Tag Archives: Risk Management

CHAS makes three key appointments designed to strengthen operations

Supply chain risk management expert CHAS (the Contractors Health and Safety Assessment Scheme) has appointed Alex Minett as head of products and markets and Elaine Bailey and Peter Hepworth, both of whom become non-executive directors at the trusted Health and Safety compliance advisor.

CHASLogo

Alex Minett brings in-depth knowledge of the SHEQ sector in the UK and internationally from a contracting and consulting perspective having established SHEQ strategies for multiple businesses (including blue chip companies) across diverse sectors.

He also has extensive knowledge of construction Best Practice and compliance having worked for 20 years in the construction sector, including on iconic projects such as the London 2012 Olympic and Paralympic Games and the Battersea Power Station where he advised on safety measures for the demolition and re-erection of the four iconic chimneys.

In addition, Minett was responsible for establishing the initial SHEQ strategy for Transport for Wales and supported the procurement team within the wider provision of the multi-billion pound franchise with pre-qualification of the bids.

AlexMinettCHAS (1)

Alex Minett

Further afield, Minett worked closely with the World Bank and other funders on one of the world’s largest solar farms in Benban and initiated a zero harm approach to safety at the Facebook Data Centre in Lulea. He was also responsible for embedding safe working practices for the construction and delivery of the Saudi Aramco Petroleum Polytechnic in Saudi Arabia.

Now, Minett has overall responsibility for all of the CHAS products both current and new and is closely involved in the strategic position of CHAS within the marketplace and identifying opportunities for growth.

CHAS managing director Ian McKinnon stated: “Alex is an excellent addition to the CHAS team and we’re delighted to have him on board. His insight and experience will be invaluable as we continue to expand our service offer.”

Minett himself commented: “I’m excited to be joining CHAS at a time of marked growth for the organisation. As the founder of contractor prequalification, CHAS enjoys a first class reputation and I’m looking forward to helping build on this as the business evolves and grows.”

Extensive experience

Elaine Bailey became a non-executive director at CHAS with effect from Wednesday 1 July. Bailey has worked extensively across the construction, criminal justice, Government services and housing sectors in the private, public and not for profit sectors and brings 15 years of executive Board experience to the role.

From 2014 to 2019, Bailey served as CEO of London-based Housing Association The Hyde Group where, as well as significantly improving financial and operating performance, she drove a major change programme designed to simplify, automate and improve service delivery.

Bailey also sits on the Industry Safety Steering Group chaired by Dame Judith Hackitt which is charged with scrutinising proposals and progress towards culture change within the construction industry following the tragic Grenfell Tower fire.

ElaineBaileyCHAS

Elaine Bailey

Previously, Bailey held senior positions at FTSE 250 outsourcer Serco and is a trustee of Catch 22 and the Greenslade Family Foundation, as well as a Board member of the Andium Housing Association.

Speaking about Bailey’s appointment, Ian McKinnon stated: “Elaine’s successes at The Hyde Group, along with her knowledge and experience of good governance, make her an excellent addition to the CHAS Board. We also welcome Elaine’s commitment to driving cultural change within the construction industry following the Grenfell Tower tragedy through her work as part of Dame Judith Hackitt’s Steering Group.”

Bailey responded: “I’m delighted to be joining an organisation which plays a key role in improving occupational Health and Safety performance in UK workplaces. I’m looking forward to working with CHAS to continue to raise Health and Safety standards right across the UK.”

Digital transformation

Peter Hepworth formerly oversaw a portfolio of businesses while serving as executive officer of the Professional Services division at Capita plc, where his achievements included rationalising 14 separate learning businesses into one organisation and executing the digital transformations of Constructionline and Parking Eye.

He simultaneously served as CEO of AXELOS.com, a joint venture between Capita and the Cabinet Office and the publisher of global Best Practice guidance for IT, project and risk management. In fact, Hepworth was responsible for founding the operation in 2013. He grew the business internationally, expanding the product range and launching a cyber resilience portfolio while regularly liaising at ministerial level. Hepworth also transitioned AXELOS to become a Content-as-a-Service subscription model.

