6 reasons Astute is the perfect platform for compliance

6 reasons Astute is the perfect platform for compliance

It feels like only yesterday Astute was just a glimmer in our eye, but its first birthday is fast approaching – and what a year it’s been!

We set out to address deficiencies in the LMS landscape with an enterprise-level, learner-centric eLearning platform that could be accessed anywhere, on any device. Mission accomplished – as thousands of happy Astute users will attest – but we’re not stopping there.

Compliance training has changed. It’s no longer enough to simply enrol learners onto courses once a year and keep poking them until they’re passed. It might look like compliance – you can export a list showing that every learner completed the training – but actual impact on knowledge and behaviour will be limited. And isn’t that the whole point of compliance training?

We think so, which is why we set our sights on making Astute more than just a really good eLearning Platform. So without further ado, here are six features we’ve added to Astute that make it a better choice for managing compliance than your common or garden LMS.

1. Performance Manager

Making training a mandatory annual event, prescribed to everyone regardless of its relevance or their existing knowledge, is the fastest way to lose learners’ interest. As well as creating bad feeling, delivering training employees don’t actually need is simply not productive.

Rather than delivering generic training to everyone, with Performance Manager you can start the training process with a skills assessment to measure capabilities against job roles. Employees then receive personal learning plans tailored to their own capability gaps, which can consist of eLearning courses, other Astute activities, and offline tasks, too.

2. Policy Manager

Regulations evolve constantly, and it’s vital your organisation is equipped to respond by keeping employees up to date with the latest versions of policies. But managing version control, change history, and keeping track of which employees have signed which policies (as well as who needs to sign new versions) is an administrative challenge.

Not with Policy Manager, which handles all of the above with a robust audit trail and simple mass assignment. Once policies are assigned to employees, it’s easy to keep everyone up to date; policies requiring attention will display directly in their dashboard.

3. Risk Manager

The risk management and assessment processes in your organisation can make the difference between identifying problems before they become serious issues and facing the cost of fixing things after they go wrong. Risk Manager streamlines this process and makes assessments available on mobiles, tablets, and PCs.

As well as providing a robust audit trail, risk areas are easily identifiable at a glance on Astute’s dashboard. Risk Manager allows the creation of bespoke assessments, with custom mitigation outcomes including Astute activities, and just like with courses, stakeholders can be alerted automatically when intervention is required.

4. Self-directed Learning

While it can’t be denied that some subjects require annual training, that doesn’t mean learners should only be able to access them once per year. Especially in compliance subjects, where following correct processes is so important, making training available on demand can make all the difference.

So why aren’t companies doing this already? For starters, the need to enrol learners – then there’s the fact that, when a learner just wants to refresh their memory on one topic, sifting through a full length course is more trouble than it’s worth.

Our Take 5 microlearning modules are designed for this exact reason. They’re the eLearning equivalent of skipping to the chapter you need, without having to read the whole book. And if you choose Astute’s new Open Access portal feature, learners don’t need to be enrolled – or even logged in – to access them.

5. Offline communications

Creating a compliance culture can’t start and end online. If the only time learners see key messages is while completing training courses, they’ll be unlikely to remember them and transfer them to their work.

Astute can help here, too. Each of our off-the-shelf courses comes with a series of associated posters, flyers, and other printed material reinforcing the learning outcomes of the course with memorable messages.

These can be managed and printed directly from Astute. You can even drag and drop your own company logo in for a consistent, branded compliance message – online and offline.

6. Quick Quiz / Surveys

Gaining insight on engagement with your learning and development efforts is a vital part of optimising their impact, but in a typical LMS, completion rate is probably the best metric available for measuring it – and if courses are mandatory, then it doesn’t really tell you anything.

Astute’s integrated surveys make gathering feedback on engagement easy. Create custom surveys and link them to courses, risk assessments, or just make them standalone and open to anyone. You’ll be able to gather, analyse, and report on feedback easily, without needing to set up a separate system and import all of your learners.

Contact us now for a hands on demo of Astute.

Data regulations are tightening – are you ready?

Data regulations are tightening – are you ready?

After four years of negotiations, the EU has approved a new data protection framework which will come into force this summer. The General Data Protection Regulation (GDPR) represents a complete overhaul of the existing data protection rules in the EU, and is the biggest shakeup to hit data protection in 20 years. For any businesses not prepared to meet the new standards when they become law in 2018, the consequences could be significant.

The GDPR will be directly applicable to all member states (the previous directives allowed for national legislation), which means that it brings about a new era of consistency across the EU and renders the continent “fit for the digital age.” The GDPR replaces the previous set of directives around data protection for the EU which were drawn up in 1995, when the internet was in its infancy.

