The Noggin Platform
The world's leading integrated resilience workspace for risk and business continuity management, operational resilience, incident & crisis management, and security & safety operations.
Find Your Solution
-
Crisis Management
-
Emergency Management
Apply best practices to plan for, respond to, and manage critical events and exercises. Built on ISO standards, you can respond faster with better collaboration using plans and playbooks, smart workflows, and real-time dashboards and insights, to ensure better incident response, decision-making, and continuous improvement.
Featured Modules
- Incident Response Plans & Checklists
- Critical Infrastructure Protection
- Welfare Checks
- Continuous Improvement
All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.
Featured Modules
- Security Threat Assessment
- Incident Management
- Planned Events
- Lone Worker Management
-
Safety Management
-
Employee Health & Wellbeing
-
Governance, Risk & Compliance (GRC)
-
Asset Management
-
Contractor Management
-
Visitor Management
-
Emergency Management
All the tools needed to automate your safety management system in one easy-to-use platform, following ISO standards. Increase efficiency with powerful automation capabilities and provide real time insights to all levels of your business. Configurable notifications, workflows, analytics, and mapping empower your safety personnel to make better decisions wherever they are.
Featured Modules
- Incident Management
- Injury Management
- Online Inductions
- Reporting & Analytics
Maintain a comprehensive view of the wellbeing of your workers, their needs, and the wellbeing initiatives conducted in your organization. Through various assessments, checks, analytics, and resources you can easily manage both the physical and mental wellbeing of personnel across various locations and programs.
Featured Modules
- Wellbeing Reporting
- Ergonomic Assessment
- Vaccination Management
A suite of tools to collect risk data from across your organziation from a range of stakeholders, in real time, and based on ISO standards. Fully customisable, with everything from a simple pre-task assessment though to an organisational risk register, we make it easy to capture risk data and provide the analytics to derive rich insights, to keep your organisation safe and compliant.
Featured Modules
- Audits
- Inspections
- Take 5
- Standards Compliance
Track all your assets from your vehicle fleet, fixed or mobile plant and equipment though to your critical infrastructure using our range of tools. Plan maintenance ahead of time and by collecting lead indicator data from checklists and assessments on any mobile device, then enable users to update the status of your assets to track utilisation, share documentation and report issues.
Featured Modules
- Asset assessments & checklists
- Workorder Management
- Planned Maintenance
- Asset Status Tracking
Save time and money by enabling contractors to self-register and progress through a customizable workflow, to check documentation before becoming an approved contractor. Contractors can then be automatically followed up using workflows and notifications to keep their organziation compliant.
Featured Modules
- Contractor Entities
- Contractor Workers
- Contractor Plant
Streamline visitor sign-in using a QR code on a form tailored for your organisation. Visitors can complete inductions, answer questions and acknowledge content then have notifications triggered to their host based on their responses. Once on site, manage visitor cards, broadcast notifications and understand visitor trends to optimise your processes.
Featured Modules
- Visitor Registration (QR Code)
- COVID Management
- Emergency Notifications
- Host Notifications
All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.
Featured Modules
- Featured Modules:
Situational Awareness & Reporting - Incident & Special Event Pre-Planning
- Damage Assessments
- Exercise Management
-
Physical Security
-
Cyber Security
-
Visitor Management
-
Critical Infrastructure Protection
-
Emergency Management
-
Governance, Risk & Compliance
-
Asset Management
-
Contractor Management
Proactively manage all aspects of physical security operations from anywhere, on any device. Based on ISO standards, streamline your operations using workflow automations to guide information capture, enrichment, follow up tasks, and notifications. Validate threats and risks to drive better investment of your resources.
Featured Modules
- Cyber Threats & Treatments
- Standards Compliance
- Audits & Inspections
- Compliance Obligations & Breaches
Manage cyber threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions, and drive continual improvement review cycles.
Featured Modules
- Cyber Threats & Treatments
- Standards Compliance
- Audits & Inspections
- Compliance Obligations & Breaches
Streamline visitor sign-in using a QR code on a form tailored for your organisation. Visitors can complete inductions, answer questions and acknowledge content then have notifications triggered to their host based on their responses. Once on site, manage visitor cards, broadcast notifications and understand visitor trends to optimise your processes.
Featured Modules
- Visitor Registration (QR Code)
- COVID Management
- Emergency Notifications
- Host Notifications
Consolidate the threat and risk picture across all your assets, easily demonstrate compliance with security obligations, and gain an ‘all threats’ perspective encompassing physical, cyber, personnel and supply chain. Address and manage cyber threats without having to implement costly new ICT systems and drive continuous improvement and review cycles.
Featured Modules
- Risk & Threat Assessments
- Security Inspections
- Crowded Place & Impact Assessments
All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.
Featured Modules
- Situational Awareness & Reporting
- Incident & Special Event Pre-Planning
- Damage Assessments
- Exercise Management
Manage cyber, emergency and security threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions and drive continual improvement review cycles.
