reason is it only focuses single platform Windows
AJAX integration More than 30 Frameworks available Microsoft ASP.NET AJAX Control Toolkit

Following table describes the few facts about the J2EE and .Net technologies

J2EE .Net
Type of technology Standard Product
Middleware Vendors 30+ Microsoft
Interpreter JRE CLR
Dynamic web pages JSF, JSP ASP.NET
Middle-tier components EJB, Spring, JRuby .NET Managed components
Database Access JDBC, Hibernate, SQL/J ADO.NET, ODBC

Conclusion

Both frameworks have their pros and cons, like JSF is very good technology providing much enhanced features like Security, Interoperability, scalability, portability but it not easy to learn as compared to .Net. To build standard web application you have to know and follow standards of J2EE to get good result.

If we talk about ASP.NET it has a very good Integrated Development Environment provided by Microsoft, very easy to learn, even if you don’t know anything about ASP still you can develop fully interactive web application using visual editor.

If we stay within Microsoft technologies to develop application there is lots of support provided but it does provide much support to integrate with other technologies and if we successfully integrate with other technology it affects performance badly.

Both the frameworks are still working to get even better result and most of the time both of them follows each other, even if you see set of built in component provided in both are same and have same sort of functionality. So in the next article of this series I’ll compare the built in component and their support in integrated development environments.

 

Posted by: Sultan Noori in Emerging Technologies | Tagged , , , , , , , , , , , , , | Leave a comment
Sunday, October 24, 2010

Why should businesses move to Electronic ID Verification?

Most businesses today still rely on manual application processing and identity verification. On the other hand, identity theft is on the high. There are more online businesses than ever before selling goods. From the consumer’s perspective, an average consumer is very aware of the identity theft and majority are apprehensive about disclosing confidential information to businesses online. Online retailers, especially the small to medium size businesses have little investment or understanding of the risks associated with identity theft. This is because the retailers outsource the credit card processing to third parties thereby transferring the risk to someone else. Or have they really transferred the risk?

Most small and medium size financial institutions rely on paper based applications with applicants required to submit paper documents (passport, utility bills, etc.) as proof of identity. There is a difference in perspective as applicants generally do not feel comfortable in submitting paper based documents. Delay in submitting the paper documents can cause the business a new customer. Paper based procedures also open the doors for fraudsters to submit forged documents.

All of the above mentioned practices, beliefs and difference is perspectives create a market place that is ripe for the identity thief and intelligent fraudster.

The solution is to move the paper based application forms to digital workflow based forms with electronic verification of identity. The workflow based forms provide cost savings in paper and human resource and also fulfils compliance requirements. The electronic verification of ID eliminates the need for paper documents for customer due diligence. It eliminates the risk of a fraudster submitting forged documents and fast tracks the process of identity verification.

If you require help with converting a manual paper application form to an electronic workflow based form or integrating with electronic ID verification, Tabaq Software has the solution for you. Tabaq has successfully converted paper based procedures into workflow based procedures and also partner with identity management providers to provide a completely integration solution.

To get more information on electronic ID verification and workflow based forms, email sultan.noori@tabaqsoftware.com.

Posted by: Sultan Noori in Need for Compliance | Tagged , , , , , | Leave a comment
Tuesday, August 10, 2010

A Complete Compliance Solution to KYC

One of a number of ways jComply can support clients in meeting their FSA requirements is with KYC. But what should KYC cover?

Whilst surfing the web for KYC solutions I am inundated with solutions to support anti money laundering, this is certainly a part of the issue but by no means the entire solution.

What Does Know Your Customer – KYC Mean?

A standard form in the investment industry that ensures investment advisers know detailed information about their clients’ risk tolerance, investment knowledge and financial position.

KYC forms protect both clients and investment advisers. Clients are protected by having their investment advisor know what investments best suit their personal situations. Investment advisers are protected by knowing what they can and can not include in their client’s portfolio.

So protection covers both sides of the desk. On the one hand, the financial institution needs to understand the client not just for their own corporate governance but just as importantly to understand the clients needs too.

Many of our financial clients have turned to jComply to support the management of their policies and procedures. Take a look at the client reference at http://www.youtube.com/watch?v=EbmjJx07xJM.

Here, our client began to use jComply to support training of staff in policies and procedures however, by working with Tabaq’s post sale consultancy team a number of further usages have been prescribed.

An area that was expressed as a concern during a recent visit to Central Markets had been with client suitability. A paper based fact find is currently carried out with the prospective client over the telephone, with a suitably qualified interviewer.

