GET STARTED - FREE 30 DAY TRIAL
COMPLIANCE FOX
Email UsEmail UsEmail Us
(02) 8318 7988
support@compliancefox.com
754 Hunter St Newcastle, NSW Australia
HOMEPRODUCTPRICINGCONTACT

Frequently Asked Questions

Compliance Fox is a cloud-based software system built using the most modern technologies available, on the world’s leading technology platforms. Data security is of vital importance to us, as it is to our customers. Here are some Frequently Asked Questions we have encountered.

Q: What is Compliance Fox?
A: Compliance Fox is a private, cloud-based application available via a web browser. Compliance Fox enables businesses to manage and report on workforce compliance.

Q: Who is Compliance Fox for?
A: Compliance Fox is designed for high-risk or highly regulated workforces of 50 to 10,000 employees, contractors or volunteers. We work with businesses in mining, construction, logistics, aged care, education and child care and other industries. We assist these businesses to gain visibility of current and upcoming compliance gaps across their workforce. We help businesses to track any workforce requirement they deem internally to be a 'compliance level' requirement. These requirements most commonly include policies, inductions, qualifications, training records, safe work procedures, risk assessments and insurances.

Q: How does Compliance Fox work?
A: Each of our customers is provided with their own private, cloud-based application accessible at a specified URL e.g. https://xxxxx.compliancefox.com, where the 'xxxxx' represents the name of the business.

Firstly, the business decides on the types of information and requirements that they'd like to monitor across their workforce. We then assist the system administrator to add each of these requirements to the system. This is a simple process and additional requirements can be added at any stage in the future. There is also no limit to the amount of requirements that can be added to the system.  

Secondly, the business decides which 'Groups' they'd like to create. Groups act like job families, and are a way of categorising the workforce in order to assign different requirements to different groups. For example, people in the 'Fire Warden' group, can be assigned the 'Fire Warden Training' requirement.

Thirdly, people (employees, contractors, volunteers) are added to the system, and placed into one or more groups. Following our Fire Warden example, John Smith is an employee who is in the 'Fire Warden' group. John (along with any other people in the group) now has an outstanding 'Fire Warden Training' requirement on his profile. As this requirement is outstanding for John, it is deemed a 'Compliance Alert'. For John, a record can be stored on his profile against this requirement. A piece of evidence from the real world (a scanned pdf or image) can be uploaded to the record and other information can be included such as the achievement date of the training, and the date on which the training will need to be renewed (if applicable). This has now solved this particular alert for John, but the system will flag this as an alert once again as the expiry date of the record approaches. Managers can be granted permissions in the system to see some or all Groups. This allows managers to receive daily reports from Compliance Fox, listing any upcoming or outstanding compliance alerts for those people for whom they are responsible. There is much more that Compliance Fox is capable of, so be sure to book a demo.

Q: What are the cost benefits of using Compliance Fox?
A: Businesses are provided with unmatched visibility over all compliance level requirements across their workforce. The system acts as a central source of compliance data, and provides intelligent continuous reporting to all managers in the business. It is also an audit-ready accountability system, with an immutable history of all current and past compliance records. We help businesses reduce costs by reducing exposure to expensive fines and litigation for breaches of workplace law. We also help business improve productivity and reduce time lost through efficient work task allocation to suitably trained and qualified people. We also help to reduce the administrative burden placed on those staff who are responsible for managing and reporting on current and upcoming workplace compliance gaps. We actually wrote a detailed blog about this over here.

Q: Can you explain the User structure of Compliance Fox?
A: There are 3 levels of user architecture in Compliance Fox:

People: People are end-users who can log in to their own profile and update any data that the administrator has allowed them to update. Each change to a record by an end-user is placed into a pending-approval workflow and all changes must be approved by an administrator. For example, John Smith can add a new record to his Drivers Licence qualification, but an administrator will be required to approve this new record into the system.

Managers: Managers are people with permission to see and manage other people. A manager can be granted permission over one or more groups. They can see and manage the profiles of each person in the group/s for which they have permission. When appointing a manager, an administrator decides if the manager can edit profile information, or only view the profile information. Managers receive a daily report from Compliance Fox summarising all current and upcoming compliance alerts for users within their visibility. There is no limit to the amount of people who can be granted manager permissions.

Administrators: Administrators can create new people, create new groups, create new requirements, assign requirements to people or groups and grant manager permissions to people. Administrators receive a daily report from Compliance Fox summarising all current and upcoming compliance alerts for all users in the system. Typically a business will have a small number of administrators.