Stewart Room, cyber security and data protection partner at PricewaterhouseCoopers (PwC), commented: “This will impact every entity that holds or uses European personal data both inside and outside of Europe.”

The right to privacy

“The General Data Protection Regulation makes a high, uniform level of data protection throughout the EU a reality,” said Jan Philipp Albrecht (Greens, DE), who steered the legislation through Parliament. He continued: “This is a great success for the European Parliament and a fierce European ‘yes’ to strong consumer rights and competition in the digital age. Citizens will be able to decide for themselves which personal information they want to share.”

A key element of the GDPR is its stated aim to give control over private data back to citizens. According to European Parliament News, the regulations include provisions on:

  • a right to be forgotten,
  • “clear and affirmative consent” to the processing of private data by the person concerned,
  • a right to transfer your data to another service provider,
  • the right to know when your data has been hacked,
  • ensuring that privacy policies are explained in clear and understandable language, and
  • stronger enforcement and fines up to 4% of firms’ total worldwide annual turnover, as a deterrent to breaking the rules.

The need for these new regulations is clear: a recent Eurobarometer survey found that 67% of Europeans worry about not having complete control over data they provide online. Moreover, 70% of consumers reported concerns about how companies use their private data. The GDPR will force companies to be more transparent about how they use data, which will be an essential step in relieving such concerns.

Data protection failures can be costly

What gives these new regulations teeth is the heavy financial penalties they are backed by. Businesses could be fined by €20m or 4% of annual worldwide turnover for groups of companies for misuse of data.

How can VinciWorks help?

Our suite of GDPR and data protection courses are packed with multiple course versions, realistic scenarios, and every customisation option you can think of.

Our courses combine the latest in policy and law with best practice guidelines, providing real-world scenarios, interactive features, and review questions. Users will learn how to comply with data protection laws for their specific role in the organisation, and then have the chance to review and make sure they know how to apply the information.

How to protect your business from the growing risk of identity fraud

How to protect your business from the growing risk of identity fraud

Identity theft is fast becoming the dominant area of fraud in the UK: new figures from UK fraud prevention service CIFAS report that identity fraud has risen by 25 percent over the last few years.

Commenting on the findings, CIFAS Chief Executive Simon Dukes said: “What these figures show is that identity fraud continues to be the most serious fraud threat and that the first quarter of the year has been a very profitable one for organised identity theft criminals. Our data is just the tip of the iceberg – more needs to be done to identify the true scale of fraud in the UK and educate individuals about the dangers and the steps that can be taken to protect themselves.”

A primary cause of this wave of identity fraud is the plethora of data stored and shared online since the advent of the digital age. In the first quarter of 2015, over 80% of identity fraud was attempted or perpetrated online. “The increase in fraud, and in particular identity theft, comes as no surprise as we continue to become reliant on the digital world,” said Alan Batey, digital forensic consultant, Security Risk Management Ltd.

Are you worthy of your consumers’ trust?

For businesses entrusted with consumers’ personal data, maintaining strong lines of defence against identity fraud has never been more critical. Protecting private data is a key component of the trust between consumer and business, and once lost, that trust can be extremely difficult to regain. In the last few months, almost half a million customers have abandoned TalkTalk since their highly publicised data breach late last year.

Further, small businesses may be most at risk. “In a large business there is typically a well-defined set of people who have responsibility for security of computers and information assets. In small to medium businesses, that activity is not as clearly well defined,” says Lawrence R. Rogers, a senior member of the technical staff at the CERT Program of the Software Engineering Institute, part of Carnegie Mellon University.

Creating and maintaining a secure online environment is of utmost importance for any business. Clear guidelines for online behaviour and regular staff training are essential to prevent the sort of simple mistakes that can lead to catastrophe. Data encryption or new technology such as biometrics could also prove vital. The sooner a potential data breach is spotted, the less damage it is likely to do, so ensure that staff are alert to any warning signs of attack or data breaches.

How can VinciWorks help?

VinciWorks can help you prevent data breaches by training staff in data protection best practice. As well as detailed courses covering data protection and information security, we provide microlearning modules and immersive, behaviour-focused courses to ensure training transfers to the workplace. Best of all, our Compliance Essentials Suite includes all of these resources and more so you can tailor your training approach to your organisation. Contact us now to take a look.

