VSAT®  : Vulnerability Self-Assessment Tool
Resilience is essential when living in a world filled with risk. Whilst there are several key characteristics of resilient organisations, number one is the ability to identify emerging threats and understand their impact on all aspects of the business, its workers and their broader community.
Security Risk Assessments

Identifying emerging threats and vulnerabilities begins with a thorough assessment of your security. Risk Assessments can often be a demanding undertaking, and can place significant pressure on businesses’ time, money and resources.

Which is why we’ve created our Vulnerability Self-Assessment Tool (VSAT® ). Designed for medium and large businesses, it provides risk professionals and Policyholders the means to easily identify their security vulnerabilities – and to tackle them head on.

Moreover, those who can demonstrate the right level of security risk management may be eligible for an attractive 7.5% discount on their Terrorism Insurance Premium.

Who is VSAT®  for?

Primarily designed for businesses whose portfolios add up to a Material/Property Damage declared value sum insured of £50m or above – not largely made up of domestic property VSAT®  is a free, simple, and easy to use risk assessment tool. It is available to all businesses, even if you do not have the declared value sum suggested. If you’re not sure whether your organisation qualifies for the discount, your insurance broker or insurer will be able to help you. VSAT®  helps organisations to identify, assess, mitigate and prevent potential risks in line with UK Government best practice advice.

So how does it work?

The VSAT®   Risk Assessment targets six fundamental security-related categories using a range of themed questions (between 10 and 35 per section) specifically created to evaluate vulnerabilities or ‘holes’ in your security plans and procedures.

Assessment categories

Our unique range of multiple choice questions uses algorithmic technology to process information. Automatic analysis of your answers enable VSAT®   to pinpoint a range of business-critical vulnerabilities and determine your risk score against best-practice, as advised by the UK Government, regulatory standards and security professionals.

What happens after the assessment?

Once completed, you will receive a bespoke detailed report and Executive Summary revealing your results using a simple Red Amber Green (RAG) rating for each category. You will also receive a range of recommendations, information and advice based on the results of your assessment. All of the information you provide, and the reports and advice we supply are completely confidential, secure, and conform to the very highest IT security standards.

Next, we’ll convert your RAG rating into a score, which could make you eligible for a Loss Mitigation Credit (LMC) that translates into a 7.5% discount on your Terrorism Insurance Premium.

Your assessment results are completely confidential and will stay that way until you decide to share them with your insurer. Once you’ve done this, they will apply your discount.

We’ll also provide access to an online dashboard where you can reassess individual question sets, and review your scores following any updated actions.  Conveniently, VSAT®   can be integrated into your organisation’s risk assessment framework which allows you to return at a later date to monitor the progress of your risk improvement strategy; and as a free-to-use tool you can utilise VSAT®   to monitor security risk management across your entire portfolio should you wish.

What if I need more help?

We want to make sure that every business has the opportunity to achieve the standard required to not only qualify for the LMC, but also to improve resilience to the threat posed by terrorism and other perils. Whatever your results, our SOLUTIONS team are on hand to advise and support you and your organisation. Upon completion of the assessment we offer an optional free call or virtual workshop where you can discuss your results and the next steps required to improve your rating.

You can access all the information regarding the risk assessment categories in our downloadable guide.

Additional information can be requested via our dedicated email address at solutions@poolre.co.uk or simply click the button below to start your self-assessment.

Download the full guide
To benefit from enhanced interactivity and see additional data we recommend you open this report using Adobe Acrobat Reader.

Download the full guide
To benefit from enhanced interactivity and see additional data we recommend you open this report using Adobe Acrobat Reader.

Best practice assessment areas

To get the most out of VSAT®  and to learn more about best practice advice, we recommend you familiarise yourself with the six assessment areas before you begin. Use your mouse to hover over the icons on the Best Practice Map to view the six Security Best Practice categories. Click any of the sub-category icons for an explanation of what they cover.

The main Guide will provide more detailed information on each category.

Begin VSAT®  

Ready to begin? The following tabs provide all the information you will need to get started. If your business has nominated you as a Company Administrator, click the Administrator tab below. If you’ve been nominated as an Assessor, click the Assessor tab.

Setting up is simple, please proceed to the LAUNCH VSAT®   button below when you are ready to begin.

COH_J012822 VSAT Info Icons

Before you get started

  • Before you start the registration process, make sure you’ve identified the sites you are going to  assess. You will find more information on the number and type of sites you need to review on the Requirements tab in this section.
  • Please have all relevant details to hand, including the details of any Assessor(s), you will need these when setting up your profile.
  • You can find more information on the six risk areas you will be assessing in the Best Practice Security Guide. The Help tab in this section also provides a user guide for the VSAT®   platform.
  • You must complete all questions in each category to receive your sub-score. The full report will only be available, with your full score once you have completed all six question sets.
  • You are able to save your position and return to questions at a later date if you are unsure of the answers, however you will not be able to receive reports until they are fully completed.

 

  • Once you have completed a question set you are able to review your ratings for this category, we recommend that you pay particular attention to any Red or Amber scores, and take appropriate actions as required.
  • Once you’ve introduced the appropriate measures to address the security risks identified, you’re then ready to reassess the relevant question set. You can also go to the Assessments page and click on the Reassess button, which will take you straight to the Red and Amber risks.
  • The reassessed question will be shown in grey until your new score has been recalculated. You can reassess one or more of the questions at any one time.
  • Once you’ve completed your reassessment(s), click on “View Updated Report”. Your overall score will be recalculated and the system will generate a new report. The original report will then be archived as a record.
  • To see an audit trail of all the reassessments conducted at each site, click on the arrow icon to the left of the site’s name.
COH_J012822 VSAT Info Icons2

Company Administrator

As the Company Administrator, you’ll need to upload the address details for a number of sites, depending on the size and type of your business. Check the Assessments Required tab to identify the number of sites that you should select, and the type of assessments that you need to complete.