Q: How much does Compliance Fox cost?
A: There is a simple fee of $10 per month for up to 10 people (employees/contractors/volunteers). There is also a 30 day obligation free trial, so there is little risk to try the platform. We will help you to get value from the system within 30 days, and from there you can make a decision to proceed. Beyond 10 people, we have a $5 per person, per month cost structure, which reduces as the size of your user base grows. We are also happy to discuss custom pricing if you have specific needs, so please feel free to contact us.

Q: Can you integrate with our existing HR or Payroll system?
A: Yes, it is simple to integrate with your existing HR or Payroll system. Our integrations are usually provided free of charge. Please get in touch to discuss your needs. Currently we have integrations available for Microsoft Office 365, Microsoft Azure Active Directory, G-Suite and GMail, Atlassian Cloud, Atlassian Confluence, Zapier.

Q: Are systems in place to monitor for privacy and data breaches and notify any affected or contracted parties expeditiously if such an event occurs at your organisation?
A: Although we have never experienced a breach, we have systems in place for monitoring of privacy and data breaches, including unauthorized access and malicious penetration attempts. If such an event occurs in our organisation, we would report the breach in accordance with the Notifiable Data Breaches scheme, as set out on the Office of the Australian Information Commissioner website. In the event of a privacy or data breach, we will notify affected entities as soon as possible after the breach has been identified. As required under Australian Privacy law, we would also use the relevant form to report a notifiable data breach to the Commissioner.

Q: Do you design and/or implement controls to mitigate and contain data security risks through proper separation of duties, role-based access, and least-privileged access for all personnel within your supply chain?
A: Yes, we have created strong policies and procedures to control operations for all employees who have access to our system. To the extent that we can, we apply separation of duties, role-based access, and least privileged access for all employees. Our third-party service providers, as listed on page 14 of our Privacy Policy are all either ISO compliant (27001, 27017, 27018), or PCI compliant (where handling payments), and are never provided with system access. Only direct employees of Compliance Fox have system access to customer-level data.

Q: Does the platform support Multi-factor-Authentication?
A: Currently by default no, but we can support both email and sms two-factor authentication if you require it. Multi-factor Authentication is on our product roadmap for 2019.

Q: Please detail how change is managed in your organisation. Do you operate a documented change control process?
A: Significant changes in our organisation, where customer data is concerned, are clearly communicated via written policy or procedure updates. We have a strict set of policies and procedures that are acknowledged by and adhered to by all employees and contractors. These documents are reviewed annually by the Board of Directors, and updated versions of the documents require re-acknowledgement by all employees and contractors. We use Compliance Fox to manage this document change and acknowledgement process.

Q: Have you tested your security incident response plans in the last year? When was this done last?
A: We test our security incident responses each year. Given our core business is storing and processing important data on behalf of our customers, we have regular training for all employees on our security and privacy controls and procedures. Our procedures here are based on the “Data breach preparation and response - A guide to managing data breaches in accordance with the Privacy Act 1988 (Cth).” This regular training, along with our Privacy Policy, and our GDPR Statement (specifically for European customers), enables employees and managers to be informed and up to date with our obligations under the Privacy Act. We have procedures in place for internally reporting a suspected data breach, assessing a data breach, and reporting a Notifiable Data Breach in accordance with the Notifiable Data Breaches scheme, as set out on the Office of the Australian Information Commissioner website. We do regularly and thoroughly test our back-up and restore processes, to ensure the risk of irreversible data loss or corruption either by malicious action, human error or system failure is all but eliminated.

Q: Does data reside in Australia?
A: Yes, we have configured our Google Cloud infrastructure to be restricted to only Australian Data Centers. This ensures customer data for our Australian customers is stored and processed only on Australian soil. We can deploy, as needed, separate versions of our software to North American Data Regions and European Data Regions for customers outside of Australia.

Q: What cloud provider is the infrastructure hosted on?
A: The Google Cloud Platform. Similar to other large Cloud providers such as Amazon Web Services (AWS), Microsoft Azure, IBM Cloud. Please visit https://cloud.google.com/ for detailed information,We choose Google Cloud as they offer world-class security features, and have delivered trusted, proven security at scale both for their own products and for their Cloud customers for more than 10 years. Other benefits include best-in-class uptime, support, high-replication storage and processing elasticity.

Google Cloud is ISO certified compliant for:
ISO 27001 Managing information risks
ISO 27017 Controlling cloud-based information security
ISO 27018 Protecting personal data

Didn’t find the answer to your question?
Visit our Support Center for Help Articles and Tutorial Videos
Contact Us or send an email to support@compliancefox.com

"Compliance Fox has really streamlined and bolstered the way we manage our team and membership compliance. Thanks guys!"

Holly Stringer
Community Coordinator - DASHWORKS

Join the businesses simplifying, centralising and automating their compliance management.

BOOK A DEMO