TALK TO SALES
COMPLIANCE FOX
Email UsEmail UsEmail Us
(02) 8318 7988
support@compliancefox.com
426 King St Newcastle, NSW Australia
HOMEPRODUCTCONTACT

Frequently Asked Questions

Below is a list of questions and answers to our most-commonly encountered questions from our customers.

Can't find the answer to your question? Get in touch.

Q: What is Compliance Fox?
A: Compliance Fox is a private, cloud-based application available via a web browser. Compliance Fox enables businesses to manage and report on all aspects of workforce compliance - e.g. qualifications, inductions, policies, medicals, insurances, etc, and improve their business in a meaningful way (see below: 'what are the benefits of using Compliance Fox?').


Q: Who is Compliance Fox for?
A: Compliance Fox is designed for people who need up-to-date, audit-ready workforce compliance information. Our customers vary in size, and come from all industries. Mostly though, our customers have 10 - 1000 workers, and come from a sector that is high-risk (e.g. mining, manufacturing, construction) or highly-regulated (e.g. NDIS, certified professions).

Compliance Fox is designed to be driven by a key administrator, and used by the workers to manage their own profiles. In this way, the business can tightly manage their risks, streamline some processes, as well as building a culture of safety & compliance amongst their workforce.


Q: How does Compliance Fox work?
A: Each of our customers is provided with their own private, cloud-based application accessible at a specified URL e.g. https://xxxxx.compliancefox.com, where the 'xxxxx' represents the name of the business.

Firstly, the business decides which 'Groups' they'd like to create. Groups act like job families, and are a way of categorising the workforce in order to assign different requirements to different groups. They might be role types, regions, depots, etc.

Secondly, the business decides on the types of information, activities (e.g. Courses) and requirements that they'd like to manage and monitor across their workforce. We then assist the system administrator to add each of these requirements to the system. This is a simple process and additional requirements can be added at any stage in the future. There is also no limit to the amount of requirements that can be added to the system.  

Thirdly, we assign the activities and requirements we created in step two to the Groups we created in step one. E.g., the Fire Warden group is assigned the requirement, 'Fire Warden Training'.

Finally, people (employees, contractors, volunteers) are added to the system, and placed into one or more groups. Following our Fire Warden example, John Smith is an employee who is in the 'Fire Warden' group. John (along with any other people in the group) now has an outstanding 'Fire Warden Training' requirement on his profile. As this requirement is outstanding for John, it is deemed a 'Compliance Alert'. For John, a record can be stored on his profile against this requirement. A piece of evidence from the real world (a scanned pdf or image) can be uploaded to the record and other information can be included such as the achievement date of the training, and the date on which the training will need to be renewed (if applicable). This has now solved this particular alert for John, but the system will flag this as an alert once again as the expiry date of the record approaches. Managers can be granted permissions in the system to see some or all Groups. This allows managers to receive daily reports from Compliance Fox, listing any upcoming or outstanding compliance alerts for those people for whom they are responsible. There is much more that Compliance Fox is capable of, so be sure to book a demo.


Q: What are the benefits of using Compliance Fox?
A: As each business uses Compliance Fox in a different way, there are different benefits to be had depending on your needs. That said, our customers see one or more of the following benefits from using Compliance Fox.

1) A safer workplace - e.g. ensuring workers are trained in safe operation of a machine,
2) Efficiency gains - e.g. replacing paper and spreadsheet-based systems, bottlenecked at one person,
3) Centralised compliance information - e.g. everything related to training, safety and compliance is available in one portal,
4) Real-time visibility over their compliance requirements & upcoming requirements,
5) Confident allocation of workers - i.e. they won't be turned away from a job site due to expired tickets or inductions,
6) Building a culture of ownership over training, safety and compliance in their business,
7) Audit-readiness - i.e. having all requirements in order prior to being audited,
8) Customer confidence, and a competitive edge for winning new clients.


Q: How do I get started?
A: Get in touch with us for a free quote, and we'll be in touch within 24 hours to discuss your needs.

From there, we will scope up a bespoke Compliance Fox system that perfectly matches your requirements, train your users, communicate the coming change to your workforce, and go-live when you're ready to do so.

Typically it takes 3-6 weeks to set up a new account with all of your requirements, workers, and files-on-hand in your system, ready to successfully launch.


Q: How much does Compliance Fox cost?
A: This is a hard question to answer! Every business wants something different from their Compliance Fox account, so this is a little bit like asking, 'How much does dinner cost?'

If you're using Compliance Fox to manage daily Forms (e.g. pre-start checklists) and online training courses for 500 workers, it's going to cost more than a business of 30 workers who just need it for qualification expiry management.

One thing is for sure though, our customers get far more value from using Compliance Fox than the costs of the system - we make sure of that - and our customer testimonials are available in various places on this website.

The quickest way to get a quote for Compliance Fox is to get in touch with us, tell us about your needs, and we'll be back in touch with a quotation within 24 hours.