Previously, Hepworth served as managing director of Activision Blizzard UK where he was responsible for transitioning the business to meet the digital future. He has also held senior positions at L’Oréal, Sara Lee and BDO Stoy Hayward. His additional board experience includes having served as a non-executive director of The Fire Service College, Fera Science and eve Sleep. Hepworth is a Chartered Accountant by background.

PeterHepworthCHAS

Peter Hepworth

“We’re very happy to welcome Peter to the CHAS Board,” enthused Ian McKinnon. “He brings a wealth of experience in digital transformation which will prove invaluable as we continue to navigate the challenges and opportunities of the digital age.”

Hepworth informed Security Matters: “I’m excited to be joining the Board of CHAS as it continues its strong growth trajectory. The company has an excellent reputation with an impressive portfolio of digital products and services that can help businesses transform their risk management processes. I’m delighted to have this opportunity to support the further success of both CHAS and its extensive customer base.”

Leave a comment

Filed under Security Matters

CHAS makes it easy to locate COVID-19 secure contractors

CHAS, the supply chain risk management expert, has added a Statement of Best Practice (COVID-19) to its member-focused packages designed to assist anyone who engages contractors in immediately identifying whether or not they are COVID-19 secure.

Organisations have had to rapidly adapt their working practices to operate safely during the Coronavirus outbreak and CHAS’ Statement of Best Practice (COVID-19) helps to verify that these adjustments have been made in line with latest Government and sector-issued guidelines.

COVID19

In order for a contractor to qualify as COVID-19 secure they must confirm (and, where appropriate, evidence) that they have taken three key actions which include:

  • Producing and putting into place COVID-19 specific risk assessments, method statements and controls 
  • Sharing the risk assessment with staff (and online for organisations with over 50 employees)
  • Displaying a notice to confirm they have complied with Government guidance

Construction-related businesses must also indicate that they are following COVID-19 Secure Site Operating Procedures as detailed by the Construction Leadership Council.

For contractors to comply, they simply need to login to the contractor portal and upload and submit evidence to show they meet the requirements. Meanwhile, CHAS clients log on to the CHAS Client Portal and they can instantly see whether a contractor has completed the Statement of Best Practice (COVID-19).

For those organisations who are not already CHAS clients, it is quick, easy and completely free to register and includes a range of business benefits, from the ability to easily source compliant contractors by trade and region from a database of over 50 0000 through to the availability of dedicated business services.

CHAS managing director Ian McKinnon informed Security Matters: “We recognise that organisations are looking for reassurance that everyone within their supply chain is operating to the required COVID-19 secure standards, but we also know that it’s extremely difficult for organisations to perform these checks independently, and particularly so while running on skeleton staff. The Statement of Best Practice (COVID-19) makes it easy for CHAS contractors to qualify for work while affording CHAS clients immediate visibility of a contractor’s COVID-19 secure status.”

Leave a comment

Filed under Security Matters

“Cyber attack fears delaying business innovation” reveals HackerOne survey

A survey conducted by HackerOne has revealed that IT projects are being stifled due to security concerns. More than 80% of UK CISOs and CTOs who were interviewed revealed software IT projects have been hindered due to concerns over inevitable security issues. 90% also agreed that software vulnerabilities pose a significant risk to their organisation.

“Organisations need to find a balance between driving innovation and keeping data safe,” said Laurie Mercer, security engineer at HackerOne. “It’s not surprising that fear around cyber security is hindering this, but by moving beyond traditional cyber security strategies, businesses can start to feel empowered. When I started writing code, new releases of software would take six months to develop and test. Today, new software is released every hour. This new pace of innovation poses a problem for security teams but, by implementing a strategy that supports continuous security, businesses can ensure they’re on alert for any vulnerabilities that software might have. The key is to ensure that security is constantly evolving.”

CISOCIOCyberAttack

Manpower and budgets are also a key concern for security professionals, with 63% believing security team resources are not able to keep up with the pace of development. Lack of budget and other resources including skill sets were also cited as key barriers to creating a well-rounded cyber security strategy by over a third of respondents.