Employee training may be the best defence against corporate IT hackers

Employee training may be the best defence against corporate IT hackers

Recent research commissioned by Citrix and carried out by Censuswide returned some concerning results regarding employees’ attitudes towards data security in the workplace. The research found that only 35% of employees regularly use passwords to protect files at work, and just two in five are vigilant about shredding sensitive documents. It’s no wonder then that IT insights and trends website Tripwire reports that 59% of data breaches occur not because of malicious hackers, but simple employee carelessness.

While customer data breaches most often hit the headlines, attacks on data pertaining to product information, design, marketing and financial plans could all have significant consequences to a business.

The good news is that Censuswide also found that 90% of the employees surveyed were aware of the importance of data security. Clearly, employee training is essential to bridge the gap between recognising the value of vigilance, and knowing how to protect data

Employee knowledge is your hidden weapon

While up to date security software is vital, it will be of little use if your employees aren’t properly trained to use it. Further training to establish policies and procedures concerning security are also vital. All too often staff simply aren’t aware of their central role in maintaining security. Michael Cobb, founder and managing director of Cobweb Applications, says an effective training programme “has to make it clear that information security is an integral part of everyone’s job with ownership, responsibility and accountability for risk made obvious in policies and job descriptions.”

Furthermore, it’s important that such training is periodic: as technology advances faster and faster, so too must staff be kept informed of the very latest procedures and techniques. “Due to continually evolving technologies and threats, you will need to update and repeat your awareness programmes as you update your security policies,” continues Cobb.

In between formal training sessions, information on how to stay vigilant against data breaches must continue to flow. Chris Mayers, Chief Security Architect at Citrix advises providing “an internal web page with a one-page list of enterprise services – e.g. ‘to do that, use this’ – and a cheat sheet for each service.” He cautions that being rigorous about updating this page is imperative.

“Simply purchasing the new technology won’t increase your level of security,” concludes Dejan Kosutic of 27001Academy.com. “You also have to teach your people how to use that technology properly, and explain to them why this is needed in the first place. Otherwise, this technology will only become what business owners fear the most—a wasted investment.”

VinciWorks’ vast and expanding cyber security training suite prepares users for all cyber risks. It includes hours of training, hundreds of micro-learning modules and topics from social media to IT security. These courses and micro-learning units can easily be configured into a multi-year training plan.

Frequently asked questions about changes to CPD and continuing competence

Over the past year we have have conducted scores of interviews with law firms, solicitors and leading SRA officials on the topic of continuing competence. Below is a compilation of the most frequently asked questions. The SRA’s view is from Senior Policy Advisor Richard Williams who spoke with VinciWorks Director of Practice Gary Yantin.

16 hours worked fine for 30 years. Why the change?

Under the 16-hour approach there was never a guarantee that CPD was resulting in more competent solicitors. One of the roles of the SRA is to protect the interests of the public and ensure access to skilled legal work. This is the purpose of Principle 5 of the Handbook: “you must provide a proper standard of service to your clients.” The new approach focuses on achieving that goal, not micro-managing solicitors’ time.

We are in the middle of the second optional year. How is adoption coming along?

Internal polling at the SRA shows that a majority of firms have already adopted the new approach. The SRA has heard from many firms who are reaping benefits from the change. Despite the good news, the SRA still recognises that it will probably take many years for firm culture to shift away from a tick-box mindset to a culture of competency.

How challenging do you think it will be for firms to adopt the new approach?

For most firms trepidation about change is probably more challenging than the actual adoption. In research that the SRA conducted when preparing for the new approach, it discovered that many firms already have systems in place for learning reviews and performance reviews. These types of activities are exactly what the SRA expects will be a fundamental part of continuing competence. Therefore for many firms the internal procedures necessary for the new approach are, in fact, already in place.

What does enforcement look like under the new approach?

There needs to be a shift in mindset. What the SRA is enforcing is not necessarily whether people have full learning plans, rather it is enforcing Principle 5. Under OFR a regulator should not look at any particular regulatory requirement in isolation.

The SRA takes a risk-based, holistic approach to compliance. They track complaints, tips, other factors, info from the PCRE etc. to establish who might be an at-risk solicitor or an at-risk firm. They will then have a discussion with the solicitor or firm in which they will evaluate the training records to see if any further action is necessary.

What records do solicitors have to keep?

There is an expectation that firms will keep copies of learning reflections and training records. In the event that a solicitor’s competence is questioned, the SRA might request a copy of those records. There will not be a requirement that the records be kept for 6 years, as was required in the past. The requirement will be for records related to current issues of competence.

Does the requirement fall on the firm or the solicitor?

The requirement of Principle 5 to “deliver a proper level of service” is true for both solicitors and firms. Therefore the obligations of continuing competence fall on both. In addition, in order for a firm to deliver a  “proper level of service” firms will be required to train and ensure the competency of non-lawyers and administrative staff.

