RSM UK RISK ASSURANCE SERVICES LLP

Risk management software (Insight4GRC 4risk)

Risk management, assurance and compliance software that provides a complete and real time view of an organisation’s risk, control assurance and compliance profile.

The system can be configured for multiple purposes including recording, monitoring and reporting of business and project risks, incidents and breaches and compliance against regulation or standards.

Features

• Complete picture of an organisation’s risk, controls and assurance environment
• Create custom risk records, risk registers, heat maps
• Rank, prioritise and align risks with objectives
• Incorporation of risk appetite
• Maintain assurance records of actions to mitigate risks
• Risk assignment to risk owner, control owners and action owners
• Score / measure inherent, residual and target risks
• Map risk mitigation and controls
• Measure controls effectiveness and identify gaps through an assurance framework
• Upload evidence via document attachment

Benefits

• Obtain a complete picture of enterprise risk management
• Increased GRC efficiency, reducing administration time and cost
• Increased GRC effectiveness, focusing on outcomes and increasing accountability
• Organisations are more likely to spot and seize opportunities identified
• Organisations are less likely to suffer from unexpected loss
• Demonstration of good governance increase 3rd party confidence
• Enterprise wide risk management position available instantly
• Increased level of assurance to key stakeholders
• Manages and reduces vicarious liability
• Excellence – leading technology coupled with experienced GRC consultants

£10,000 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@rsmuk.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

895714888846807

Contact

Kat Styler, Head of Bids
0121 214 3322
bidteam@rsmuk.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No constraints that we are aware of.
• System requirements:
  • JavaScript enabled
  • Chrome, Edge Browser within latest two major versions.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Monday to Friday 9am to 5pm.; ; Priority 1 - Highest ; The whole application is unavailable, preventing the Customer continuing core application activities. Resolution time is 4 working hours.; ; Priority 2; Incidents which do not prevent the Customer continuing core application activities is 7 days.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: There is one level of support. All support is done through the managed service desk. Implementations are supported by account managed and dedicated service delivery manager.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Onsite training and user documentation is provided. Training can be bespoked to user requirements.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Excel
  • Word
• End-of-contract data extraction: All data can be extracted via reports.
• End-of-contract process: All data can be extracted via reports. Data will be retained for a defined period unless specifically requested by the customer. There is no additional charge for data retention or deletion.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Screens will adapt to screen resolutions and sizes of the device.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: We have a read only reporting API.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customise fields to meet customer requirements.; Customisation or email alerting.; Users with the necessary administrations permissions can perform the customisation.; Site branding can also be customised by our admin team.

Scaling

• Independence of resources: We use a load balanced and scalable solution.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Physical data controls as governed by the ISO27001:2013 certification.
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Standard reports can be used to extract data.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • HTML
  • Excel
  • Word
  • Pdf
• Data import formats: Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: IP restrictions
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.9% availability target.; ; RSM UK's maximum liability for all claims made under this Agreement, however arising, including (without limitation) due to negligence, breach of contract, misrepresentation (excluding fraudulent misrepresentation) or for any other reason, shall be limited to a sum equal to 100% of the amount of the fees received by RSM UK under this Agreement.
• Approach to resilience: Available on request.
• Outage reporting: Any planned outages are communicated by email.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access is restricted through role management within the application.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 09/01/2023
• What the ISO/IEC 27001 doesn’t cover: There are no elements of the hosted solution not covered by the certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: The RSM IT Faculty have achieved ISO 27001:2013 certification and as such has an Information Security Policy in place which is reviewed at least annually. Guidance for all members of staff outlining the expected security activities and behaviours are addressed in the organisations terms and conditions of employment which are published on the Intranet. All staff whether permanent or temporary are aware of their obligations through agreeing to and signing their contracts of employment. In addition, acceptable use and IT policies are published within the staff handbook and on the intranet for ease of reference. Staff are also made aware of these policies during their initial induction. IT faculty staff as part of the ISO 27001 certification received Information Security staff presentations and a CBT to raise awareness and test their understanding.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Available on request
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Available on request
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Available on request
• Incident management type: Undisclosed
• Incident management approach: Available on request

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We want to do all we can to protect the future of our planet; we are committed to reaching net-zero carbon emissions by 2030.; ; We are implementing new strategies and systems to monitor, manage and lessen RSM’s impact on the environment, including:;  electricity from renewable sources;;  reducing paper usage and spend in our offices by moving towards digital solutions/storage;;  centralised travel booking platform, providing data on emissions;;  promoting and educating climate awareness leading to an environmentally proactive workforce;;  offsetting residual emissions with accredited carbon offset projects;;  monitoring performance and progress in achieving these aims at board level and acting on those findings.; ; We have an environmental operations group, that engages with staff, raising awareness of the best ways they can contribute to a more sustainable future, as well as holding RSM accountable for the ways our work impacts the environment.; ; We ensure suitable presence on-site and have cut unnecessary journeys – planning and management meetings where appropriate are conducted on Teams, and utilising software to enabling virtual meetings; matching our hybrid approach to that of our clients. Where possible we “double-up” on-site and encourage public transport use wherever feasible; leading to a significant reduction of business mileage (65% since 2021).; ; We share files electronically and use an online deliverables portal to ensure documents are shared/uploaded securely and remotely reducing the carbon impact of printing (over a 78% reduction in the past 3-years).; ; RSM subscribes to EcoVadis and is assessed on the Energy Savings Opportunity Scheme and Streamlined Energy and Carbon Reporting; reflecting RSM’s dedication to reduce it’s impact on the environment. Feedback from the assessments will shape improvements to our environmental strategy.; ; We are a signatory of the United Nations Global Compact, demonstrating our commitment to deliver sustainable and socially responsible working practices worldwide.