Featured Modules
- Cyber Threats & Assessments
- Standards Compliance
- Audits & Inspections
- Compliance Obligations & Breaches
Track all your assets from your vehicle fleet, fixed or mobile plant and equipment though to your critical infrastructure using our range of tools. Plan maintenance ahead of time and by collecting lead indicator data from checklists and assessments on any mobile device, then enable users to update the status of your assets to track utilization, share documentation and report issues.
Featured Modules
- Asset assessments & checklists
- Workorder Management
- Planned Maintenance
- Asset Status Tracking
Save time and money by enabling contractors to self-register and progress through a customizable workflow, to check documentation before becoming an approved contractor. Contractors can then be automatically followed up using workflows and notifications to keep their organziation compliant.
Featured Modules
- Contractor Registration
- Permit to Work
- Work Orders
- Contractor Self-Administration
-
Business Continuity Planning
-
Crisis Management
-
Governance, Risk & Compliance (GRC)
-
Continuity of Operations (COOP)
Follow ISO standard approaches to determine disruption impacts and develop plans & recovery strategies to address risks. Track gaps, dependencies and tests, capture exercises, and manage insurance details. Scale up to any incident and back down to business as usual as quickly as possible and drive continuous improvement.
Featured Modules
- Business Impact Assessments
- Incident & Exercise Management
- Recovery Strategy Tracking
- Continuity of Operations (COOP)
Apply best practices to plan for, respond to, and manage critical events and exercises. Built on ISO standards, you can respond faster with better collaboration using plans and playbooks, smart workflows, and real-time dashboards and insights, to ensure better incident response, decision-making, and continuous improvement.
Featured Modules
- Incident Response Plans & Checklists
- Critical Infrastructure Protection
- Welfare Checks
- Continuous Improvement
Manage cyber, emergency and security threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions and drive continual improvement review cycles.
Featured Modules
- Cyber Threats & Treatments
- Standards Compliance
- Audits & Inspections
- Compliance Obligations & Breaches
Ensure preparedness across your organisation. Conduct business impact assessments and quickly identify essential functions. Assess hazard and threat risks. Identify technology, assets, facilities, and critical personnel. Gather and assemble essential information and documents. Develop, test and maintain your COOP plans. From readiness and preparedness to reconstitution, manage all four phases of the Continuity of Operations Plan to minimize business loss and disruption.
Featured Modules
- Business Impact Assessments
- Threat & Hazard Identification
- Continuity of Operations Plans Management
- Testing, Training & Exercises
A Comprehensive Guide to Understanding ISO45001
Who We Are
The world’s leading platform for integrated safety & security management.
- Follow us
-
-
-
.svg)
.svg)
.svg)
What is compliance management?
We all know what it means to comply. However, what is compliance management?
Compliance management is the ongoing process of monitoring and assessing systems. Which business management systems: the systems that have been established at your business to ensure you comply with industry and security standards, regulatory requirements, as well as your own internal policies.
Simple enough, sure.
Yet, some organisations believe they can coast by without effective compliance management practices.
Compliance management challenges
Times of regulatory upheaval, though, only heighten the risk of compliance infractions.
Indeed, the years 2009 to 2012 saw more than 50,000 regulations sweep across the G20. That number rose to 50,000 in the year 2015 alone, according to the London-based think tank, JWG.
The cost of adhering to those regulations also rose. Compliance with the Dodd Frank Wall Street Reform and Consumer Protection Act cost banks USD 36 billion, according to the publication, Trade.
The sheer volume of regulations isn’t the only challenge to effective compliance management. A lack of compliance management system software is another.
Without an online compliance management system, teams become more reliant on manual structures, i.e., spreadsheets, Word documents, shared folders, etc.
These home-spun structures don’t, however, scale as firms get larger – their regulatory burden more onerous.
Too many companies are also managing compliance risks in silos – on an individual, risk-by-risk basis. What’s more, individual teams don’t always have the internal (communications) tools they need to properly integrate their knowledge base of compliance risk into their systems for managing risk.
As a result, business managers don’t get visibility into enterprise-wide risk, limiting them to a fragmented view of (sector-specific) risk, despite the high probability of bleed over between business lines.
Compliance management solutions
What can be done, instead, to achieve efficient, cost-effective compliance management? For starters, senior leaders should redirect their company’s compliance efforts and resources away from piecemeal interventions.
Instead, they should focus on implementing an enterprise-wide strategy. Pursuing that strategy entails identifying the areas in the organisation with the highest compliance risk, then recalibrating the compliance function to monitoring those risks.
Here, some concrete steps to turn enterprise-wide compliance management into a reality include developing a single, overarching framework for compliance across the organisation. That unifying thread, in turn, will govern processes taken and tools procured.
