Q: Does the software provide out-of-the-box survey questions that can be tailored to specific requirements?
Yes. The software provides out-of-the-box content that can be used as-is, or customized by you to address your unique requirements.
Q: Does the software have the capability to incorporate custom survey questions relevant to company policies?
Yes. You can create your own questions relevant to your organization in order to assess compliance to your unique policies.
Q: Does the software have an automated ability for survey access to be sent to designated respondents via email?
Yes. The software can be configured to grant access to any designated person via email.
Q: Is it possible to split a survey into separate sections, each containing a set of questions?
Yes. Assessments allow the organization of surveys into multiple question categories.
Q: Is it possible to send different parts of a survey to different respondents based on their roles?
Yes. Question categories and individual questions can be mapped to user roles, ensuring that they are being answered by those individuals that are the most qualified to do so.
Q: Are survey questions capable of supporting various response types including the ability to upload files?
Yes. Response types include yes/no, 1-10, control implementation level, text, multiple choice, diary/journal, and file upload.
Q: Is it possible to implement conditional logic in the questionnaire (e.g. if answer is a particular value (or range of values) ask these additional questions, otherwise skip them)?
Yes. The inclusion of select “child” questions can be conditional based on the response given to a “parent” question. For example, a question may ask if a particular control is in place. If a “yes” response is given, additional questions may be asked. If a “no” response is given, the questions will not be included in the questionnaire.
Q: Is it possible to assign weighting to survey questions, and to produce an overall risk rating ‘score’ for the questionnaire?
Yes. Questions can be weighted to give them more or less of an impact on the final risk rating.
Q: Is it possible to assign a due date to a survey and to configure reminder emails to be sent to the respondent after user-specified number of days if the survey is not responded to and after the due date has passed?
Yes. The system can automatically send reminder emails anytime a deadline is near, not responded to, or passed.
Q: Is it possible to carry survey information through different assessments and/or reports, then create tasks for the gap identified without having to perform any duplicate entry?
Yes. Data gathered can be re-purposed in workflows to calculate trends in data year over year, also saving time by preventing the need to perform duplicate entry.
Q: Will surveys allow for collaboration?
Yes. Each assessment can be configured to allow multiple users to input and edit the data.
Q: Does the software provide area specific crime data from a national database (e.g. CAP index)?
Yes. We use CAP index, Security Gauge, and Global Incidents to provide you with verified crime data.
Q: Does the software have different levels of user access/permissions?
Yes. There are three different user types, each with unique levels of access.
Q: Does the software allow for site specific information input?
Yes. Survey questions can be mapped to specific facilities or departments.
Q: Does the software allow for planning and tracking of mitigation activities?
Yes. The software can clearly identify vulnerabilities and assist in mitigation.
Q: Is the software able to measure compliance against specific standards?
Yes. The software can measure compliance with IAHSS, Joint Commission, OSHA, FEMA, NATF, OCR Risk Analysis Final Rule, NIST, HITECH Act, HIPAA, and many other standards.
Q: Does the software allow for interaction with offline mobile application to import site-specific information?
Yes. Our iOS and Android apps allow you to use our software from anywhere, even offline sites.
Q: Can you provide user training through demonstration of an on-site assessment at a facility?
Yes. We offer on-site training where we participate and guide you through your first assessment.
Q: Can the software be hosted by the vendor as a software as a service (SaaS) solution that is accessible over the internet through common browsers?
Yes. We provide both SaaS and self-hosted options.
Q: Does the software aggregate risk assessment data into one screen (dashboard) to provide users the ability to visualize risk; show relationships between assets, threats, and vulnerabilities; track remediation efforts; display risk and residual risk?
Yes. Our dashboard gives an at-a-glance view of the company’s data and the risk they are facing.
Q: Does the software have drill-down charts that allow top-down and bottom-up views of risk and security/compliance gaps?
Yes. The software has charts that allow you to view the level of risk you are facing for each facility.
Q: Is there a functionality to allow records to be bulk uploaded from an external data source, e.g. Excel spreadsheet?
Yes. The software has a bulk upload template, which allows for large quantities of information to be uploaded into the software at once.
Q: Is it possible to produce and export reports for a user-defined range of criteria in Word, Excel, and PDF formats?
Yes. All reports can be exported into Word, Excel, and PDF formats.
Q: Does the software have centralized capacity to monitor status and progress of assessments and mitigation?
Yes. The administration console provides a dashboard to easily track progress.
Q: Is the software able to send automated notifications and customized messages via email for alerts and reminders?
Yes. Customizable notifications and reminders can be sent at user-defined intervals to keep assessments on schedule.
Q: Can all user actions be recorded in an event log? Is it possible to easily export the event log for subsequent external analysis?
Yes. All data inputs and changes are recorded in an audit log that can be exported as a PDF or spreadsheet.
Q: Does the assessment framework follow a recognized standard (e.g. ISO 31000, NIST 800-30, etc.)?
Yes. We utilize NIST 800-30 and ISO 31000 security analysis methodology.
Q: Does implementation include basic administrator and user training covering all functionalities?
Yes. We offer various options for on-line remote training and on-site training.
Q: Can we White label your platform so it appears to be our solution?
Yes, but our support team will have to work with you to change the name of the product.
Q: Can the risk assessment metrics be adjusted?
Yes. You can use your current likelihood and impact matrix’s to adjust what’s in our platform.
Q: How long would it take us to implement your platform?
About 30 days.
Q: Can the platform require certain assessments to be reviewed by a specific person?
Yes. We add a review question and associate that question with the person that would do the assessment review.
Q: How do we report?
Through the dashboard and customization reports.
Q: How do we track?
You can keep track in numerous ways: data by site, region, type, date and other customizable criteria.
Q: How do we access the platform?
Any device that is connected to the internet and has a browser can access it right now. We have an iPad app for areas where there is not an internet connection.
Q: Do I have to make any changes with IT?
No. There is no software to install and no changes to your security.
Q: Who would host the platform?
We prefer to host, but you can also host it on your network.
Q: How do we integrate with Archer?
You can export data from our platform and upload it to Archer and vice versa.
Q: Where is your data hosted?
Our servers are located in the United States and Canada.
Q: Is my data encrypted?
Your data is encrypted in transit to our servers through https (TLS) and at rest (all databases are encrypted with AES 256) .
Q: What content do you have now?
We have more than 30 libraries (ISO, FEMA, OSHA, etc.) that you can use for content.
Q: What data sources are integrated now?
We integrate Cap Index, SecurityGauge and Global Incidents, which make it easy for you to obtain verified crime data.
Q: Can we associate the data collected with our policy’s?
Q: How is our data (questions, policies, users, etc.) uploaded into the platform?
We work with you to organize and upload the data using a mass upload template that makes it easy to upload all of your data at once.
Q: Can we have questions where responses are required?
Yes, and you can require files to be uploaded as well.
Q: Can the platform send out a tiering questionnaire where, depending on how the questions are answered, the system then asks questions based on that tier?
Yes, we have customers doing this now.
Q: Can additional content libraries be added to essentials and standard licensing packages?
Each additional library needed can be added at the cost of an additional license in that package.