Keying in to IT security

Urenco Capenhurst, part of the Urenco Group, is a primary supplier to the global uranium enrichment industry, and employs state-of-the art centrifuge technology. It is based in north-west England

The aim
In early 2003, Urenco Capenhurst identified a need to manage the risk associated with employee misuse of IT, and wanted to set up a method of checking that individuals understood the company’s computer security policy, and the consequences of non-compliance with it.

As communication equipment becomes ever more sophisticated, just asking whether people have read the company policies and procedures is not enough. In such a high-risk environment as nuclear reprocessing, it is essential that all staff and contractors are fully aware of the need to use IT equipment responsibly.

System supplier
Glentruim Business Systems is a software development company. It has devised a computer-based risk analysis product called Minerva, which allows organisations to track and provide evidence of employees’ understanding of a company’s policies and procedures.

The approach
Consultants from Glentruim worked closely with Urenco’s training and development and IT departments to identify when the company needed to test understanding of compliance issues, such as during induction and refresher courses, or when the law is changed or software is updated.

They decided on a two-stage implementation process for Minerva, which included a pilot project.

“The review session with the pilot group provided the opportunity to get reactions to the process, and enabled us to change the multiple-choice questions and parts of the policy requiring greater clarity,” says Gordon Dean, personnel and training services manager at Urenco Capenhurst.

The solution
Staff read a policy and test their understanding online by answering multiple-choice questions. Although Minerva is designed with simplicity and ease-of-use in mind, it is underpinned by sophisticated programming, which provides Urenco’s managers with a wealth of information. They can find out how individual questions are answered, or which departments are being slow to ensure employees understand what is expected of them.

“By quickly being able to pick up who might have difficulties with the policy, we are able to provide support, help and advice for 100% employee and contractor understanding,” says Dean.

Minerva flags up when an individual needs a refresher course. If the content of the policy changes, the system enables everyone to retest with the minimum of disruption.

The bottom line
In the months following the pilot project, Minerva was rolled out to all 520 staff and contractors so that they could test their understanding of the computer security policy.

“All delegates completed their responses on the Minerva system,” says Geoff Owens, IT manager at Urenco. “After a brief question and answer session, they signed a training record which gave me [conformation] that they now understand the company procedure on the use of computers.”

Problem corner

 “We’re toying with the idea of upgrad-ing our HR application, but have some concerns about how much time, resource and money it is going to take to get it working in the way we want.”

It is not uncommon for companies to spend up to five times or more of the cost of their software license on all the consulting and implementation services that come with it. That pretty much dwarfs any discounts you might have received by negotiating on the package price.

Over the past few years the enterprise software players have kicked off numerous initiatives to cut the cost of implementing HR applications, particularly for the mid-market, where companies need to get their systems up and running quickly. Some of their effort has been spent persuading companies to do less customisation, encouraging them to fit their working methods to suit the software rather than vice-versa.

Increasingly, they are also focusing on making the configuration and deployment processes easier.

Oracle, for example, recently released an HRMS Configuration Workbench. Although some of the content and functionality is still being fleshed out, it combines tools and templates to walk users through a roll-out, focusing on your business rather than the software. Combined with techniques to speed up data conversion, transfer and testing, the company believes some users will be able to roll out systems in days, or even hours for very basic deployments.

This is a major area of focus across the HR sector. If you are looking to upgrade, it is worth asking your suppliers how they tackle the problem.

Keith Rodgers, co-founder of Webster Buchanan Research

Webster Buchanan Research specialises in IT and human capital management.

Data mine: European employment and industrial relations


Claims to be the bridge between employers and lawmakers in Brussels and Whitehall. Useful background on Information & Consultation and European Works Councils.

European Industrial Relations Observatory Online

Online monitor of European industrial relations offering news and analysis. Search its database, which contains more than 6,000 records going back to 1997 – browse by country, sector or date.

European Economic and Social Committee (EESC)

EU-level consultative body whose membership is drawn from representatives from Europe’s employers’ organisations, trade unions, farmers, consumer groups, professional associations – and more. Find out how it is representing us here.

Union of Industrial and Employers’ Confederation of Europe (UNICE)

Tune into the ‘Voice of Business in Europe’, where you are greeted by a news ticker-tape running along the screen. Download speeches and read the latest news on European business issues.

Gadget of the month DESlock+

What is it?

A device that allows you to encrypt sensitive data on your computer. DESlock+ looks like a cross between a keyring and a USB cable. You load the DESlock+ software onto your machine and plug the key into one of your USB ports. The software then allows you to choose which files and folders you want to encrypt.

What will it let me do?

As soon as you remove DESlock+, the files and folders you have selected are rendered unreadable – you can even hide them from view altogether. The key can also be used to encrypt Microsoft Outlook e-mails and Lotus Notes attachments. Just bear in mind that the recipient will need a key to decode them. And make sure you back up religiously since if you lose the key, you cannot decode your own data (two keys are provided with the single user package).

How much does it cost? 

Just under £118 (including VAT), which includes two keys.

Where can I find out more?

At, where you can also buy DESlock+, and find out about a new software-only encryption product which is coming out soon.

New products

Saville Consulting, recently launched by Professor Peter Saville, creator of the Occupational Psychology Questionnaire (OPQ) assessment tool, is conducting a research project to validate its new Alpha suite of products. It is seeking participants for international trials of more than 10,000 people in more than 25 countries. Respondents receive a free assessment report.

E-learning provider SkillSoft has opened up its online mentoring services to more organisations by extending it to third-party learning management systems. Its specialised team holds more than 1,000 certifications and accreditations. Organisations typically use the service to support project managers, programmers, system engineers, system administrators, database administrators and web designers through job-related examinations.

Qudos System 3 is a one-stop compliance and risk management software product. It provides organisations with instant and accurate electronic document distribution, so that everyone has access to the latest version of policies, procedures and other important documents. Customer surveys, minutes, risk assessments, audits and action plans can all be integrated.

Comments are closed.