But how to achieve a comprehensive understanding of your company’s compliance risk? We suggest the following:
- Run regular risk assessments. The best practice in the field is to run regular risk assessments, particularly after major business changes (e.g., COVID). Barring largescale shocks, businesses should run assessments at least annually, looking out for minor tweaks to statutes, standards, regulations, and court rulings that can affect compliance requirements.
- Factor in third-party risk. Business partners need to be part of this calculus, as well. Vendors and contractors deemed unethical in the past also increase compliance risk. They should be factored into a company’s risk-monitoring framework.
- Move on to analysis. After isolating all potential compliance risks, teams will move ahead and analyse those risks, asking themselves how likely an individual risk is to occur, and the potential impact of that risk were it to become an incident.
- Introduce standardised risk methodologies. Then comes prioritisation. That means triaging risk based on pre-established criteria. Companies don’t have infinite resources to deal with identified compliance risks. Instead, they will have to use a standardised risk methodology, usually a risk matrix, to determine which risks they will seek to control. That assessment is often made based on (proportional) levels of risk.
- Sign off on appropriate risk controls. The compliance decision maker, usually a C-level executive reporting directly into the Board’s audit committee, will need to sign off on risk controls. Those are the actual strategies and tools teams will implement to manage high-level risk and promote compliance, either by mitigating the risk or eliminating it altogether.
- Ensure constant improvement. To make this staged approach work, teams will need to ensure that their processes, policies, and procedures are all standardised. Further, they will need to ensure that the centralisation of the compliance function is reinforced by training and education, as well as clear reporting methods and mechanisms, which keep due diligence and risk assessment efforts current.
The benefits of governance, risk and compliance software
How to operationalise the best-practice compliance management solutions above? That’s where digitised governance, risk and compliance software comes in.These platforms collect real-time risk data from multiple stakeholders, across the organisation. They are also based on ISO standards, as well fully customisable.
With everything from a simple pre-task assessment through to an organisational risk register, the solutions make it easy to capture risk data and provide the analytics to derive rich insights.
What else? These solutions also provide better bang for your buck, a consistent set of common GRC features that can be used in out-of-the box, safety and security management software.
Relevant features include:
|
Controlled documents |
Primarily used for policies and procedures, but can be used for any document type Includes a document approval workflow (reviewer/owner) Includes a document review & archival workflow Supports automatic document version control and links to previous versions from current version dashboard Supports stakeholder email notifications & acknowledgements that documents have been read & understood Supports links between documents and risk controls Supports a controlled document register search Allows filtering of documents Documents are accessible from web browser and mobile devices |
|
Audits |
Audit projects consisting of multiple sections and questions that can be configured by authorised users Audits can be scheduled to occur on a user-defined cycle Multiple auditors can work simultaneously on the same audit project Each audit can consist of multiple questions, each of which can be weighted for importance Each question can include guidance notes Audit responses are automatically converted into a percentage that facilitates consolidation, comparisons, and trend reporting Non-conformances can be recorded for follow-up action Photos and files can be captured as evidence Corrective actions can be raised and tracked through to completion |
|
Risk assessments |
Can be used for any type of risk assessment Risk assessments are created from a library of pre-defined risks and controls that users can extend A Risk Assessor can automatically calculate the Inherent risk severity when the likelihood and consequences are entered An Assessor can rate the contribution of each control toward likelihood and consequences, which automatically calculates the Target risk severity level using the contribution of multiple controls The Risk Owner can approve the risk assessment Once implemented, the effectiveness percentage of each control is used to automatically recalculates the Residual risk severity level Risk assessments can be scheduled for periodic review Users can generate ad-hoc risk reports that explains what has changed within a date range |
Finally, effective compliance management is most difficult in moments of crisis and regulatory upheaval, like the present. But that doesn’t negate the reality of everyday threats to compliance management.
Understanding those threats is the first step to mitigating their effectiveness. After that, implementing cohesive compliance risk management strategies, in tandem with technology investments, is the best way to capture the risk data that provide the requisite analytics and insights needed to keep your organisation safe and compliant.
Sources:
Tom Groenfeldt, Forbes: Taming The High Costs Of Compliance With Tech. Available at https://www.forbes.com/sites/tomgroenfeldt/2018/03/22/taming-the-high-costs-of-compliance-with-tech/?sh=531894495d3f.
Norlida Abdul Manab, International Review of Business Research Papers: Enterprise-Wide Risk Management (EWRM) Practices: Between Corporate Compliance and Value Creation. https://www.researchgate.net/profile/Norlida_Manab/publication/267817755_Enterprise-Wide_Risk_Management_EWRM_Practices_Between_Corporate_Governance_Compliance_and_Value_Creation/links/57c2742508aeb95224d749b7/Enterprise-Wide-Risk-Management-EWRM-Practices-Between-Corporate-Governance-Compliance-and-Value-Creation.pdf
.svg)
Download your copy
About this Article
Published May 19, 2021