Urenco Capenhurst, part of the Urenco Group, is a primary supplier to the global uranium enrichment industry, and employs state-of-the art centrifuge technology. It is based in north-west England
In early 2003, Urenco Capenhurst identified a need to manage the risk associated with employee misuse of IT, and wanted to set up a method of checking that individuals understood the company's computer security policy, and the consequences of non-compliance with it.
As communication equipment becomes ever more sophisticated, just asking whether people have read the company policies and procedures is not enough. In such a high-risk environment as nuclear reprocessing, it is essential that all staff and contractors are fully aware of the need to use IT equipment responsibly.
Glentruim Business Systems is a software development company. It has devised a computer-based risk analysis product called Minerva, which allows organisations to track and provide evidence of employees' understanding of a company's policies and procedures.
Consultants from Glentruim worked closely with Urenco's training and development and IT departments to identify when the company needed to test understanding of compliance issues, such as during induction and refresher courses, or when the law is changed or software is updated.
They decided on a two-stage implementation process for Minerva, which included a pilot project.
"The review session with the pilot group provided the opportunity to get reactions to the process, and enabled us to change the multiple-choice questions and parts of the policy requiring greater clarity," says Gordon Dean, personnel and training services manager at Urenco Capenhurst.
Staff read a policy and test their understanding online by answering multiple-choice questions. Although Minerva is designed with simplicity and ease-of-use in mind, it is underpinned by sophisticated programming, which provides Urenco's managers with a wealth of information. They can find out how individual questions are answered, or which departments are being slow to ensure employees understand what is expected of them.
"By quickly being able to pick up who might have difficulties with the policy, we are able to provide support, help and advice for 100% employee and contractor understanding," says Dean.<