Security update: penetration testing complete and new features

Cybersecurity CoursesVinciWorks is committed to the highest cyber-security and data protection standards in all of its products. We have published guidance on the EU GDPR and a new cyber security course will be released next month.

Below are a number of updates and feature enhancements that ensure strict levels of information security.

New security feature – force password reset

Administrators can now enforce a stricter password policy across the organisation. If users were using generic or simple passwords, administrators can now force password reset on next login. To activate this feature contact your VinciWorks representative.

Continue reading

New LMS Feature: Custom Feedback Forms for All Courses

In the VinciWorks LMS there are many properties that can be customised through the “Edit Course Properties” screen.

course-properties

These include:

  • Access type (private vs. public)
  • Pass mark
  • Special instructions
  • File attachments
  • Feedback forms

Custom feedback forms

In the latest release we added the ability to link any course with external feedback forms. This enables firms to create custom forms in SurveyMonkey or other tools and prompt users to fill in the form after completing the course. Continue reading

Notwithstanding the fear and uncertainty — Brexit will not affect data protection laws

Brexit will not affect data protection laws

There has been a lot of confusion and fear mongering around the implications of Brexit to data protection law.

However, despite the current media frenzy, nothing will actually change in the short term. The Data Protection Act 1998 is an Act of UK Parliament and remains the law of the land regardless of the UK’s EU status. The ICO made this point clear when it released a prompt statement on 24 June:

“The Data Protection Act remains the law of the land irrespective of the referendum result.”

In other words, for at least the next two years there will effectively be no changes to data protection laws.

Brexit and GDPR

As we have reported, the European Union will likely sign General Data Protection Regulation (GDPR) into law in 2016. The regulation represents the most significant global development in data protection law since the EU Data Protection Directive in 1995 and, due to the sweeping changes, firms are already investing serious resources in preparation for GDPR.

The crux is that a “regulation”, unlike a “directive”, is applicable in all EU member states without the need for national legislation. The expected enforcement date is spring 2018, right around the expected official Brexit date. With the UK leaving the EU, technically GDPR no longer applies and the UK is not currently working on a similar update to its data protection laws.

Therefore, the question on everybody’s mind is: will UK companies need to adhere to GDPR after Britain exits the union?

The likely answer is yes. GDPR, or some form of it, will be binding for UK companies regardless of Brexit, and companies should continue preparing for the regulations. There are two main reasons for this.

1. GDPR applies to non-EU companies

The regulation states that it applies to any non-EU companies that process the data of EU residents. This is true even if a company has no physical presence in the EU. Therefore, for most UK companies, the cost of doing business with Europe will be adhering to GDPR.

2. The ICO intends to introduce ‘adequacy’

According to the ICO statement from 24 June 2016:

“If the UK is not part of the EU, then upcoming EU reforms to data protection law would not directly apply to the UK. But if the UK wants to trade with the Single Market on equal terms we would have to prove ‘adequacy’ – in other words UK data protection standards would have to be equivalent to the EU’s General Data Protection Regulation framework starting in 2018.”

The ICO is signalling that it will push the UK legislature to implement laws that are similar to GDPR in order to facilitate cross-border commerce.

The danger here is that the ICO might have to negotiate a ‘Model Clause’ contract that companies can use to facilitate and regulate transfer of data between EU and non-EU countries. This process has been fraught with issues in US-EU relations, with the European Court of Justice overturning the Safe Harbour treaty in October and officials scrambling to negotiate the new EU-US Privacy Shield.

Alternatively, Parliament will implement data protection laws that are identical or similar enough to the GDPR. In that scenario the UK and EU could come to an understanding that data can flow securely and freely across borders without the need for companies to have Model Clauses.

Next steps

In spite of Brexit, companies should continue preparing for GDPR as if Remain won the referendum. If you are responsible for implementing compliance with GDPR and you do not know where to start, the ICO has published a guide with 12 steps to take right now in order to prepare for the GDPR.

The Modern Slavery Act – A Guide to Compliance

Time is ticking on the Modern Slavery Act. Organisations with a financial year ending 31 March 2016 have a looming compliance deadline in September.

Under the Act, organisations with over £36m in revenue must publish a slavery and human trafficking statement within six months of their financial year. This statement should detail the steps taken to identify and eradicate slavery from the supply chain, including:

  • Slavery and human trafficking policies
  • Due diligence procedures
  • Risk assessments and KPIs
  • Staff training

Forming a proper statement takes months of preparation. Policies need to be drafted, staff must be trained. Now is the time for all companies affected by the Act to start laying the groundwork for compliance.

VinciWorks has released a complimentary guide to compliance with with the Modern Slavery Act. Written by experts on the new law, the guide details the steps you must take to prepare a slavery and human trafficking statement. It includes sample statements, practical examples and checklists.

