Frequently Asked Questions

Got a question? 

Duty of Care refers to the moral and legal obligations of all employers to ensure staff wellbeing, security and safety, both at their workplace and during travel. Wherever their workers are located, organisations must address concerns over injury, illness, accidents, opportunistic crime and natural disasters.

Companies typically adopt a preventative approach that assesses health and security risks, while providing assistance to their staff in the event of an incident that merits a response (e.g. medical emergency, accident, geopolitical event, etc). Organisations have legal obligations to act prudently to avoid the risk of injury or exposure leading to ill-health. For example, in the UK, the Safety at Work Act 1974 and The Management of Health and Safety at Work Regulations 1999 both stipulate that employers have a general duty of care to ensure their employees do not suffer any unreasonable harm when travelling abroad.

Legal penalties for non-compliance generally take into account what reasonable steps employers could have taken to reduce any harm to its personnel.  A risk assessment is a key part of this process.

There are a high number of risk assessment, travel tracking and country risk analysis platforms in the marketplace. RiskPal is different because:

  • It’s easy to use and puts the user’s experience and expertise at its heart.
  • User participation in the risk assessment process boosts engagement;  general country information that neglects the purpose of travel is often ignored. 
  • It offers expert high-risk and health and safety advice, thus reducing the burdensome requirement to complete separate risk assessments for travel and HSE.
  • It is highly customisable in terms of set up, content and user permissions.
  • It ages well! Over time, the more feedback, templates and bespoke advice in the system, the quicker and better informed the risk assessment process becomes.

No. Although originally designed for the media and NGO sectors because of their history and familiarity with the risk assessment process, RiskPal has evolved to serve a range of clients and sectors. The ability to create your own risk assessment templates and library of sector-specific advice, means RiskPal can be adapted to any sector, from the worlds of infrastructure and IT, to energy and education.

Yes. We understand that you will want to explore RiskPal before deciding on a full licence. We offer access to a demo environment to explore RiskPal initially, and discounted three to six month trials for teams to integrate and pilot RiskPal.

To discuss our trial terms or request a demo please get in touch

Yes. We value customer feedback and collate all ideas and suggested improvements. On a case-by-case basis, we evaluate the cost-benefit analysis of new requested feature development, alongside our continual development roadmap.

Clients wishing to accelerate bespoke development for RiskPal can specifically commission projects, although in some instances they will be required to cover additional costs.

RiskPal is open to external third party API feeds. Subject to acceptance and availability of a compatible API, we can integrate external sources into RiskPal. However, no liability attaches to RiskPal regarding the information provided by third party providers.

RiskPal is not responsible for the vetting of suppliers. Any suppliers entered by clients into RiskPal are not shared externally, and are the sole responsibility of the client and its moderation process. RiskPal is not liable for the quality nor accuracy of service providers and reviews entered.

We recognise the difficulties that disruption to services can create for a business and place great value on customer care and experience. We have standard licence agreement (SLA) provisions for RiskPal service support, which cover our helpdesk and response times on logged issues.

We treat every client as unique – because they are. We work alongside our clients to ensure that RiskPal users are well onboarded and start benefiting from the system from day one. 

As a minimum, we provide on-site training with key stakeholders during the integration phase, and offer additional support during the initial months of a RiskPal licence. Additionally, our support team is on hand to assist with queries and we offer online tutorials and demo videos to assist self-learning.

System changes in any organisation always meet with resistance, and obviously, a degree of policy and managerial backing is required for quick and effective implementation. We have developed a series of support tools to facilitate this process, and believe that our user-centric model and reviews system encourage engagement with RiskPal. To incentivise usage, we can work with clients to develop a rewards scheme based on levels of participation.  

We are confident that once people try RiskPal, they will never look back.

We have put data security at the heart of RiskPal. 

Each of RiskPal’s clients has its own unique identifiers, ensuring that customer data is never shared. On top of this, our User Group controls and Department permissions settings allow clients to create internal controls on data sharing and information access. 

Clients can entirely customise user settings to match their internal administrative and management practices, ensuring user, travel and supplier data is accessible and managed on a need-to-know basis. Personal data within RiskPal is hashed and all data is encrypted in transit and at rest. All data is backed up daily, giving additional assurances regarding disaster recovery, crisis management and business continuity planning. 

