RiskAid is a powerful yet intuitive online collaborative tool to manage risk and uncertainty for projects, operationally or across an organisation. It incorporates advanced features such as "what if" scenarios, a full searchable audit trail, role based security, instant personalised reports and risk assessment hierarchies with knowledge aggregation and summaries.
- Online collaborative risk management
- Extensive online reporting, drill-down and graphical displays
- Risk priority matrix ("heat map"), risk registers, risk improvement
- Data import from spreadsheets and CSV files
- Extensive user configurable displays and dashboards
- "What if" scenarios for alternative models and instant compariosn
- Hierarchical risk management with consolidation of results
- Assessments saved as "snapshots" for comparison reporting
- Comprehensive audit trail records every single change
- Integrates with other tools such as Primavera
- Enables collaborative team based approach to risk management
- Shows ROI of taking appropriate action at the appropriate time
- Imports existing data to preserve your existing risk management investment
- Alternative solutions can be explored without affecting live assessments
- Enables better informed decision making
- Audit trail provides regulatory information with ease
- Instant customisable displays and reports, personalised for each user
- Rapid synchronisation with project planning tools such as Primavera
£300 to £3000 per user per year
- Education pricing available
- Free trial available
Risk Reasoning Limited
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Service constraints||Available using any browser and browser version released within the last five years on PC, Apple Mac, tablets and smart-phones.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Normal response to email support is within 2 hours.
Mean time between first email notification and resolution of problem or issue has been three working hours over the last five years.
We pride ourselves on providing a quick and responsive support service that all users can be confident to rely upon when needed.
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.1 AA or EN 301 549|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||Web chat|
|Web chat support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support accessibility standard||WCAG 2.1 A|
|Web chat accessibility testing||We have tested these facilities with colour-blind and visually-impaired users|
|Onsite support||Yes, at extra cost|
RiskAid support is included within the licence fee.
This includes error detection and rectification, planned maintenance and software upgrades, and help-desk support.
We reserve the right to charge for more general risk management discussions and advice, but this will always be discussed and agreed beforehand with the designated client authority.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||We typically provide either online training or on-site training dependent on customer requirements. This can take the format of an interactive workshop. We also assist customers to import their own data or they can use the import facilities within RiskAid. Full online documentation is included in RiskAid as well as context-sensitive help and a range of short illustrated Briefing Notes on various aspects of collaborative risk management.|
|End-of-contract data extraction||Users can extract data using the CSV export facility or we can export it for them if required.|
|End-of-contract process||At the end of a contract, users can export their data from the system to use how they see fit. Their access to RiskAid would then be removed. We can extract and provide data in various formats as required but there may be an additional cost for this service depending on the complexity.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||None, as the user interface is responsive to screen size and will arrange itself accordingly, making best use of the screen size and orientation.|
|Description of customisation||
Any user can create any number of risk assessments.
Assessment Managers and administrators control: Role-Based Access Control for each user to each assessment, Currencies used, Risk Probability Ranges,
Risk Impact Criteria and range definitions,
Multiple risk categorisations, approval of updates supplied by users.
Users can control display detail for informational displays & reports, and display filters to focus on relevant information. They can also create what-if scenarios to explore alternatives and/or supply updates, customise their Alert notifications and select the numeric & date representations that they prefer.
Users can import data from Excel spreadsheets.
Assessment managers and administrators can create interfaces to project planning tools including Primavera P9 and Microsoft Project, using simple guided sequences, that then support rapid synchronisation between project planning and project risk.
|Independence of resources||Client's data is stored in secure, independent databases separate from each other. Hosting is provided on an "over engineered" platform meaning that capacity for performance is high, secure and protected for users. RiskAid has been designed, from the start of its development, for collaborative use by large teams worldwide, and is implemented by experienced real-time software engineers for efficient execution using the minimum processing resources.|
|Service usage metrics||Yes|
|Metrics types||The full audit trail records all activity which authorised users can then report on to see which users have been performing which actions and the changes they have made including the date, time and reasons (which can be mandated)|
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||Less than once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Physical access control, complying with CSA CCM v3.0|
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||Using the built in data export facility to generate a CSV or Excel data file.|
|Data export formats||
|Other data export formats||Excel|
|Data import formats||
|Other data import formats||Excel|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
RiskAid is available 24/7. The RiskAid server facilities have offered 99.988% availability for the last two years.
We guarantee 99% availability of the RiskAid server facilities, but cannot be held responsible for internet connectivity services outside our control. If the RiskAid server facilities are available for less than 99% over a calendar year, we will refund clients on a pro-rata daily rate proportional to their licence prices.
|Approach to resilience||Our datacentre service resilience policy is available on request.|
|Outage reporting||Email alerts|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||For obvious security reasons, this information is available on request|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Cyber Essentials|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||
We are currently applying for accreditation.
Our approach to security governance is set out in our security policies, and conducted in all our activities, to maintain client information and confidentiality, incorporate defensive security design in our product - RiskAid, host it securely and provide only secure encrypted access to it.
|Information security policies and processes||Our security policies and processes are available on request|
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
All commercial products used as components are integrated, tested and validated in-house before being deployed as part of live services.
All in-house developed components are integrated, tested and validated in-house, and incorporated in the live system in each RiskAid release, and as part of fault rectification.
All components are assessed for security impact as a whole system, for working domain separation, and against the individual user security model.
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||We assess the potential threats to our services based upon information supplied by component and associated product manufacturers, from our web host supplier, and from relevant trade and security associations. This information is matched against RiskAid's use of facilities and architecture, to identify relevant threats and then search for potential vulnerabilities. Any vulnerabilities identified are resolved as a priority.|
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||Every access to RiskAid, successful or not, is logged. This log is regularly analysed to detect potential compromises. In addition, any error in RiskAid is emailed directly to key staff for immediate attention. Due to the security features in place, it is very likely that any potential compromise causes a fault, providing immediate warning. Any potential compromises are analysed and responded to as a matter of urgency, with detailed investigation, response definition and then response implementation. We respond to an incident within a day.|
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||We have predefined processes for handling common events, which are regularly tested and proven. RiskAid automatically informs key Risk Reasoning staff of any errors detected. Users can also report incidents by email or phone. All incident reports are logged, allocated and actioned. Within the last three years, all incidents have been resolved within 3 working hours.|
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£300 to £3000 per user per year|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||Usually this will be a 1 - 3 month trial of the software which includes telephone support and hosting but not on-site services.|