Can you really sign the annual declaration without doing any training?

A solicitor that considers his/her needs and decides that no training is required, can indeed tick the box on the annual statement. The statement is:

“I have reflected on my practice and addressed any identified learning and development needs.”

If you have reflected on your practice and genuinely not identified any learning and development needs, then you do not require training.

Some firms are planning to continue requiring 16 hours, or 4 hours from approved providers as a means of monitoring compliance. What is the SRA’s view? Is this an effective means of monitoring?

The SRA is aware of this approach and they have even heard of firms requiring 32 hours! Ultimately from the SRA’s perspective any number of hours is arbitrary. They will be regulating competence not a number of hours. Despite this fact, this might be a sensible way for a firm to measure competence on a macro level.

Under the new approach, will Solicitors likely train for more or less than 16 hours?

There is no rule for whether there will be more or less learning under the new system. The amount of learning undertaken depends on a range of factors including seniority and area of practice. From VinciWorks conversations with firms another factor will be the firm’s’ own attitude to learning. For most of the firms we spoke to there is a common view that erring on the side of doing more learning can do no harm.

How flexible are the new types of learning?

Completely flexible. Any learning is valid if it meets an identified need. From speaking with early adopter firms, VinciWorks has identified this as an area that solicitors and their firms are likely to struggle with in the early years of competency. While the SRA are keen to point out that watching YouTube or listening to podcasts are adequate forms of learning, the firms we have spoken to appear to be sticking with tradition for now with classroom and online modular learning being the favoured forums.  

With the removal of accredited training suppliers, we wanted to know if there was a concern about a decline in quality

The SRA have no such concern. It is up to the market to create good quality learning without being restricted by having to achieve and maintain SRA approval. The SRA maintains that the market will do a far better job of establishing learning leaders than the SRA could. With this level of freedom from suppliers and for solicitors, alternative methods of learning are likely to emerge. Most firms will be watching their peers and competitors in the early years for guidance on what works.

The VinciWorks Continuing Competence Module

VinciWorks has developed a full software solution for compliance with the SRA’s new approach to continuing competence. The module is free for individuals and includes optional monitoring tools for firms. Click here to learn more and sign up for free.

VinciWorks launches Continuing Competence Module

A compliance software system designed specifically for the SRA’s new approach to CPD

On 1 November 2016, the legal profession will experience a momentous change to the manner in which solicitors remain competent. After that date, every solicitor in England will be required to demonstrate that they have reflected on their abilities to deliver competent legal practice, and bridged the gaps in their competence through learning. This reflective approach replaces the current system, whereby every solicitor undertakes a flat 16 hours of learning.

This new regime has left many confused. In the largest poll conducted on the issue, VinciWorks found that confusion amongst solicitors is the number one concern of compliance departments on the eve of these new regulations.

Continuing Competence Module

VinciWorks has used this survey as well as interviews with firms, solicitors and the SRA, to  develop a full software solution for compliance with the SRA’s new approach to continuing competence. The module alleviates the confusion around the process by guiding solicitors step-by-step through the new requirements. It show solicitors how to perform the four steps in the SRA’s guidance:

  • Reflect on your practice to identify your learning and development needs
  • Plan how you will address your learning and development needs
  • Record and evaluate your learning activity in order to demonstrate to the SRA that you have taken steps to ensure your ongoing competence
  • Make an annual declaration to confirm you have completed the above

Continuing competence module for SRA changes to CPD

Free for individuals

This compliance module is completely free for individual solicitors and is available today. Firms will be able to purchase monitoring, reporting and user management tools to automate compliance on an organisational level.

Features of the continuing competence module

The VinciWorks Continuing Competence Module features everything solicitors and firms needs to comply with the SRA’s new approach to continuing competence.

  • Simple user interface to guide solicitors through the reflective learning process
  • Mobile friendly
  • Robust admin dashboard and reporting to monitor online compliance
  • Built-in compliance course with best-practice guidance

According to Yehuda Solomont, Director of Marketing at VinciWorks, this is the first solution that has been created with direct input from the SRA.

“During the development process, we received guidance from several people at the SRA, including Richard Williams, the senior policy advisor on changes to CPD. As you can see in the video demonstration, VinciWorks’ background in education produced a simple and intuitive interface that naturally guides and educates the user.”

