Common IT questions around Risk Management Software

If you're reading this article, it's likely that you're facing one of these two scenarios:

1. You are a risk manager looking for risk management software, and your IT and Security team is asking you questions to ensure you select the right tool. 
2. You are the IT person helping the risk team at your company look for options to implement a risk management system.

As a Chief Technology Officer myself, I understand that looking for information around this topic can be daunting.

Every month I attend dozens of system demonstrations with the sales team at Protecht and I get a lot of questions from professionals like you, so I decided to put together a list of the most common questions about risk management software that I'm asked during these sessions. I hope you find this article helpful.

1. Where is the data of my company held?

Data sovereignty is an important aspect to consider when selecting a SaaS/Cloud application. If data is stored in a different country/region, the local legislation can make it difficult to manage. Some standards, such as CPS234 in Australia, have different requirements and restrictions when data is stored offshore.

• For clients based in Australia, we use Macquarie cloud services and all data is located in the region.
• For clients in Europe and the United Kingdom ,the data is stored with AWS (Amazon Web Services) in two availability zones in the London region.

2. Does Protecht has the capability to recover in the event of a disaster, if so, how long RTO (Recovery Time Objective) and how much data will be lost RPO (Recovery Point Objective)?

Not all services are equal. Many don't even disclose how your services would be provided in the event of a disaster. This is an important aspect of your selection. Protecht.ERM maintains a full-size disaster recovery environment that is continually synchronised with the primary service. In the event of a disaster, services are restored in the alternate data centre, within 1 hour (RTO) and a maximum of 5 minutes data loss (RPO).

3. What is the availability for the service? And have you met that over the last year?

The application and infrastructure are designed to support much higher availability target than contracted, which allows us to meet contracted targets. Protecht has exceeded contracted availability targets year on year. Current availability is 99.97% as at Jan 2020.

4. How are upgrades managed?

Protecht.ERM is a managed service and Protecht is responsible for all application updates. This includes security patching, infrastructure upgrades and application upgrades. When an outage is required, they are scheduled in advance and out of business hours to minimise the disruption to clients. You don't need to do anything.

5. How easy is the user interface?

Protecht.ERM has a modern user interface and we're continually striving to improve the product usability and user engagement. We have User Experience (UX) designers working on product development and design.

6. How flexible is the product? Can it be customised?

Protecht.ERM is a highly flexible product. Customisation is both simple (no coding) and can be performed by non-technical staff. This means that the people who use the system can customise it, rather than having to send it out to be developed.

7. How is the product licensed?

Complex licensing models can end up being expensive and prohibit the full use of the product within an organisation. Protecht.ERM has simple licensing based on users which extends to all modules of the product. You can book a tailored system demo here for more information.

Advisory, Sales, and IT team getting ready for a meeting with a potential client

8. What support is provided? Is it in my time zone?

In times of difficulty, we have your back. Our support team are available via Telephone, Email and your Service Desk portal. The team are able to assist you with queries, advice and troubleshooting. Support is provided by staff in each region during business hours.

9. Is the product secure enough for me to store sensitive data?

We take Information Security very seriously. Protecht is ISO 27001:2013 certified, along with the data centres. This means that the recommended security controls are in place. It also means that the security is independently audited on a regular basis—audits are performed both internally and externally to maintain the certification.

10. Can I integrate the product with other applications I have?

Yes, Protecht.ERM supports a rich set of REST APIs. REST has become the industry standard for providing inter-connectivity between modern applications in the cloud environment.

11. How future proof is the product?

Our team is on the forefront of Risk Management—defining the trends in the industry. We're committed to continually developing Protecht.ERM with regular releases, new features and new technologies. The development never stops.

12. Can it be customised to meet my methodology?

Yes, this is one of the strengths of Protecht.ERM. It's configurable without the need for developers or coding. Your customisations are maintained as new releases are deployed.

13. Does it engage users at all levels?

Yes. We see the importance of engaging your front-line users. The front line makes up most users, and they are the people performing your risk management. With Protecht.ERM, you can provide a simpler interface for front-line users, removing administration and advanced options from the menu. The mobile application engages users on the go.

I hope you find these common questions about risk management software purchasing helpful. Whether you're a risk manager or part of the IT and Security team tasked to find a system for your organisation's risk management, important questions like these will help ensure that you make the right decision. 

If you have more questions or would like to know more, please feel free to book a demonstration with us today.