Despite the significant number of concerns around vulnerabilities and limited resources, the survey highlighted that 62% would rather accept the risk of software vulnerabilities than invite unknown hackers to find them, while 63% say they’re only comfortable accepting bug submissions from vetted hackers.

A HackerOne customer and CISO of an international health and beauty retailer said: “I understand first-hand the nature of remaining cautious. As we all know, though, traditional cyber security methods alone are not sufficient. CISOs find themselves in a tricky position, needing to embrace innovation, but while ultimately remaining responsible for cyber security. The security landscape is ever evolving so we need to approach defensive strategies in the same way. By working with ethical hackers, it gives organisations the freedom to work on new projects, spin-up new applications and try different ways of working, while at the same time there’s peace of mind that continuous and ongoing testing is taking place. With ethical hacking, these vulnerabilities can be fixed immediately.”

The research was conducted by Opinion Matters and included input from 200 UK CISOs and CTOs. The findings revealed what CISOs believe to be the biggest risks to businesses, which areas are hindering growth and what kind of technology respondents are likely to implement in order to overcome these challenges.

Leave a comment

Filed under Risk Xtra

Institute of Risk Management pledges commitment to Armed Forces community by signing Armed Forces Covenant

Senior members of the Institute of Risk Management (IRM) recently gathered at a co-signing ceremony for the Armed Force’s Covenant at Horseguards Parade in London. The signing was between the IRM and the Greater London Reserve Force’s and Cadet’s Association (GLRFCA).

Guests included IRM Board members. There were also representatives present from the Kent Army Cadet Force including Lieutenant Colonel Simon Dean OBE, Deputy Commandant Major Richard Phillips and Regimental Sergeant Major Pete Barnes. SO1 Lieutenant Colonel David Utting (head of engagement for the British Army) was also present and gave a brief message on partnering with defence.

The signing between the IRM and GLRFCA signifies an ongoing commitment to service leavers and personnel as laid out in the pledge.

IRMAFC1

Socrates Coudounaris CFIRM (left), chairman of the IRM, and SO1 Lieutenant Colonel David Utting (head of engagement for the British Army)

Socrates Coudounaris CFIRM, chairman of the IRM, said: “It was a great privilege to be here today to co-sign the Armed Forces Covenant. It’s vitally important that the Armed Forces and businesses are mutually engaged. This signifies a wider pledge by the IRM to increase the risk management profession’s visibility to ex-military personnel. We provide accessible and relevant training and qualifications that will help ex-Armed Forces personnel in making the transition to the business world.”

IRMAFC2

Lieutenant Colonel Simon Dean OBE and Captain Vicky Robinson (country PR for the Kent Army Cadet Force and head of marketing and communications at the IRM)

Coudounaris added: “Many of the skills learned by services personnel naturally cross over into the world of risk management and we’re keen to ensure these skills are recognised and that we can help support individuals’ lifelong learning and career transition where possible.”

Drew Jeacock, head of engagement for the GLRFCA, stated: “The Government is committed to supporting the Armed Forces community by working with a range of partners who’ve signed the Armed Forces Covenant. It’s a national responsibility involving Government, businesses, local authorities, charities and the public. Demonstrating commitment to the Armed Forces family is a significant gesture and I hope that the IRM will embrace the intent and values that we hold close to our core. We value the IRM’s support.”

*The IRM supports Captain Victoria Robinson, the organisation’s head of marketing and communications, who’s also the county PR officer for the Kent Army Cadet Force, with leave for annual camp and other cadet-related activities

Leave a comment

Filed under Risk Xtra

Frontline Security Solutions wins first RoSPA Gold Award for Occupational Health and Safety

Frontline Security Solutions has received its first Gold Award from the Royal Society for the Prevention of Accidents (RoSPA), winning in its first year of entering. RoSPA Gold Award winners are recognised for achieving a high level of performance while demonstrating well-developed occupational Health and Safety management systems and culture, an outstanding control of risk and low levels of error, harm and loss.

