The Red Flag Group®

Your third-party onboarding platform

Take your anticorruption, integrity, ethics and ESG programmes to the next level

get a demo

Turn third-party onboarding into a competitive advantage

An integrated, effective and practical platform that helps you manage the key areas of your compliance programme. Make better decisions on your third parties today!

 

Manage your third parties across their entire lifecycle, including compliance risk assessments, due diligence, screening and monitoring, auditing and reporting, and offboarding.

Turn compliance into a competitive advantage
  • Leverage the power of technology and data to proactively monitor and manage business and integrity risks
  • Manage your business and third parties globally – ComplianceDesktop® is available in up to 18 languages out of the box
Automated workflows and seamless platform integration
  • Automated alerts ensure your compliance programme consistently meets critical milestones
  • Leverage your technology investments for a unified view of your compliance data – no need to re-key data or start from scratch
  • Historical compliance data about employees and third parties is accessible 24/7, all from a centralised location
The compliance insights you need on demand
  • All of your compliance data is available from one location for a holistic, integrated view
  • Gain quick insights into trends in your compliance programme to take informed actions
  • Quickly demonstrate how your compliance programme is influencing the bottom line
Comprehensive screening and due diligence
  • Continuous monitoring of sanctions, watchlists, politically exposed persons and state-owned entities provides you with the assurance of having the most recent information whenever you need it
  • Active monitoring of the changing global business climate and personalised due diligence solutions not only present key risks, but also tell you what those risks mean to your business
ComplianceDesktop® is mobile – going where you go
  • The platform is available from your mobile phone when and wherever you need it 
  • The omni-channel experience allows you to start and complete all programme tasks from a desktop application or from your mobile device – the choice is yours!

Integrate ComplianceDesktop® into your day-to-day operations. Once you’ve made the ComplianceDesktop® decision it is time to unlock the potential of the platform. Whether you need to implement just one application or the complete suite, we are committed to ensuring your entire implementation process is a success. Our application specialists work closely with you to get the platform up and running and configured to your specific business needs.

Achieve your compliance goals with ComplianceDesktop®

ComplianceDesktop® helps you see the complete picture before diving into what works for your specific programme

Influence your bottom line

ComplianceDesktop® manages all your compliance needs in one platform.

It can easily integrate with your existing technology solutions, so you continue to leverage existing investments while gaining time back in your day.

A simple and intuitive solution

Automate common compliance tasks while you proactively manage your business risks to make better decisions when selecting and onboarding partners.

Get peace of mind knowing your data is safe and secure

  • Your data remains encrypted at all times
  • We continuously perform penetration and vulnerability tests to ensure the security of your data
  • ComplianceDesktop® has the highest level of certification, ISO 27001, which means we proactively manage risks related to the security of your information

 

Start accelerating your business results today

Through business intelligence and technology, we effectively manage risks to help you accelerate your business’s performance.

Take your compliance programme to the next level

The benefits of managing an effective third-party onboarding programme

  • Reduce your internal risks

    Minimise the likelihood of harmful events and associated fines from non-compliance

  • Drive cost efficiencies

    Avoid the unnecessary costs and reputational impacts associated with engaging in harmful events with the wrong partners

  • Influence the bottom line

    Transparency promotes a culture of trust, including preferred treatment in commercial relationships

A scalable and holistic compliance platform providing the data you need to effectively manage third-parties

  • The ComplianceDesktop® solution
    provides you with an integrated compliance platform to manage your third parties throughout their complete lifecycle
  • Managed Onboarding Services
    You can outsource business partner onboarding to The Red Flag Group’s expert team. We utilise our proprietary technology platforms to run key steps in your process, including:
    • building profiles on business partners
    • sending questionnaires to gather data and evaluate risk
    • running database screens to identify integrity issues
    • communicating status updates to your business and procurement teams
  • Use our IntegraCheck® | Integrity Due Diligence Reports
    and configurable questionnaire applications to quickly identify integrity risks before they occur, so you can quickly gain a holistic view of your business ecosystem
  • Strengthen your third-party programme
    by using our IntegraWatch® | Compliance Screening solution that screens against government sanctions, watchlists and other key risk areas