Q: Can you explain the User structure of Compliance Fox?
A: There are 3 levels of user architecture in Compliance Fox: Worker (e.g. a technician out in the field), Manager (a limited Administrator), and Administrator (all-powerful user of the system). More information is available below.

Worker: People are end-users who can log in to their own profile and update any data that the administrator has allowed them to update. Each change to a record by an end-user is placed into a pending-approval workflow and all changes must be approved by an administrator. For example, John Smith can add a new record to his Drivers Licence qualification, but an administrator will be required to approve this new record into the system.

Managers: Managers are people with permission to see and manage other people. A manager can be granted permission over one or more groups. They can see and manage the profiles of each person in the group/s for which they have permission. When appointing a manager, an administrator decides if the manager can edit profile information, or only view the profile information. Managers receive a daily report from Compliance Fox summarising all current and upcoming compliance alerts for users within their visibility. There is no limit to the amount of people who can be granted manager permissions.

Administrators: Administrators can create new people, create new groups, create new requirements, assign requirements to people or groups and grant manager permissions to people. Administrators receive a daily report from Compliance Fox summarising all current and upcoming compliance alerts for all users in the system. Typically a business will have a small number of administrators.


Q: Are systems in place to monitor for privacy and data breaches and notify any affected or contracted parties expeditiously if such an event occurs at your organisation?
A: Although we have never experienced a breach, we have systems in place for monitoring of privacy and data breaches, including unauthorized access and malicious penetration attempts. If such an event occurs in our organisation, we would report the breach in accordance with the Notifiable Data Breaches scheme, as set out on the Office of the Australian Information Commissioner website. In the event of a privacy or data breach, we will notify affected entities as soon as possible after the breach has been identified. As required under Australian Privacy law, we would also use the relevant form to report a notifiable data breach to the Commissioner.


Q: Do you design and/or implement controls to mitigate and contain data security risks through proper separation of duties, role-based access, and least-privileged access for all personnel within your supply chain?
A: Yes, we have created strong policies and procedures to control operations for all employees who have access to our system. To the extent that we can, we apply separation of duties, role-based access, and least privileged access for all employees. Our third-party service providers, as listed on page 14 of our Privacy Policy are all either ISO compliant (27001, 27017, 27018), or PCI compliant (where handling payments), and are never provided with system access. Only the employees of Pegasus Management (i.e. the owners of Compliance Fox) who are directly responsible for the development of the software and our customer's accounts have access to our customers' data.


Q: Does the platform support Multi-factor-Authentication?
A: Currently no, but we can support both email and sms two-factor authentication if you require it.


Q: Please detail how change is managed in your organisation. Do you operate a documented change control process?
A: Significant changes in our organisation, where customer data is concerned, are clearly communicated via written policy or procedure updates. We have a strict set of policies and procedures that are acknowledged by and adhered to by all employees and contractors. These documents are reviewed annually by the Board of Directors, and updated versions of the documents require re-acknowledgement by all employees and contractors. We use Compliance Fox to manage this document change and acknowledgement process.


Q: Have you tested your security incident response plans in the last year? When was this done last?
A: We test our security incident responses each year. Given our core business is storing and processing important data on behalf of our customers, we have regular training for all employees on our security and privacy controls and procedures. Our procedures here are based on the “Data breach preparation and response - A guide to managing data breaches in accordance with the Privacy Act 1988 (Cth).” This regular training, along with our Privacy Policy, and our GDPR Statement (specifically for European customers), enables employees and managers to be informed and up to date with our obligations under the Privacy Act. We have procedures in place for internally reporting a suspected data breach, assessing a data breach, and reporting a Notifiable Data Breach in accordance with the Notifiable Data Breaches scheme, as set out on the Office of the Australian Information Commissioner website. We do regularly and thoroughly test our back-up and restore processes, to ensure the risk of irreversible data loss or corruption either by malicious action, human error or system failure is all but eliminated.


Q: Does data reside in Australia?
A: Yes, we have configured our Google Cloud infrastructure to be restricted to only Australian Data Centers. This ensures customer data for our Australian customers is stored and processed only on Australian soil. We can deploy, as needed, separate versions of our software to North American Data Regions and European Data Regions for customers outside of Australia.


Q: What cloud provider is the infrastructure hosted on?
A: The Google Cloud Platform. Similar to other large Cloud providers such as Amazon Web Services (AWS), Microsoft Azure, IBM Cloud. Please visit https://cloud.google.com/ for detailed information.

We choose Google Cloud as they offer world-class security features, and have delivered trusted, proven security at scale both for their own products and for their Cloud customers for more than 10 years. Other benefits include best-in-class uptime, support, high-replication storage and processing elasticity.

Google Cloud is ISO certified compliant for:
ISO 27001 Managing information risks
ISO 27017 Controlling cloud-based information security
ISO 27018 Protecting personal data





Didn’t find the answer to your question?

- Visit our Support Center for Help Articles and Tutorial Videos
- Contact Us or send an email to support@compliancefox.com