Depending on the outcome of the questionnaire a decision is taken as to the suitability of the applicant to be a client. This could be granted immediately, referred to a more senior manager or lead to a decline.

Some training is available to support the claim of the applicant that they are suitably aware of the derivatives and spread betting market.

By developing an electronic fact find form within jComply, the current paper based system could be improved.
The e-form system will ensure that all mandatory sections are completed satisfactorily, the e-form itself would be version controlled, a full auditable and time/date stamped version is recorded and stored within jComply and all answers could be linked back to a weighted response, signalled as red amber or green to highlight suitability by way of corporate standards rather than an interviewers own subjective interpretation.

Leading on from the fact find, the question library could be extended to an application section, where applicants are given a password to enter into the training section to understand derivatives and spread betting and of course eventually take an examination.

This would identify all acceptable clients to an external auditor through the auditing features within jComply.

All of these actions are achievable within the standard version of jComply and the e-forms module.

The deliverables are obvious and include:
• A complete reduction of paper.
• Increased security of client data.
• All applications are controlled within the secure environment of jComply.
• Subjectivity is reduced assessing the suitability of a client for certain types of trading.
• The applicant is taken through a thought provoking, self assessment that will encourage fair trading all round.
• Accessibility through a secure web link enables access through a secure log in from anywhere.
• eMail notification and time nagging features ensure an application is carried out in an appropriate timescale, convenient to both client and broker.
• Integration into existing Customer Relationship data base ensures consistency of client information.
• Workflow to senior managers for exceptions only, reducing none relevant applications.
• Automatic notification that supporting application information has been sent such as age consent forms.
• An efficient and effective way to demonstrate client due dilligence.

Of course, anti money laundering is still important an as such we have designed an additional e-form to cater for AML reporting thus improving the way the client carries out SAR’s ( suspicious activity reporting). Once again the inbuilt workflow and security area within jComply provides an excellent method of achieving SAR’s regulations for front line workers.

Certainly this solution has driven down the cost of governance at our client and will do so whilst improving the effectiveness of the FSA compliance process.

For more information or a demonstration visit http://www.jcomply.com/
or email sales@tabaqsoftware.com
Or telephone 01344 668400

Posted by: Tim Anderson in Need for Compliance | Tagged , , , , , , , , | Leave a comment
Monday, August 9, 2010

What are the benefits of BPM in Compliance?

Business Process Management has been around for some time. However it has often confused potential customers rather than making it easy for people to adopt BPM to reap the rewards of process automation.

What is BPM?

Business Process Management is a management approach to improve the business processes in order to make them more efficient, effective and agile or quick to change as and when needed. Technology based BPM systems or suites have enhanced the concept by providing GUI design environments which even the non-technical people can use to design or model their business processes. This has tremendously increased the application of BPM to a wide range of business processes. Especially the processes that require large volume of transactions, or complex collaboration and integration with disparate systems, or rules based decision making, or transactions that require full audit trail for compliance are best suited for BPM.

There are a number of BPM technologies out there, from high priced third party software to open source BPM suites. Open source solutions tend to offer the best of both worlds. Not only they are free to use but open source solutions like jBPM and Process Maker come with GUI development environments and plug-ins to make the life of a business analyst real easy.

How can BPM benefit compliance?

Business process improvement is continuously ranked as the top business priority by business managers, according to a recent survey. There are many options for improving the business processes – ranging from complete process re-engineering to adopting new process management methodologies, such as Lean Six Sigma, or adding new capabilities to existing system. An investment in the right BPM suite can enable an organisation to embark on a sustainable business process improvement programme.

Mikel Harry, one of the founders of the Six Sigma methodology, has documented the economic impact of focusing on process improvement. Using the base measure of his methodology – Sigma, Dr. Harry provides a tangible example of how companies like GE have benefited from a commitment to process improvement:

With just a one-sigma shift, companies will experience a 20 percent margin improvement, a 12 to 18 percent increase in capacity, a 12 percent reduction in the number of employees, as well as a 10 to 30 percent capital reduction.
(Source: Six Sigma: The Breakthrough Management Strategy, Mikel Harry, Richard Schroeder)

The core benefits of BPM include efficiency, effectiveness and agility. The first benefit seen of a business improvement is that of improved efficiency. For example, Darlington Borough Council realised savings of 1,000 hours when they moved their manual accident and incident reporting (including manual data entry to MS Access database) to jComply Accident and Incident Management Module.

As the efficiencies are realised, the organisation focuses on making the process more effective. Often inconsistencies and loop holes are realised when the new processes are implemented. For example, in a healthcare organisation, patient pathway was reduced to 18 weeks (nearly 25%) as a result of cancelling the repetition of tasks performed in two different departments.