Frontline Security Solutions is part of Chubb, which itself is a part of Carrier, a leading global provider of innovative HVAC, refrigeration, fire, security and building automation technologies.

Nichola Maher, EH&S manager at Frontline Security Solutions, told Risk Xtra: “Frontline has a robust, people-centric ethic. We’re delighted to receive our first ROSPA accolade, and particularly so as it’s a Gold Award.”

FrontlineROSPA2019

Simon Trundley, project manager for Frontline Security Solutions who collected the award, added: “By demonstrating the robust Health and Safety practices we have in place, we’re helping to ensure that all staff feel safe at work, which gives them more confidence to carry out their roles and responsibilities. It’s an honour to receive such an important award for and on behalf of Frontline Security Solutions.”

By attaining a RoSPA Award, an organisation is acknowledged for its commitment to maintaining a well-balanced approach towards Health and Safety management, as well as demonstrating superior practices in areas such as leadership and workplace contribution.

Leave a comment

Filed under Risk Xtra

Cyber security firm Foregenix scoops Queen’s Award for Enterprise

A cyber security firm has picked up the Queen’s Award for Enterprise. Foregenix, which celebrates its 10th Anniversary this month, received the award for its work in international trade and is believed to be the first cyber security consultancy with a determined focus on protecting the payment and finance industries to pick up the accolade.

Headquartered in the UK, Foregenix has generated around 60% of its revenue from international sales over the past four years, helped by new offices in Boston servicing North America, Frankfurt, Europe, Sydney, Australasia and São Paulo, Brazil and a new base in Singapore in 2019.

Foregenix offers a range of services including managed detection and response, digital forensics, compliance and risk. It’s one of the leading certification companies for payment systems on PCI point-to-point encryption and an authority on ATM ‘cash-out’ attacks.

The Queen’s Award for Enterprise follows on from recognition by The Sunday Times as one of the Top 100 SME exporters in 2017 and 2018.

ForegenixPaulHumpageAndrewHenwoodBenjaminHosack

Left to Right: Paul Humpage, Andrew Henwood and Benjamin Hosack of Foregenix

The Queen’s Awards have recognised the achievements of British businesses since 1965. Around 200 businesses receive the accolade each year.

Co-founder and CTO Andrew Bontoft commented: “It’s testimony to the brilliant work and dedication of our global team that we’ve received this prestigious award. We’re very proud of what the team has achieved and grateful for the recognition this award signifies. We would also like to thank our clients and suppliers for helping us to achieve this honour.”

CEO Andrew Henwood added: “Foregenix aims to protect businesses and organisations from criminals who attempt to endanger people’s livelihoods and futures for their own enrichment. It’s a cause that resonates with our customers. We offer them practical advice and solutions for baked-in security and real risk reduction.”

Leave a comment

Filed under Risk Xtra

Echosec launches security-focused anonymous search tool for The Dark Web

Online data aggregation and information discovery specialist Echosec has introduced Beacon, a search platform for The Dark Web purpose-designed to help discover threats and prevent future attacks.

Beacon is an intelligence tool that helps security teams and public safety professionals alike to find key information from The Dark Web safely through a regular web browser. Previously, the only way to access The Dark Web was through a TOR browser.

The Dark Web is non-indexed and non-secure, yet searching it is crucial for security and public safety organisations as it’s a veritable hotbed for nefarious activity. Beacon provides end users with a single point of entry into The Dark Web and presents critical information in a structured and consistent way.

Organisation of Dark Web data makes analysis of it more efficient and threat intelligence actionable for law enforcement, security and risk managers.

EchosecBeacon

“Beacon helps teams to quickly identify information that can prepare them for the worse case scenario,” said Michael Raypold, CTO at Echosec. “Through Beacon, end users can identify threats quickly and enable efficient issues management.”

A basic Beacon search can provide intelligence on subjects like drug trafficking, the sale of firearms and hacker data. A UK search conducted on 12 April found 14,849 instances of hacker data using the keyword “UK + hacking,” while “UK + credit card” returned 16,600 and “UK + guns” 2,650 results respectively.