Each account holder is required to access RiskPal via a unique username, password and dual factor authentication (2FA). Our development team follow OWASP best practices, and we conduct external third party penetration tests on the RiskPal application. 

RiskPal is hosted in an EU cluster of Amazon Web Services (AWS) in a multi-tenancy architecture. All personal data is hashed and stored separately, providing an additional layer of security for sensitive information. 

Information on AWS Security Measures and Compliance can be found at

Please refer to RiskPal’s privacy policy here:

We see RiskPal as part of the solution to the access of privacy-compliant risk management software.  We have invested time and effort to ensure that RiskPal balances the often competing requirements of privacy and security in a compliant and non-intrusive way, without compromising on core service and performance objectives.

RiskPal collects some personal data as part of its efforts to help companies better protect their workforce, and respond quickly in the event of an emergency.  This information also reduces the threat of unauthorised account access.

We put each individual user in control of the information they share, and each RiskPal client can customise what data they want to store, matching internal policy requirements. Authorisation to access personal information in the event of an emergency requires user consent, which is logged and can be withdrawn at any time.

Many companies are still struggling to ensure that their risk assessment process and related personal data are accessible, controlled and up-to-date. RiskPal can help companies comply with data privacy legislation and make compliance less cumbersome.

With reference to some of the principles and requirements of GDPR:

Article 12 (1): Right to be Informed (consent)

The RiskPal licence provides our primary legal basis of consent for personal data processing.

We understand that growing public awareness around data privacy can put extra pressure on companies to satisfy staff concerns, and have built RiskPal in a way to assist clients managing these evolving regulatory requirements.

We put clients in control of their messaging, with each administrator able to manage their privacy messages to users, via a bespoke content management system within RiskPal.

When special categories of data are processed, we require users to consent to the release of their information in the event of an emergency, as outlined above. In line with regulatory requirements, we make it equally easy for users to withdraw consent at a later date.  

Article 15 (1): Right to Access & Article 17: Right to Erasure

We will assist clients to provide employees with access to their information. RiskPal can react quickly to facilitate subject access and data portability requests, if approved by the client.

Client administrators control user records, and account creation and deletion. We ensure no actual user records are stored in our development cloud environments, and remove historic data through regular back-up procedures.

Article 16: Right to Rectification 

The user is entirely in control of their profile information, allowing them to amend any incorrect data about them.

Third Parties

We ensure all that all third party organisations (cloud providers, 2FA services and outsourced development contractors) subscribe to the data protection standards and regulations outlined by GDPR and the EU-US Privacy Shield.

If anything is unanswered or you have additional questions please get in touch

At RiskPal, you are in control. RiskPal has a dedicated area for emergency contact and medical records to ensure that information can be accessed quickly in the event of a serious incident. This feature is permission-based and can be disabled if clients have preferred systems to safely store and access this information. 

To provide additional levels of protection, and ensure GDPR compliance in our treatment of special categories of data:

  1. Consent: Each individual user has to provide explicit consent that their information can be accessed by designated colleagues in the event of emergency (emergency release process). Users also have the ability to withdraw consent at any time. 
  2. Authorisation and user notification: Designated staff require authorisation from a peer to access any emergency information. The subject is notified every time their information is accessed (including when and by whom) and access is granted for 72 hours. The combined hashing of personal data records and the aforementioned authorisation process ensures that no RiskPal developer, administrator or other third party can access these special categories of data at any time. 
  3. Logs: Consent and emergency release logs are recorded in our database, and retrievable if required. 
  4. Rectification: RiskPal users with emergency and medical information enabled in their profiles will receive automated reminders to ensure their personal details are current, reducing the risk that information is out of date when it matters most. 
  5. Transparency: Managers responsible for approving risk assessments have visibility over users who have not consented to allow access to their information, as it forms a vital factor in decision-making on the suitability of a staff member to travel, especially for high-risk tasks. 
  6. Containment: Special categories of data can only be accessed via the RiskPal platform, minimising the dissemination and sharing of personal information in endless email chains, which is hard to access and track when needed.

At RiskPal we treat our users as we would like to be treated ourselves. Honesty and transparency are central to our relationships. 

In the event of an emergency, we commit to notifying and working with clients with the  utmost urgency, as well as helping them comply with their obligations to inform the Information Commissioner’s Office (ICO) in the UK, the Federal Trade Commission in the US or other regulatory authorities.