We had a chance to go over the latest release from Rex Lamb last week, and, in a resurgent business climate where growth inevitably leads to increased levels of (or, minimally, concerns about existing) regulation and oversight, the time is definitely right for Rex’s latest product: ComplyTrax.
In a nut shell (and I’m probably not doing it justice). ComplyTrax is a hosted compliance workflow solution that helps you manage risk and ensure compliance with your industry. It is industry-agnostic, so the technology (and the attendant compliance policies and rule sets) can be customised for any type of business, with any level of oversight. We’ve already got two great opportunities in the financial services industry, but it will be just as easily applied in private health, public transport, manufacturing and education.
ComplyTrax presents users with an intuitive web interface fashioned in the Azure mold, and it is easy to train users. The highest level options allow the company to define Risk Management categories, Policies and Procedures, and to build internal Training and Notifications. Additionally, a powerful Incident handling mechanism allows you to track and manage issues that risk a compliance breach, all chosen and customised by your company, to meet your very specific needs.
The screenshot above hints at the simplicity and elegance of the compliance solution, but it does not do justice to the depth and power of ComplyTrax – another nod to Rex here for the foresight and planning that went into the development of this product. Without getting into a highly technical review, let’s just briefly discuss the Risk Management area of the application.
The Risk Management configuration section uses a three-tier hierarchy to help companies clearly define their risks and the potential impacts associated with them. The three-tier architecture breaks down to
- Risk Area: used to identify all the various areas where a company has risk or compliance issues (e.g., Human Resources, Customers, Legal, Information Technology, etc.).
- Risk Category: Within each risk area, a number of catgories can be defined. For example, an IT Risk Area can be further broken down into Disaster Recovery risks, Personnel risks, Hardware risks, and many more (as many as you need, in fact).
- Risk Item: You can further break down the Area–>Category into the individual items for each category, so the IT–>Disaster Recovery section might include items such as (a) Customer Notification Plan; (b) Offsite Backups; (c) Reconstruction Plan; etc.
Risk categories can then be enabled, assigned to users, and review dates scheduled. Once enabled, risk items are tied to the policies and procedures that givern that risk. Risk Items are then scored in terms of importance and probability, and Training programs (also built in ComplyTrax) and Internal Audits are directly tied to these Risk Items and Categories. And, of course, since we are talking about Compliance, all activity associated with each risk item – that includes Internal Audits, Policies, Policy Changes, Procedures and updates to Procedures, Staff Training and Reported Incidents – all of it is tracked and reportable.
Have a look at this dashboard view to get one idea of how all of this data builds into a highly effective and visually engaging birds-eye view of where your companies risks lie:
Every once in a while in the software industry you run across features that are great for client demonstrations, but sometimes lack in real world application. This is one of those rare occasions where not only does the feature look the part, but it’s an incredibly useful tool, and the data it represents can be used for stand-alone evaluation, or can be built into other portals and reporting structures to present a clear map of what needs to be prioritised, and when.
There’s so much more to talk about here, and we’ll be learning a lot more about this product in the weeks and months to come. We hope to be linking up with Rex on a formal level before the end of the month and to start introducing it to clients and partners in the UK by Autumn, followed quickly by expansion into the regulation-heavy European market. We’ll keep it all updated here.