More advanced search functions in Beacon have produced thousands of results for information on the sale of identities, e-mail addresses and other personally identifiable information. One excerpt from a credit card search result on a Dark Web site reads: “Hello all clients ! – I’m a hacker, good seller, best tools, sell online 24h. – I want introduce to you my services and sell fresh cvv (visa/master,amex,dis,bin,dob,fullz..) all country, Dumps track 1&2, Account paypal, SMTP, RDP, VPS, Mailers, do WU transfer and Software Bug Transfer Western Union. – I sell cvv Fresh – Fast and Good price.”

Beacon is commercially available and simple and safe to interact with for users of all backgrounds. However, due to the sensitive nature of The Dark Web, Echosec meets with potential customers to review and approve their case before providing access. Echosec also takes steps to ensure that Beacon use is compliant with the current privacy laws and data provider terms.

*More information about Beacon may be found at https://www.echosec.net/darknet/

Leave a comment

Filed under Risk Xtra

BAE Systems launches “major update” to NetReveal platform for financial institutions

The latest version of BAE Systems’ NetReveal platform combines the best of advanced analytics and human expertise to enable financial institutions to effectively combat financial crime and fraud in an environment of rapidly evolving regulatory requirements and changing financial crime patterns.

Faced with increasing transactions, evolving regulations, a growing number of payment channels, customer friction, investigation challenges and strengthening privacy regimes, financial crime and fraud investigators are under pressure to make more confident and intelligence-led decisions and do so at an unprecedented pace.

Built on modernised modular technology, NetReveal addresses these challenges by working smarter and faster and supporting an intelligence-led approach:

Smarter: Profiling and detection against transactional data that commonly takes hours to process is now processed within 30 minutes (on average)

Faster: Advanced analytics with machine learning techniques improve operational performance by driving fewer false positives. Integrated Robotic Process Automation (RPA) means that routine tasks are automated, enabling investigators to focus more on high value strategic investigative work. The Real-Time Detection Engine helps institutions to keep pace with sophisticated criminals across growing digital channels

Intelligence-Led: Entity-based investigations deliver efficiency improvements of 20-30% on average by streamlining multiple detections into a single combined alert dashboard. Interactive lists also provide actionable information to adjudicate alerts effectively

BAESystems

Culmination of major investment

Rob Harrison, head of product and solutions for the financial services sector at BAE Systems Applied Intelligence, said: “This release is the culmination of major investment and engineering development of our financial crime platform and suite of solutions. We’ve focused on providing compliance and fraud teams with the latest advanced analytics, technology advancements and productivity improvements.”

Harrison added: “The latest version of NetReveal combines the best of human expertise and advanced analytics which we believe puts financial institutions in the strongest position possible to address the major market challenges of today, namely regulatory complexity and change, evolving fraud patterns, productivity and efficiency pressures and new risk management approaches.”

Julie Conroy, research director for the Aite Group’s Retail Banking practice, commented: “The use of RPA to improve financial crime operations significantly increases accuracy, reduces operational costs and enhances productivity. Given the growing data challenge, having the ability to advance investigator efficiency by reducing repetitive manual tasks, human error and, by extension, the number of false positives ultimately frees up time to focus on more strategic tasks.”

NetReveal is a single integrated platform for money laundering compliance and fraud prevention, enabling financial institutions to benefit from lower total cost of ownership across their compliance and fraud teams thanks to a single solution.

A comprehensive range of compliance and counter-fraud solutions can be deployed either individually or collectively.

Leave a comment

Filed under Risk Xtra

Linx International Group expands team with new Group marketing manager and marketing co-ordinator

Linx International Group – the global provider of security, risk management, consultancy and training services – has announced the appointment of Group marketing manager Jerry Alfandari and marketing co-ordinator Victoria Carter.

Fluent in both English and German, Alfandari has a proven track record of managing international marketing campaigns including social and digital content strategies. He’s joined by Victoria Carter, who brings expertise in social media, public relations and video production to the team.