  Covid-19 recovery

  The coronavirus pandemic has caused disruption and uncertainty across the globe with many businesses still facing unprecedented challenges as a result and highlighting the importance of preparing your business for emergencies.; ; To support clients during the period of recovery, we provided clients with webinars and briefings on key issues faced as part of the Covid-19 pandemic and set up an online coronavirus hub with the latest updates and offering support and guidance. Our experts shared their advice for rebuilding and succeeding in a significantly changed world and would continue to share this with buyers.

  Tackling economic inequality

  RSM is committed to creating a culture in which diversity, inclusion and equality of opportunity are actively promoted. Some of the measures we have to tackle economic inequality are:;  inclusive and accessible recruitment practices - recruiting individuals based on merit, not background;  reasonable adjustments made to accommodate candidates with disabilities;  job descriptions are gender neutral in language;  focus on work-life balance: member of Working Families to support employees through their various life stages;  transparent promotion, pay and reward processes;  strong social and community agenda focused on ‘giving something back’. All staff have a volunteer day to use with a charity of their choice;  clearer salary ranges ensuring consistency of equity for all employees;  moderation of bonus and salary increase decisions; ; RSM UK are an accredited Real Living Wage (RLW) employer and chooses to apply RLW rates as a minimum rate of pay for all its employees, including all its temporary/casual workers, placement students, consultants and sub-contractors, irrespective of age.; ; We have made considerable progress in the delivery of our Equality, Diversity, and Inclusion strategy “Listen. Educate. Act.” through dialogue, understanding and action. We have several employee networks who all play a crucial role in the delivery of our Listen. Educate. Act Strategy. Eg the Empower group provides support for women; and is also designed to support and advocate gender equality, in particular pay and supporting women through career development and into leadership roles.; ; We issue information on our gender pay gap annually, and last year published our first ethnicity pay gap report as part of our continued transparency and dedication to becoming a truly diverse and inclusive firm. We will continue with this transparency and will publish reports such as these annually. Our most recent reports can be found on our website.

  Equal opportunity

  RSM is committed to creating a culture in which diversity and equality of opportunity are actively promoted and in which unlawful discrimination is not tolerated.; ; Equality and diversity are essential factors that contribute to the strength of our business; we work continuously towards building and maintaining an inclusive environment so that people of all identities, backgrounds, and cultures are comfortable bringing their true selves to work.; ; We believe the achievement of excellence can only be attained through recognising the value of every individual. We aim to create an environment that allows everyone to achieve their full potential. Recognising and celebrating our diverse employees, clients and suppliers helps us recruit and retain talent, drive better business performance and, most importantly, enrich the lives of individuals.; ; For our firm - a diverse workforce recognising and celebrating its different talents.; For our clients - a healthy reflection of who we are and what we can do.; For our people - an inclusive working environment with opportunity for all.; ; We have a Diversity Steering Group which has been appointed to help create a diverse and inclusive environment. We also have diversity office champions who are a local contact for views and issues in relation to diversity and inclusion in our workplace, ensuring that everyone within RSM has a point of contact in relation to these issues.; ; We are members of Business in the Community, the Valuable 500, Neurodiversity in Business, Disability Confident Employer, and Stonewall, and have external partners such as Bright Network, Women in Business and Working Families.; ; RSM has recently joined The Royal National Children’s Springboard Foundation. Employees are matched with young adults from disadvantaged backgrounds to provide advice and the beginnings of a professional network, helping to develop skills in areas like CV writing and goal setting.

  Wellbeing

  RSM have created a culture where there is no stigma attached to any aspect of wellbeing, putting in place early interventions and developing a working environment and culture in which employees can 'work well and thrive'. Working in a happy, healthy, inclusive, and supportive work environment can improve aspects of both personal and working aspects of life. ; ; To raise awareness RSM regularly hosts events based on a variety of topics and creates several thought leadership and publications. Topics have included supporting carers to balance their responsibilities and work; and wellbeing through Covid19.; ; We are members of several independent programmes and external groups, designed to help achieve best practice, inform our relationship with employees, suppliers, and clients, and create an environment that allows all to achieve their full potential.; ; Our managers are trained to recognise the signs of potential mental ill health and encourage our employees to talk about their concerns. All employees undertake Mental Wellbeing training equipping them with the tools to maintain their mental health and support their colleagues to do the same. RSM have trained Mental Health First Aid Champions who have the skills needed to support the mental wellbeing of colleagues.; ; RSM employees have access to an Employee Assistance Programme to support their mental health and wellbeing. This is a confidential service offering guidance and support 24/7, including for legal issues and advice on health issues; emotional issues, anxiety, depression, trauma, bereavement; work related concerns and support to managers from counsellors. ; ; RSM provide 'HealthMatters' portal to help our employees look after their health in and outside of work. 'HealthMatters' provides access to information, support, and advice on a range of topics such as eating well, lowering your cholesterol, looking after your back, exercising, outdoor activities and preventing aches and pains whilst sitting at a desk.

Pricing

• Price: £10,000 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We are able to provide access to a demo site for an agreed time scale. Access limited to a small number of agreed users and email alerting and SSO will not be enabled.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@rsmuk.com. Tell them what format you need. It will help if you say what assistive technology you use.