One of the most useful benefits of BPM is that organisations can continue to change and adapt their business processes to the changing business needs. Agility is a well known concept in a more technical arena of Service Oriented Architecture (SOA). Some of our customers change their processes a few times a year. The cost on the process change so insignificant, it is easily superseded by increase in efficiency, effectiveness and conformance to regulations.

Merging BPM with Compliance

jComply BPM is a compliance application based on a Business Process Management Suite. jComply has all the features of an enterprise compliance application such as policy and procedure management, version control, reusable question library, eLearning, audit trail, scheduling, escalation and reporting. Combining the compliance features with BPM Suite, has powered jComply with workflow based task management and real time notifications to produce solutions such as the following:

• Accident and Incident Management

• Know Your Customer forms including Client Fact Find and Customer Due Diligence

• Health and Safety checklist and reporting

• Risk Assessment form

• Supply chain procedure management

To learn more about jComply, visit http://www.jcomply.com/ or email sales@tabaqsoftware.com or call +44 1344 668400.

Posted by: Sultan Noori in Need for Compliance | Tagged , , , , | Leave a comment
Wednesday, July 21, 2010

Supporting RIDDOR.

The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 1995 (RIDDOR), place a legal duty on:
· employers;
· self-employed people;
· people in control of premises;
to report work-related deaths, major injuries or over-three-day injuries, work related diseases, and dangerous occurrences (near miss accidents).

There is a well established web page available within the HSE web site at http://www.hse.gov.uk/riddor/report.htm where a Health and Safety Officer within a company or organisation can report such matters to comply with legislation.

THE BIG PROBLEM FOR THE HEALTH & SAFETY OFFICER IS…… How do you get that information reported back from staff within your organisation to the Health & Safety Officer for him or her to report back to HSE?

This was certainly a headache for a number of our jComply clients until, working with a Health and Safety Officer from one of our local authority clients, Tabaq Software developed an e-form module to support the reporting process.

The e-form module utilises the workflow and reporting features already built into jComply as well as the user security facilities that can identify who has used the e-form and can restrict usability at various stages of the workflow.

The health and safety reports that are included within the e-forms module are Accident Reporting, Incident Reporting, Near Miss Reports/ Hazard Report Form and a Health and Safety Check list

The benefits are tremendous and include:
ü A full audit and reporting process for accident and incident internal reporting.
ü eMail notification and time nagging for users and managers to act on.
ü All mandatory fields are forced for completion.
ü All incidents are now stored and archived within jComply and are easily searchable for later retrieval.
ü Additional reports can be produced for line managers and outside agencies as PDF’s automatically.
ü Overall time saving for health and safety officer when administering the process.

For more information email sales@tabaqsoftware.com

Posted by: Tim Anderson in Need for Compliance | Tagged , | Leave a comment
Tuesday, June 1, 2010

FSA get tough on AML

It was interesting to read on our partner site http://www.complyport.co.uk/ that a company was recently subject to fines by the FSA on the topic of anti money laundering.

The interest from my perspective on this article was that the company had not been subject to any misdemeanour themselves, but had failed to provide adequate processes and control within their company to possibly prevent an incident occurring.

The lack of control of process had also lead to questionable levels of competence with regard to staff.

Only by developing formal policies and procedures, in line with the business and reviewing these on a regular basis to ensure the such policies are still fit for purpose and finally, communicating these to the appropriate personnel can a company expect to meet its regulatory obligations.

We are seeing more and more examples of this type of prosecution from compliance regulators and not just in financial areas. Those responsible for managing compliance within their firms should insist that proper control processes are in place. Certainly in this day and age this should lead to some form of integrated system.

It was also interesting to read within the article that both the company and the senior manager responsible for the policy process had been fined in this matter. There is no excuse for organisations, large or small not to control these matters and there are some excellent solutions within the market place to support such control.

Tabaq Software have developed and market jComply, a web based policy and procedure management application. http://www.jcomply.com/

In addition to the core application we have developed a number of add on modules to enhance the product to meet certain industry specific needs, this includes working with quality partners such as Complyport to ensure our clients staff are full trained in up to date material such as AML and TCF.

As a professionally developed, web based application jComply is available as a traditional client owned tool or as a Software as a Service (SAAS) solution which is proving very useful for our smaller clients.

Complimented with our FSA training content from Complyport, Tabaq Software continue to provide our financial and insurance clients with complete competitive corporate governance solutions. For further details or for a product demonstration contact sales@tabaqsoftware.com.

Posted by: Tim Anderson in Need for Compliance | Tagged , , , , | Leave a comment