Sign up for free

To sign up for free visit https://vinciworks.com/competence

To see a full video demonstration visit: https://vinciworks.com/products/continuing_competence_module

SRA’s new approach to CPD: a poll of best practice

VinciWorks has concluded the largest poll ever conducted on attitudes towards the SRA’s new approach to continuing competency. The poll illuminates many industry trends and provides a better understanding of best practice. We emailed about 5,000 firms and heard from 206 of varying sizes, from sole practitioners to magic circle firms. Here are the results.

Challenges to adoption

Any new regulation is fraught with uncertainty. Constant communication, and a clear justification for change are key parts of any transition. The SRA has considerable experience on this front through its work on outcomes-focussed regulation. However, CPD is a tricky one. Solicitors are used to just recording CPD, and an hours-based approach to learning makes sense to people that bill by the hour.

Challenges to adoption

Early signs indicate that the SRA’s competence toolkit has been a useful tool in communicating the changes. However there are still challenges ahead. It seems that compliance officers and L&D managers are well educated on the changes, but that information has not trickled down to solicitors. “Confusion amongst solicitors as to the requirements” is the primary challenge identified in the survey. In other words, many solicitors simply do not understand what the requirements are when CPD ends. Firms must act to educate all solicitors, not just the learning and compliance departments.

The second greates challenge to adoption is solicitors not doing any hours at all under continuing competence. The fear is that solicitors will try to game the system and claim that they are compliant without undertaking any learning.

Creating a learning plan

The new requirement is that solicitors must be thoughtful and deliberate about their learning. CPD must have a plan. We asked firms how they believe solicitors will created these learning plans.

learning-firms

According to this poll, most solicitors will create a plan with the aid of a line manager or learning specialist. This ensures that learning is tied in tightly with performance.

These findings are in line with the SRA’s internal research. In that research the SRA discovered that many firms already have systems in place for learning reviews and performance reviews. These types of activities are exactly what the SRA expects will be a fundamental part of continuing competence. Therefore for many firms the internal procedures necessary for the new approach are, in fact, already in place.

New styles of learning

Under the new approach, any learning is valid if it meets an identified need. This opens the door to many non-conventional learning approaches. We asked firms how radical a position they will take on the idea that “any” activity could be learning.

Styles of learning

From speaking with early adopter firms, VinciWorks has identified this as an area that solicitors and their firms are likely to struggle with in the early years of competency. While officials at the SRA are keen to point out that watching YouTube or listening to podcasts are adequate forms of learning, the firms we have spoken to appear to be sticking with tradition for now. Classroom and online modular learning being the favoured forums.

Monitoring compliance

Under hours-based CPD monitoring was easy. Your employees either completed 16 hours, or they didn’t. With continuing competence, monitoring poses a challenge for firms. They will have to come up with innovate approaches to monitoring and measuring competence. We asked firms what approaches they will take to monitoring.

Monitor compliance

As demonstrated by the poll some firms are planning to continue requiring 16 hours, or 4 hours from approved providers as a means of monitoring compliance. However the SRA does not view this favourably. The SRA is aware of this approach and they have even heard of firms requiring 32 hours! Ultimately from the SRA’s perspective any number of hours is arbitrary. They will be regulating competence not a number of hours. Despite this fact, this might be a sensible way for a firm to measure competence on a macro level.

The VinciWorks Continuing Competence Module

Using the data from this survey, as well as interviews with firms and the SRA, VinciWorks has developed a full software solution for compliance with the SRA’s new approach to continuing competence. The module is free for individuals and includes optional monitoring tools for firms. Click here to learn more sign up for free

Facility Managers: Where does Health and Safety responsibility lie?

Health and safety management for residential, commercial and retail properties is an area of critical importance. Issues such as fire safety, asbestos management, water safety and electrical safety, can all result in damaging incidents that can have serious effects on the health and safety of residents and the image and financial success of the property management company. 

Book a free continuing competence workshop at Legalex – Stand L270

VinciWorks will be delivering free continuing competence workshops at Legalex (stand L270).

These 20-minute workshops will draw on our conversations with leading figures at the SRA and early adopters of the new approach to CPD.

Attendees will learn how to identify learning needs, build a learning and development plan and consider methods for recording and demonstrating that they have fulfilled the SRA’s requirements.

  • Sessions every hour
  • Only six people per session
  • Limited space
  • Stand L270

Register now

If you don’t already have tickets to Legalex, you can order tickets free of charge. Legalex is the largest exhibition focused on the business behind law. The conference is hosted in London at ExCeL and is open from 10:00 to 17:00.

VinciWorks will also be giving more in-depth talks during the conference:

  • Practice Management Theatre, Wednesday 17:00
  • Firms of the Future Theatre, Thursday 13:00