How Secure Is Your Risk And Compliance Software?

22 February 2018

Choosing your risk and compliance management software system can be overwhelming. But whilst considering whether your software meets the mark in terms of usability and delivers the reports and data you need efficiently, cybersecurity should be at the top of your checklist. 


According to the latest Cyber Security Breaches Survey 2019, around 32% of UK businesses have reported having experienced cybersecurity breaches during the past 12 months. 


Cybersecurity breaches are becoming an ever-growing issue for businesses, with hacks and data leaks often published in the media. Non-software companies developing software designed to hold sensitive data may be operating without sufficient security in place leaving data unprotected and vulnerable to loss. It is imperative when choosing your risk and compliance software that you check that your software has been vetted and meets security tested standard requirements. You may also want to consider using a compliance system that is built by your provider rather than built and developed by a third party supplier, which may put your data at further risk of breaches.

One way to ensure your software meets your security requirements is to check if the software has Cyber Essentials certification.


Who are the Cyber Essentials?


Cyber Essentials is a government-backed and industry-supported scheme, developed with the Information Assurance for Small and Medium Enterprises (IASME) consortium and the Information Security Forum (ISF). Launched in 2014, Cyber Essentials is designed to help organisations protect themselves and their clients from common online threats through a set of basic technical controls. They have issued over 30,000 certificates of which, to-date, none of the certified systems have experienced a significant cybersecurity breach or data loss. 

Software bearing the Cyber Essentials certification demonstrates an organisation’s commitment to cybersecurity and acts as a reassurance measure for companies procuring the software.


What does the certification mean?


There are two levels of certification available:

  • Cyber Essentials Certificate
  • Cyber Essentials Plus Certificate

The Cyber Essentials Certification is a light-weight self-assessment whereby an organisation must complete a simple 3 step process set out by Cyber Essentials. 

  1. Certification Body selection - select an appropriate Certification Body from the 5 Accreditations bodies provided by Cyber Essentials Plus
  2. Verify your systems and software’s security capabilities - all software and IT systems must meet Cyber Essentials’ security and infrastructure requirements and provide any required evidence
  3. Complete self-assessment questionnaire provided by the chosen Certification Body

Software with Cyber Essential Plus Certification has undergone testing and verification from independent cybersecurity Certification Body who have conducted penetration testing to ensure the software performs and resists viruses, malware, and hacking. 

At Lucion, we are committed to delivering a trusted, holistic risk, and compliance management service. This includes our award-winning risk and compliance management software NexGen, which has achieved Cyber Security Plus Certification after being subjected to an in-depth security and IT infrastructure systems audit. 


What is NexGen?


NexGen is our compliance management software, built on the web, for the web, provided free to all of our clients. The system is designed to keep our clients up to date with current compliance standards and the hazardous risks within their property portfolio. Unlike most database-driven compliance systems, NexGen differentiates from other compliance software products on the market by being hosted online meaning that our clients can track the ongoing risks, access data, reports, and photographs and mapping which are collected digitally by our on site teams, all in real-time. What’s more is that updates are conducted by our in house NexGen developer team, meaning you don’t have to conduct updates yourself and experience 0 hours downtime.

When you use NexGen to manage your assets, you gain access to numerous beneficial features such as accurate, time-stamped activity logs, transparent invoicing, real-time data availability, access controls (meaning you can choose to grant access to other contractors or relevant stakeholders), Work In Progress oversight as well as easy import and export of data from/to other systems.

We appreciate that changing systems can feel like a hassle. So, whether you use our compliance management system or use your own and procure other risk management services from us, all of your data is stored on our systems for free and can be accessed at any time you need it. Think of it as a free back up!

All of your data entered into NexGen will be held on Amazon AWS servers, which provide ISO 27001 accredited security, encryption, and backup protection, as well as Cyber Essential Plus Certification.

Each of your reports produced in NexGen is a ‘working document’ that can be updated as required. When new data is recorded (e.g. during a re-inspection survey), a new report will be issued and the history report will be archived on the system (not deleted). Analytical reports are also a working document, showing the site before contractor set up, during works and after, along with comprehensive analyst's notes and on-site diary of all activity, with photographic evidence.

NexGen can be accessed on any device with a web browser (computer, laptop, smartphones etc.). Any individual who needs to access information within your portal will be invited to register and will simply need to create their own secure password to correspond with their username. Our software team can review your specific IT and firewall settings during mobilisation and ensure there are no issues preventing access.


Award-winning Software


Our NexGen compliance software won The Partnership and Collaboration of the Year Award 2019 in conjunction with our client, Hull City Council. This award demonstrates our holistic risk management services offering, including our compliance management software NexGen, as a market-leading, reliable solution in the risk management market.

With over 15,000 current active users, NexGen is designed to be user friendly, with minimal training required to navigate the system. We provide user guides, tutorial videos and training/demonstration sessions (typically 1-2 hours) free of charge during contract mobilisation. NexGen has been developed in-house, so any issues or assistance you require can be dealt with efficiently by our software developers, the NexGents.


Our Mission


Providing the means to protect is at the forefront of what we do as an organisation. We are a collaborative group of individuals dedicated to protecting people from exposure to hazardous substances. We are on a mission; to make the world a safer place to live

Through developing NexGen, we offer a holistic approach to managing and mitigating occupational exposure, health and hygiene risks, helping both our clients, and ourselves, to achieve our mission.


Further Information


Cyber Security Breaches Survey 2019 -

Cyber Essentials -

The Partnership and Collaboration Award 2019:

Lucion Services - Our Mission:



Why The UK Needs Tighter Asbestos Controls

The white paper has been designed to provide important information to those who work in schools, in particular those who are responsible for the maintenance of the property and teachers. Our white paper outlines why the UK ought to adopt measures in force in other European nations, who already share the same overriding EU legislation Directive 2009/148/EC on the protection of workers from the risks related to exposure to asbestos.

Download From NexGen

Asbestos Management Plan: 12 Step Checklist

Struggling to get started with your Asbestos Management Plan? Download our free 12 step AMP Checklist Guide and take the first step to safeguard your teams, contractors, and reputation.

Download From NexGen

Tool Box Talk: Asbestos Awareness

As part of Lucion’s Take Care Be Aware initiative, we actively take care of our health and safety responsibilities, with continuous awareness of our commitments to knowledge share and educate.

In doing so we have created a ‘toolbox talk’ on asbestos awareness to raise awareness of the hazards associated with asbestos-containing materials, enabling safety professionals to share knowledge and overall save the time and effort in producing them for you and your teams.

Download From NexGen