On his appointment, Alfandari explained: “I’m excited to be part of a team that’s working with security practitioners at all levels around the world to develop and launch new courses along with innovative training methods.”

Victoria Carter and Jerry Alfandari

Victoria Carter and Jerry Alfandari

Carter added: “Training and education has always been central to my own career progression, so I’m excited to be joining a company that shares my ethos and is committed to professionalism across the security sector.”

Led by director of sales and marketing Sarah Hayward-Turton, the marketing team will promote the Linx International Group brand and the work of its companies – Tavcom Training (including the CTSP Register), PerpetuityARC Training and the Linx Consultancy.

Hayward-Turton stated: “It’s an exciting time to be part of the Linx International Group. We’re bringing new talent into the organisation, as well as nurturing and developing the skills of those that have been with us for many years.”

Alfandari and Carter are based at the Linx International Group’s Training Centre in Bishops Waltham, Hampshire.

Leave a comment

Filed under Risk Xtra

Shred-it proud to join ranks of UK’s Business Superbrands in 2019

Shred-it, the information security company, has been awarded Business Superbrand status for 2019. Shred-it’s protection solutions and services include secure document destruction, media destruction, branded goods and uniforms destruction as well as recycling services. It helps businesses to comply with legislation and ensures that customer, employee and confidential business information is protected at all times.

The Business Superbrands survey has been tracking the perception of a wide-range of business brands in the UK since 2001. This year’s research process, managed by The Centre for Brand Analysis (TCBA) in partnership with Dynata – one of the world’s leading data research companies – evaluated approximately 1,600 brands across 63 categories and involved 2,500 UK business professionals with an expert council comprising 24 senior business-to-business marketing leaders. Only the most highly-regarded brands from each category are awarded Superbrand status.

Unusually for an industry award, brands do not pay or apply to be considered. In order to provide a broad review of the market and identify the strongest brands in each category, all the key players in each sector need to be voted on. All voters were asked to judge brands against the three core factors inherent in a Superbrand, namely quality, reliability and distinction.

Shred-itBusinessSuperbrands2019

Additionally, brand perception and voting by individuals is also influenced by a range of both short and long-term factors, from the brand’s current profile to its latest marketing activities and new product and service developments, in turn affording an holistic picture of how brands are currently perceived.

Stephen Cheliotis, CEO of TCBA and chairman of Superbrands, commented: “In unsettled times, businesses that are well-regarded and possess a positive reputation benefit from competitive advantage over weaker branded rivals, providing greater immunity against short-term market volatility. Being perceived by buyers and influencers as a leading Business Superbrand is a positive business signal, while also recognition of the hard-work and dedication of the employees of each business attaining Superbrands status.”

Secure document and media destruction

Secure document and media destruction are critical in today’s data-driven environment as security compliance and risk management have become a critical part of the business landscape. This is duly reflected in a worldwide market that’s forecast to grow 8.7% to US$124 billion in 2019 (Source: Gartner Inc.). This is being driven by several factors including a greater and broader understanding of security risks and data breaches, privacy concerns and stricter regulation around data loss prevention as well as the need to view sensitive data and related systems as critical infrastructure.

ShreditTruck

Andrew Johnston, marketing and PR director (EMEA) for Shred-it, stated: “In an increasingly competitive market, Shred-it sought a clear point of differentiation to distinguish its offer. The business identified a number of key insights following research of its worldwide customer base which led to the brand’s positioning around the ‘We protect what matters’ strapline. Shred-it protects people, it protects customers, it protects brands and reputations and it protects the environment. This has enabled the brand to better focus its communications around the core idea of protection – the brand’s ‘red thread’ – which is transferable across markets, sectors and channels.”

The business has a one team, one goal motto with a customer first approach to ensure the safeguarding, understanding and management of confidential information. Shred-it’s values around excellence in service provision, depth of experience and sector knowledge, accountability and integrity, together with sustainability and continuous improvement underpin its market position.

*To learn more about Shred-it visit www.shredit.co.uk/superbrands or watch the video

Leave a comment

Filed under Risk Xtra