Download the guide

Introducing Human Nagware

FOR IMMEDIATE RELEASE
April 1, 2016

Introducing Human Nagware

Because sometimes email is not enough

London — Convincing people to complete their compliance training has always been a challenge. Work deadlines, client pressures and other high priority tasks all contribute to employees neglecting their online courses. However, training on topics such as money laundering, bribery and diversity is mandatory and important.

Due to compliance requirements, firms require that staff complete training, and expensive administrative resources are spent chasing non-compliant individuals. Moreover, low completion rates expose firms to regulatory sanctions.

How Nagware changed compliance

In 2011 VinciWorks improved the state of compliance training forever when it introduced its revolutionary Nagware. With Nagware firms could auto-remind employees to complete training with gently escalating reminder emails.

“Nagware was a game changer”, Howard Finger, VinciWorks’ CEO commented. “Overnight, course completions tripled. Firms were asking us to incorporate Nagware into other processes in order to increase compliance rates. To fulfil that request we developed Policy Tracker for tracking policy compliance and we integrated Nagware into the Risk Management System for control procedures. We are now looking at Nagware for the Breaches Register and the Annual PI Questionnaire.”

Nagware did not go far enough

However, Nagware did not go far enough. In a pilot programme with Local Law LLP to test the efficacy of different Nag regimens, the compliance rate never rose above 75%. Nigel Plaskitt of Local Law summed up the experiment: “We threatened, we cajoled, we sent ominous emails from the managing partner. Nothing seemed to work. There were always 15-20 people who did not complete the mandatory courses.”

The only solution was a human touch

Adam Sinclair, VinciWorks’ Director of Product was tasked with finding a solution. “We hired UX experts, social scientists, you name it; we threw every resource we had at the product. We tried iPhone apps, robo-calling and text-messaging. The best we could achieve was 85% compliance.”
Continue reading

Watch the webinar on Unconscious Bias: Beyond Protected Characteristics

In this webinar, Dr. Suzanne Doyle-Morris, founder of the InclusIQ Institute, discusses how unconscious bias could negatively impact the culture and competitiveness of your firm. She provides tips for overcoming bias and actionable steps to create cultural change at your firm.

The webinar will include:

  • Best practice
  • Case studies
  • Practical advice

Please fill in the form below to receive instant access to the webinar: Unconscious Bias: Beyond Protected Characteristics

.

This recording is provided free of charge. If you found it valuable, feel free to forward it to a colleague.

LMS update: consolidated group enrolment emails

One of the most powerful automation features in the VinciWorks Learning Management System just got better. Now, when enrolling group members in multiple emails, only one consolidated email gets sent – reducing inbox clutter.

What are groups?

Groups take most of the administrative burden out of determining who needs to be enrolled in which course at what interval. With groups users are automatically enrolled in the appropriate courses at the right time, based on predefined criteria.

Some useful groups that other firms are using:

  • Automatically enrol new hires in a series of inductee courses
  • Automatically enrol users in AML refresher courses every two years
  • Automatically enrol different departments in courses relevant to their departments

If you license LMS pro or Enterprise and are interested in setting up or reviewing your current groups, contact us to set up a free training session.

Free guide: compliance training in a post CPD era

There seems to be a common misconception in the legal profession that the SRA’s changes to CPD hail the end of formal compliance training. Nothing could be further from the truth.

Compliance training on topics such as money laundering, bribery, diversity, data protection etc. remains mandatory irrespective of any CPD changes.

The SRA has reiterated on numerous occasions that changes to CPD will have no impact on other mandatory training required by legislative or regulatory bodies; nor will it affect industry best practice. For example, in the SRA’s money laundering guidance:

We have recently changed our approach to continuing competence, deciding to remove the requirement for a certain number of hours of CPD and allowing firms to arrange appropriate training at their own discretion. Anti-money laundering training and the policies that underpin it, remain a legal requirement as noted above, and firms should consider this as part of their continuing competence planning

Continue reading

Modern slavery, bribery and corruption

VinciWorks attended a recent event hosted by Thomson Reuters titled Modern Slavery, Bribery and Corruption. The international panel included Nick Grono, CEO of the Freedom Fund, Dan Viederman, CEO of Verité, Duncan Jepson, CEO of Liberty Asia, Martina Vandenberg, Founder and President of the Human Trafficking Pro Bono Legal Center and Mike Harris from World-Check.

The panel – which coincided with the publishing of two new reports: Modern Slavery and Corruption and An Exploratory Study on the Role of Corruption in International Labour Migration – focused on the relationship between modern slavery and corruption. The discussion provided an overview of the current legislation around the world, including the Foreign Corrupt Practices Act, which has been used effectively in the United States to prosecute human traffickers.

The key takeaway from the discussion was that slavery can only take place when corruption is present. At some stage in the process, someone must turn a blind eye, pay a bribe or falsify records to facilitate human trafficking or forced labour. Organisations should never be able to say “we were not aware” because the warning signs and the records of corruption are almost always there to be found. Continue reading