You may also need to allocate the assessments to an Assessor – someone within your organisation who has the right expertise to answer the questions involved.

COH_J012822 VSAT Info Icons3

Assessor

If your Company Administrator has already registered the business, sign in as an Assessor.

You’ve been chosen by your Company Administrator to complete an online security assessment for your organisation. For more information on how to use the platform please view the User Guide

For each site you select, we’ll ask you some detailed questions on six security-related
areas, covering:

  • risk management
  • physical security
  • personnel
  • housekeeping
  • information and cyber security
  • corporate profile and specialised business processes

You can find more information on each of the six categories in our Best Practice Security Guide

Each question has a number of possible answers, so all you need to do is click on the most relevant answer. At the end of the assessment, we’ll give you an executive summary with your RAG rating, along with a full report setting out further advice and guidance.

Your Company Administrator will be able to view both the executive summary and the full report once you’ve finished the assessment.

It’s up to your organisation to decide on what action to take next, but if you need help to implement the security risk management strategies suggested in the report, you can contact VSATSupport@poolre.co.uk

COH_J012822 VSAT Info Icons4

Assessments requirements

Number of assessments needed

To qualify for an LMC, you’ll need to complete the right number of assessments and the relevant type of assessment.

During the set-up process, the Company Administrator will enter your organisation’s total number of sites and the total number of Crowded Places, and Iconic Sites/Flagship/Flagship. VSAT®   will then calculate the number and type of assessments needed:

Single site business
Multi site business
Multi site business with sites in
crowded places or Iconic sites
You’ll only need to complete one assessment. An assessment for your HQ site An assessment for your HQ site
A Single-Site assessment for each of the two largest sites (based on the total insured value) One assessment for each of the Crowded Places or Iconic/Flagship Sites
A Single-Site assessment for the rest of your sites as decided by the Company Administrator: A Single-Site assessment for the largest site by total insured value, unless included in the assessments required above
3-50 sites in total:
1 additional assessment for the business
1 additional assessment for the business
A Single-Site assessment for the rest of your sites as decided by the Company Administrator
51-100 sites in total:
3 additional assessments for the business
3-50 sites in total:
1 additional assessment for the business
101 – 200 sites in total:
5 additional assessments for the business
51-100 sites in total:
3 additional assessments for the business
201 and above:
10 additional assessments for the business
101 – 200 sites in total:
5 additional assessments for the business
201 and above:
10 additional 10 assessments for the business

Here’s how that could work in practice.

Example 1

If your business has four sites, but none of them is classed as a Crowded Place or an Iconic/Flagship Site, you’ll need to complete:

  • One assessment for the HQ site
  • Two assessments for the two largest sites (based on the total insured value)
  • One assessment for another site selected by the Company Administrator
  • Four assessments in total.

Example 2

If your business has five sites and one of those sites is a Crowded Place, and another is an Iconic/Flagship Site, you’ll need to complete the following assessments:

  • One assessment for the HQ Site
  • One assessment for the Crowded Place Site
  • One assessment for the Iconic/Flagship Site
  • One assessment for the other site chosen by the Company Administrator
  • Four assessments in total.
COH_J012822 VSAT Info Icons5

Loss Mitigation Credit (LMC)

A Loss Mitigation Credit (LMC) is the discount applied to reduce the cost of your insurance premium. To apply for an LMC, you must have met the following criteria:

Single-site business

  1. Completed the relevant assessment on your site
  2. Achieved an average risk of 35% or less
  3. All sections must have a risk of 40% or less.
  4. Notified your insurance company, broker or person dealing with your insurance that you’ve achieved the standard required. You can do this via the VSAT®   notification email feature.

Multi-site business

  1. Completed all relevant assessments on your portfolio of sites
  2. Achieved an average risk of 35% or lower across your whole portfolio
  3. Achieved a risk level of 40% or lower across all sections in all sites
  4. Notified your insurance company, broker or person dealing with your insurance that you’ve achieved the standard required. You can do this via the VSAT®   notification email feature.
COH_J012822 VSAT Info Icons6

Accessing VSAT®  

The following browsers support VSAT® . If you haven’t installed the latest software, make sure you’re protected by upgrading as soon as possible:

Windows

All versions of Microsoft’s Internet Explorer browsers above IE 11 and Microsoft Edge. If you’re using browsers like Google Chrome, Mozilla Firefox or Safari, check their “About” page to make sure you have the latest version.

Mac OS

Safari. If you’re using browsers like Google Chrome, Mozilla Firefox, check their “About” page to make sure you have the latest version.

Tablet

iOS: Download the app from the iStore
Android: Download the app from The Play Store

Information security

VSAT operates on UK-based secure servers accredited to ISO 27001, ISO 9001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC3, PCI DSS Level 1 and Cyber Essentials Plus.
All critical and sensitive data is transmitted via a Secure Socket Layer (SSL) that is subject to 256-bit encryption protocols and not held locally. All data is encrypted at rest.

COH_J012822 VSAT Info Icons7

More help and advice

For any queries about the questions in the assessment, contact your broker or insurer in the first instance. Alternatively for information or questions regarding the VSAT®  assessment please contact VSATSupport@poolre.co.uk

You may also find the information you are looking for in our VSAT®  User Guide or our Security Best Practice Guide

 

If you are still unable to resolve your problem, get in touch with our team at solutions@poolre.co.uk

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.