4. Company Overview – A Brief History
The name NuOpus comes from the Latin word “opus” which means
“work”. An opus is also a musical work. NuOpus simply means new work
and was chosen because of its artistic undertones.
NuOpus LLC was founded in 2008 by Laney Dale with the intent to form
a small socially and environmentally focused software company that
produced high quality tools for businesses.
Laney Dale had previously formed the software company NewGenTek
that was sold in 2006. In June 2008, the rights to the software produced
by NewGenTek reverted back to Laney Dale as the initial contract was
nullified.
During that period, Laney was searching for his next venture and
encouraged by other software entrepreneurs, he decided to get back into
the software business.
5. Company Overview - Ideals
NuOpus is dedicated to being a company that does the right thing both in
business and our community. In 2007 founder Laney Dale moved from Los
Angeles to Chapel Hill North Carolina. Laney was struck by the sense of
community and focus on making the world a better place that was pervasive in the
community. Ideals such as buying locally and producing green business reshaped
his personal and business views.
NuOpus is focused on bettering the local and global communities. NuOpus
supports local businesses and people. Because of the economic downturn and
sudden job losses, NuOpus has offered free certification exams and training to
area residents. NuOpus is active in many charities including providing meals to
the homeless.
NuOpus is a green company. Reducing our footprint on the earth is important.
NuOpus are almost completely paperless and utilize a virtual office environment
to reduce energy usage. Additionally, the benefit of working from home allows
staff to enjoy a better work life balance.
6. Company Overview - Organizational
Structure
We are primarily a flat organization. Currently we are a small
company of only seven. While Founder Laney Dale is
technically the boss, he prefers to think of himself as the cup
washer.
“I met Bob Young of Red Hat and LuLu once and he
described himself as the head cup washer. He said that his
job was to support the staff that worked for him, and he could
best do this by making sure they had what they need. That
struck me and I instantly changed my view of my role” said
Laney Dale.
We like to think of ourselves like a hive where everyone has a
job to do and we all work to improve the hive as a whole.
7. Simple Compliance Manager Overview
What is Simple Compliance Manager?
History of Simple Compliance Manager
In depth
User roles
The Workspace
Creating a review
Managing multiple regulations
Supporting documents
The Dashboard
8. Simple Compliance Manager Overview
What is Simple Compliance Manager?
Simple Compliance Manager is a compliance
management tool designed by auditors for auditors.
SCM is provided as a SAAS solution and is the
simplest to use tool of its kind on the market.
9. Simple Compliance Manager Overview What
is Simple Compliance Manager?
There are several GRC packages on the market. Most are
designed from the viewpoint of the person managing a
large governance project. Because of this these tools
tend to have great reporting for executives, but are
tedious and difficult to use.
We took the approach that the tool should help and not
hinder the in the trenches worker and still provide
executives with the data they need to make decisions.
This lead us to start by designing the work paper which
is the where most of the work is done and the rest grew
from that.
10. Simple Compliance Manager Overview
History of Simple Compliance Manage
SCM began as a tool used internally to manage multiple
documents for a very large Sarbanes-Oxley review. Initially the
application had only three pages and allowed auditors to work and
the manager to see what passed and failed. Over the next six
months many features were added and clients who saw the product
asked to buy it. Laney Dale formed NewGenTek and began selling
the RCS system.
Initially small CPA firms were targeted and many firms like the
easy to use interface. The initial development was all windows
based and when the product was redesigned by NuOpus a decision
was made to move to all open source products. At this time many
of the pure GRC features were removed and a focus on the process
of creating and managing reviews was initiated.
11. Simple Compliance Manager Overview
In depth
SCM is a SAAS solution built on LAMP technologies
specifically:
• Red Hat Linux Fedora 8
• Apache 2
• MySQL 5
• PHP 5
We chose an open source solution for several
reasons including our fondness for open source
and the fact that it would allow us to reduce costs
and meet the needs of smaller markets.
12. Simple Compliance Manager Overview
In depth - User roles
SCM provides access to data based on user roles. The
following user roles are available:
• Administrator
• Reviewer
• Control Owner
• Executive Owner
• External Reviewer
13. Simple Compliance Manager Overview
In depth - User roles
Administrators have full system access. This role is.
designed for users that need to administer the system.
Reviewers are the standard user. Reviewers can create reviews and complete
tasks.
Control Owners are users that are defined in a review as a control owner. Control
owners can assign tasks and manage the control itself in a review. Only the
control owner can update control information such as:
• Risk level
• XCIDs
• Control description
• etc.
The Executive Owner is and optional role at the review level. The Executive
Owner can see reviews he owns and must approve the closing of the review and
provide sign off.
The External Reviewer is a read only role that can be assigned at the work paper
level and is used to provide access to data for external auditors.
14. Simple Compliance Manager Overview
In depth - The Workspace
When users log in they are presented with a
workspace. The workspace provides details about
tasks that need to be completed. The workspace is
dynamic and data shown depends on the users
access role.
15. Simple Compliance Manager Overview
In depth - The Workspace
In addition to the main workspace, reviewers are
presented with a second workspace focused on
completing tasks and work paper management.
This workspace allows the reviewer to move between
work tasks more easily.
16. Simple Compliance Manager Overview
In depth – Creating a review
There are several ways to create a review:
• Create a Quick Review
• Create a review from a previous review
• Create a review from a list of all controls
Ideally users create quick reviews for all regular reviews to simplify the
process.
Quick Reviews
Quick reviews are preset reviews. SCM comes with several quick reviews
that cover common reviews such as:
• General Information Security Review
• SAP ITGC Review
• Etc.