Effective third-party risk management

Quickly identify

if there is a risk posed by a third-party entity that could be milestones

Accelerate the onboarding timeframe

for third parties using comprehensive, configurable questionnaires and automated alerts to ensure you never miss a milestone

Immediately be alerted

when circumstances change with a partner through ongoing monitoring using our world-class IntegraWatch® solution

We offer a multi-layered approach to protect and monitor all your information

Secure infrastructure

ComplianceDesktop® is hosted in independently audited and certified secure datacentres. All ComplianceDesktop® servers are hosted in secure SSAE SOC 2, PCI DSS, ISO 27001, ISO 27017 and ISO 27018–compliant datacentres via Amazon Web Services (AWS) in the United States or Europe.

The security measures permeate throughout the facility, including but not limited to CCTV monitoring systems, digital video recorders, man traps, biometric identification, mandatory visitor check-ins, a 24/7/365 front desk and security guards around the clock.

AWS only provides datacentre access and information to employees and contractors who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, their access is immediately revoked, even if they continue to be an employee of Amazon or AWS. All physical access to datacentres by AWS employees is logged and audited routinely.

More information is available from the
AWS Cloud Compliance website.

 

Encryption at rest and in transit

All communications with ComplianceDesktop® servers are encrypted using industry-standard HTTPS over public networks, meaning the traffic between you and ComplianceDesktop® is secure as it uses public-key cryptography to prevent eavesdropping, tampering and forgery.

All clients’ production data is stored encrypted with AES-256 – one of the strongest block ciphers available. Block-level encryption with decryption keys is handled through the AWS Key Management Service.

Application security

ComplianceDesktop® is built according to secure development best practices, with security reviews incorporated throughout the design, prototyping and deployment process. Many manual and automated security tests are conducted at milestones leading up to public release. Security vulnerabilities discovered during these tests are then reviewed for criticality and remedied prior to release. This ensures that every release is deemed fully secure out of the gate.

As part of our commitment to protecting client data, we have implemented an industry-recognised web application firewall (WAF) for all our clients’ environments. The WAF automatically identifies and protects against attacks aimed at the ComplianceDesktop® sites hosted on the platform.

 

Compliance certifications

The Red Flag Group® is certified in ISO 27001:2013, a global standard on information security controls and management best practices. Our information security management system is a structured approach that has management support all the way up to our board of directors. Adherence to the ISO 27001 standard, regular third-party audits and close attention to client input and industry trends help ensure that our security programmes keep pace with a changing security landscape and meet evolving client requirements.

Additional security controls

Privacy audit and compliance

 

The Red Flag Group® takes information security and privacy of personal data very seriously. We are committed to GDPR compliance, and to offering our clients tools and solutions to ensure that their use of our services satisfies their obligations under the GDPR. 

The Red Flag Group® also participates in the TRUSTe® privacy programme, which is designed to help businesses implement strong privacy-management practices consistent with a wide range of global regulations and industry standards.

Identity and access management

ComplianceDesktop® also supports integration with single sign-on (SSO) via SAML or Microsoft Azure Active Directory. This allows those enterprises using SSO to provide their users with seamless access to ComplianceDesktop®. It also lets system administrators manage authentication for ComplianceDesktop® and the rest of their corporate network through an SSO system.

Backup and data retention

All files and databases are fully backed up and encrypted on a daily basis, with a 14-day retention period. Backup restore testing is conducted annually.

There is no default retention on active client data. Client data is retained for as long as you remain a client.

Penetration tests and vulnerabilities scanning

ComplianceDesktop® employs third-party security firms to perform detailed penetration tests and vulnerabilities scanning on our application. Security vulnerabilities discovered during these tests are remedied prior to release.

Availability

Our goal is to keep ComplianceDesktop® highly available. Any planned maintenance that would disrupt service is announced in advance and downtime is kept to a minimum.

Disaster recovery

ComplianceDesktop®’s disaster recovery plan is updated at least annually and tested annually. 

Interested in more details about ComplianceDesktop® modules?