RSM UK RISK ASSURANCE SERVICES LLP

Survey, data gathering, questionnaire software (Insight4GRC 4questionnaires)

Questionnaire, survey and analysis software enables organisations to collect, analyse and report on data. Suitable for various tasks such as staff and stakeholder surveys, incident reporting, breach reporting and internal control questionnaires (ICOs).

Creation of action plans based on a question responses through integration with the 4action module.

Features

• Assign accountability and responsibility for managing a survey/questionnaire
• Create and deploy questionnaires for multiple purposes
• Create questionnaires for anonymous completion
• Assign questions to specific individuals to complete
• Automatically create action plans based on question responses
• Track questionnaire completion via dashboards
• Analyse individual question responses
• Flexible survey and questionnaire design with multiple question types
• Ability to attach files to support responses
• Create questionnaire libraries for future use

Benefits

• Manage deployment of questionnaires more efficiently
• Real time reporting on questionnaire deployment and responses
• Ability to create instant action plans based on question responses
• Control questionnaire deployment through administrators
• Questionnaire can adopt your branding to give an in-house feel
• Reuse questionnaires from a library, no need to recreate
• Email alerting informs users of questionnaires issued to them.
• Email notifications to inform a questionnaire has been completed
• Enable a number of users to access questionnaire responses/analysis

£5,000 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@rsmuk.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

397308797929621

Contact

Kat Styler, Head of Bids
0121 214 3322
bidteam@rsmuk.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No constraints that we are aware of.
• System requirements:
  • JavaScript enabled
  • Chrome, Edge Browser within latest two major versions.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Monday to Friday 9am to 5pm.; ; Priority 1 - Highest ; The whole application is unavailable, preventing the Customer continuing core application activities. Resolution time is 4 working hours.; ; Priority 2; Incidents which do not prevent the Customer continuing core application activities is 7 days.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: There is one level of support. All support is done through the managed service desk. Implementations are supported by account managed and dedicated service delivery manager.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Onsite training and user documentation is provided. Training can be bespoked to user requirements.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Excel
  • Word
• End-of-contract data extraction: All data can be extracted via reports.
• End-of-contract process: All data can be extracted via reports. Data will be retained for a defined period unless specifically requested by the customer. There is no additional charge for data retention or deletion.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Screens will adapt to screen resolutions and sizes of the device.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: We have a read only reporting API.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customised surveys/questionnaires can be created.; Customise email alerting.; Users with admin access are able to create surveys.; Site branding can also be customised by our admin team.

Scaling

• Independence of resources: We use a load balanced and scalable solution.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Physical data controls as governed by the ISO27001:2013 certification.
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Standard reports can be used to extract data.
• Data export formats: Other
• Other data export formats:
  • HTML
  • Excel
  • Word
• Data import formats: Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: IP restrictions
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.9% availability target.; ; RSM UK's maximum liability for all claims made under this Agreement, however arising, including (without limitation) due to negligence, breach of contract, misrepresentation (excluding fraudulent misrepresentation) or for any other reason, shall be limited to a sum equal to 100% of the amount of the fees received by RSM UK under this Agreement.
• Approach to resilience: Available on request.
• Outage reporting: Any planned outages are communicated by email.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access is restricted through role management within the application.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 25/04/2022
• What the ISO/IEC 27001 doesn’t cover: There are no elements of the hosted solution not covered by the certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: The RSM IT Faculty have achieved ISO 27001:2013 certification and as such has an Information Security Policy in place which is reviewed at least annually. Guidance for all members of staff outlining the expected security activities and behaviours are addressed in the organisations terms and conditions of employment which are published on the Intranet. All staff whether permanent or temporary are aware of their obligations through agreeing to and signing their contracts of employment. In addition, acceptable use and IT policies are published within the staff handbook and on the intranet for ease of reference. Staff are also made aware of these policies during their initial induction. IT faculty staff as part of the ISO 27001 certification received Information Security staff presentations and a CBT to raise awareness and test their understanding.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Available on request
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Available on request
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Available on request
• Incident management type: Undisclosed
• Incident management approach: Available on request

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  It’s important that we make a positive contribution to supporting sustainability. We aim to be a net-zero emitter of carbon by 2030.; ; We are implementing new strategies and systems to monitor, manage and lessen RSM’s impact on the environment, including:;  electricity from renewable sources;;  reducing paper usage and spend in our offices by moving towards digital solutions/storage;;  centralised travel booking platform, providing data on emissions;;  promoting and educating climate awareness leading to an environmentally proactive workforce;;  offsetting residual emissions with accredited carbon offset projects;;  monitoring performance and progress in achieving these aims at board level and acting on those findings.; ; We have an environmental operations group, consisting of representatives in leadership, facilities, procurement, people, and operational finance roles.; ; The group focuses on engaging with staff to raise awareness of the best ways they can contribute to a more sustainable future, as well as holding RSM accountable for the ways our work impacts the environment. When business needs require travel, we encourage car sharing, public transport and bike schemes.; ; The Covid-19 pandemic has led to increased adoption of remote/hybrid working.; ; We utilise software to enable virtual meetings, and an online deliverables portal to ensure documents can be shared and uploaded securely and remotely. This has led to a significant reduction of business mileage, further reducing our environmental impact.; ; We ensure all employees understand and follow our environmental principles and policies, and we continuously strive to improve our activities to prevent pollution and wastage. ; ; RSM subscribes to EcoVadis and is assessed on the Energy Savings Opportunity Scheme and Streamlined Energy and Carbon Reporting; reflecting RSM’s dedication to reduce it’s impact on the environment. Feedback from the assessments will shape improvements to our environmental strategy.; ; https://www.rsmuk.com/-/media/files/who-we-are/rsm-carbon-reduction-plan.pdf
• Covid-19 recovery:

  Covid-19 recovery

  The coronavirus pandemic has caused disruption and uncertainty across the globe and many businesses are still facing unprecedented challenges as a result. As the Government continues to announce support and advice, RSM will continue to provide useful insights on critical areas, including reliefs for business, funding and business continuity, to ensure that our clients are kept up to date.; ; The coronavirus has presented many businesses in the UK and across the Globe with unprecedented challenges, highlighting the importance of preparing your business for emergencies.; ; As coronavirus lockdown restrictions eased and the Government continues to announce support and advice, businesses across the country have been faced with and are still facing a period of reactivation, readjustment and rebuilding.; ; In order to support clients during this team we have provided clients with webinars and briefings on key issues faced as part of the Covid 19 pandemic and set up an online coronavirus hub with the latest updates and offering support and guidance. Our experts have shared their advice for rebuilding and succeeding in a significantly changed world.
• Tackling economic inequality:

  Tackling economic inequality

  Our people team have developed an over-arching action plan covering the employee life cycle with the aim of reducing the pay and bonus gaps for both gender and ethnicity by especially focusing on our talent pipeline and succession planning to increase the representation of women, disadvantaged and minority groups.; ; Through this action plan we have improved our processes for internal salary decisions to eliminate bias and introduced clearer salary ranges at all levels, ensuring consistency of equity for all employees.; ; RSM fully supports the living wage and pays the Living Wage Foundation rate to all employees, including apprentices and those on extended work experience. RSM does not have formal living wage accreditation as the procurement arrangements for our third-party contractors (such as suppliers, cleaners, building management, facilities, and maintenance in all offices) currently impact upon our formal accreditation status. However, RSM is working towards becoming a fully accredited Living Wage employer by the end of 2022.; ; We have made considerable progress in the delivery of our Equality, Diversity, and Inclusion strategy “Listen. Educate. Act.” through dialogue, understanding and action. We have four employee networks, EmbRACE, Empower, LGBT+ and Faith alongside the Black Employee Network Group who all play a crucial role in the delivery of our Listen. Educate. Act Strategy. ; ; We issue information on our gender pay gap annually, and last year we published our first ethnicity pay gap report as part of our continued transparency and dedication to becoming a truly diverse and inclusive firm. We will continue with this transparency into the future and will publish reports such as these annually. ; ; https://www.rsmuk.com/who-we-are/diversity-reports
• Equal opportunity:

  Equal opportunity

  RSM is committed to creating a culture in which diversity and equality of opportunity are actively promoted and in which unlawful discrimination is not tolerated.; ; Equality and diversity are essential factors that contribute to the strength of our business so we work continuously towards building and maintaining an inclusive environment irrespective of race, nationality, sex, age, disability, part/fixed term status, pregnancy, maternity/paternity/shared parental leave, religion or beliefs, marital/civil partnership status, sexual orientation or gender identity.; ; The achievement of excellence can only be attained through recognising the value of every individual. We aim to create an environment that allows everyone to achieve their full potential. Recognising and celebrating our diverse employees, clients and suppliers helps us recruit and retain talent, drive better business performance and, most importantly, enrich the lives of individuals.; ; For our firm - a diverse workforce recognising and celebrating its different talents.; For our clients - a healthy reflection of who we are and what we can do.; For our people - an inclusive working environment with opportunity for all.; ; We have a Diversity Steering Group which has been appointed to help create a diverse and inclusive environment. We also have diversity office champions who are a local contact for views and issues in relation to diversity and inclusion in our workplace, ensuring that everyone within RSM has a point of contact in relation to these issues.; ; We are members of Business in the Community, Disability Confident Employer, and Stonewall, and also have external partners such as Bright Network, Women in Business and Working Families.; ; RSM has recently joined The Royal National Children’s Springboard Foundation. Employees are matched with young adults from disadvantaged backgrounds to provide advice and the beginnings of a professional network, helping to develop skills in areas like CV writing and goal setting.; ; https://www.rsmuk.com/who-we-are/diversity-and-inclusion
• Wellbeing:

  Wellbeing

  RSM is committed to developing a working environment and culture in which we can 'work well' and all thrive. We want to create a culture where there is no stigma attached to any aspect of wellbeing. We also want to be proactive by putting in place early interventions to prevent any illness becoming more serious but also be there to best support our people at times when it is most needed.; ; The case for supporting health and wellbeing is overwhelming. Working in a happy, healthy, inclusive, and supportive environment can improve aspects such as job satisfaction, performance, productivity, and reduce absenteeism. ; ; RSM have invested in wide-ranging tools and benefits to support digital wellbeing and physical and mental health, in the workforce: ; • Work well at RSM ; • Healthy minds; • Physical wellbeing; • Financial wellbeing; • Social wellbeing; ; RSM reports on disability, mental health and wellbeing for its own purposes. All data remains anonymous and is used as a guide to gain information on whether the services available are being used and how frequently rather than who is using them. At RSM we try to implement an ‘upstream’ approach to wellbeing. This means finding out where key areas of focus are through data and feedback and then putting an intervention in place at the earliest opportunity to prevent issues becoming greater. ; ; We have developed several initiatives to influence staff, suppliers, customers and communities to support health and wellbeing ; • Employee Assistance Programme; • Flexible working policy; • Health Matters; • Mental health at work policy; • Mental Health First Aid (MHFA) Champions; • Mental health while working from home; • Occupational Health service; • Personal development courses ; • Health Management guidance - how to talk to your manager about mental health; • Mental health awareness

Pricing

• Price: £5,000 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We are able to provide access to a demo site for an agreed time scale. Access limited to a small number of agreed users and email alerting and SSO will not be enabled.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@rsmuk.com. Tell them what format you need. It will help if you say what assistive technology you use.