17. Simple Compliance Manager Overview
In depth – Creating a review
Creating a review from a previous review copies all
controls, work papers, and settings from a review that had
been completed in the past. This allows the user to quickly
create recurring reviews and save time. To further save time
control descriptions are inserted as well. No testing
information is inserted.
When one off or other reviews are necessary, a review can be
created by choosing controls from the entire control list.
18. Simple Compliance Manager Overview
In depth – Managing multiple regulations
One o f the most daunting tasks for organizations that have to comply with multiple regulations is
reducing the amount of work they do and tracking compliance across the multiple regulations.
SCM has several tools to solve these problems.
Every control is assigned a Master Control ID(MCID). In addition, users can assign Cross
Reference Control IDs (XCID) to the same control. XCIDS are tied to a specific compliance effort
to build compliance maps.
These XCIDs are used by the compliance correlation engine to minimize work. This is
accomplished in several ways. First, when a new review is initiated any controls that have been
tested and passed in any review within a preset period will be flagged. The administrator can view
the previous work paper and if appropriate can use that work paper for the review being created.
The second efficiency occurs in reporting. SCM provides reports that list controls and which
regulations they apply to as well. Specifically SCM uses this to identify areas with the greatest
cross over to allow managers to focus on key areas.
19. Simple Compliance Manager Overview
In depth - Supporting documents
SCM supports attaching documents or evidence to work
papers. In addition to attaching new evidence to a work
paper, SCM also supports attaching previously used
documents.
When adding evidence, a list of all evidence previously
associated with that MCID and the date it was attached
is presented. This is useful for documents such as
policies that do not change often. Additionally it allows
testers to review previous evidence to detect changes.
20. Simple Compliance Manager Overview
In depth - The dashboard
The dashboard is designed for managers to quickly see what their
compliance environment looks like and drill into data down to the
lowest level if necessary.
Users are presented with information that shows:
•
•How many controls(MCIDS) are used
• How many MCIDs are currently being reviewed
•The overall historical percentages of passes and failures
•Links to Site reports and Remediation
21. Market Positioning
Assessment of business issues
Product Category
Competitive position
Target markets
Go-to-market strategy
Points of differentiation
22. Market Positioning - Assessment of business
issues
Many small and medium size businesses could
benefit from a tool that would manage their
compliance efforts, but cannot afford the larger tools
or just do not need most of the features available.
Additionally, organizations that must comply with
multiple regulations and standards end up
duplicating work and would benefit from a toll that
could correlate compliance efforts and reduce work.
23. Market Positioning -Product category
Simple Compliance Manager is a Compliance
management tool designed by auditors and security
professionals for auditors and security professionals.
Simple Compliance Manager falls into the same
category as other GRC tools, but is designed for the
in the trenches worker as opposed to management.
While the “Compliance Correlation” engine
simplifies the management of compliance efforts,
the tool focuses on the review level as opposed to the
governance level.
24. Market Positioning - Competitive position
Simple Compliance Manager is positioned as the simpler,
faster compliance tool. SCM comes with a very extensive
control and test catalog and when combined with the easiest
to set up reviews, it makes the tool the simplest and fastest
tool to use on the market. Users can create a new review in
under 30 seconds and begin testing immediately. The built-in
reviews and detailed testing plans allow inexperienced staff
members to competently perform reviews.
We are constantly asking people what they like and do not
like about both our tool and our competitors. The one thing
we noted about our competitors was that users said that
creating a review was cumbersome. This lead us to
developing methods for creating quick reviews.
25. Market Positioning - Target markets
Simple Compliance Manager target small to
midsized organizations, ideally organizations with
smaller or non-existent audit groups. Our pricing
reflects these markets as well. Our customers are
going to be less concerned with overall governance
of large compliance programs and more concerned
with the actual work of compliance. We have several
small CPA firms that use our product and find that it
saves them a tremendous amount of time and
simplifies the management of many different
reviews or audits simultaneously.
26. Market Positioning - Go-to-market strategy
We rely on a direct sales strategy for Simple
Compliance Manager. We use a combination of
advertising via online resources and direct sales calls
to drive interest. When a customer is interested
they can come to the website, setup a trial and then
begin using the product.
27. Market Positioning - Points of differentiation
Simple Compliance Manager differentiates itself from the competitions in
several ways. The first being its ease of use. SCM is designed form the
ground up to be very simple to use. Typically only about ten minutes of
training is required for users.
Pricing is another differentiator. Our flat pricing model makes the tool
accessible to every organization.
SCM is built on a proprietary “compliance correlation” engine. This allows
us to reduce duplicate work. If a control or test applies to multiple
regulation. SCM will alert users to the possible duplicate work and allow
them to import the previous test results rather that reproduce the testing.
Additionally, a controls history can be presented and reported on to
identify recurring weak points and reduce failure rates.
Another unique tool to SCM are the support pages. Support pages are
attached to individual tests and can display any data the user would like.
In some cases, the support pages can be used to automate testing and
data gathering for items such as user lists and system configurations.
30. Strategic Intent - The future of NuOpus
Over the next three years we plan to focus on our
current product offerings. As a company we will
focus on expanding our non-business ventures and
charity work. Our focus is on building a company
that we are proud to be a part of and a place we look
forward to going to.
32. Strategic Intent - Future growth
Our goal is to remain a small organization because
we feel that keeping it small will allow us to
maintain our culture. We will grow when necessary
but plan to never grow beyond thirty employees. We
will grow the business organically when necessary
and leverage strategic partnerships and channel
sales for many of our products. FedComp, our
Medicare compliance tool will rely primarily on
channel sales for instance.
33. Strategic Intent - Investment strategy
NuOpus has two primary investments. Our people
and our community. We invest in our employees by
encouraging w better work life balance and
providing profit sharing opportunities.
We invest in our community through charity work
and being involved in and utilize the local
businesses.