Risks, policies, controls, committees, scheme of delegation

Governance & risk

Audit-ready. All the time.

Risk register, policy library with version history, and KCSIE / Cyber Essentials / ISO 27001 / GDPR control evidence — mapped to the frameworks your inspector and your insurer ask about. Stop scrambling the week before Ofsted.

Try the live demo Request a private eval See pricing

Three things FreshService can't match

Built for trusts, not retrofitted from enterprise.

Risk register that holds up to audit

Strategic, operational and compliance risks with configurable 5×5 likelihood × impact scoring, owner, mitigations, residual risk after controls, and review cadence.

KCSIE / Cyber Essentials controls, evidenced

Every KCSIE part 5 and Cyber Essentials requirement as a control with evidence, owner, status and last-reviewed date — the thing your inspector and insurer ask for, ready to show.

Keystone Intelligent Assist — ask your trust a question

A CEO asks "what risks if we take on another school?" and gets an answer grounded in your actual records, citing the specific risk band or count. Aggregated context only; names stripped before the AI provider.

Everything else included

No "coming soon" — every line below is in the product today. Tick it against your requirements spec.

Policy library — version history, sign-off chain, effective + next-review dates, version diffs, auto-flag on expiry; trust-wide acknowledgement campaigns track who has read and signed each version
Governance actions — board / committee items with owner, due date, evidence; flagged when slipped past two meetings
Committees & meetings — registry per committee (Audit / Curriculum / FGB / Resources), attendance, pre-circulated papers, decisions, minutes — searchable, retained
Scheme of delegation — role and authority levels with an approval matrix; the system enforces it so nobody quietly authorises beyond their level
Trustee self-service portal — a dedicated /me/governance dashboard with its own layout (no agent shell): meetings + board papers, governance actions assigned to the trustee, recent approved minutes, declarations and outstanding policy acknowledgements
Declarations & conflicts of interest — periodic campaigns, declaration history, register access logging, with public-page publishing where required
Skills matrix — governor skills and expertise register with gap analysis; supports recruitment and committee composition decisions
Governor inductions — new-governor checklist, assigned readings, understanding confirmation, mentor assignment
Signed board / inspection packs — one-click PDF assembly with cryptographic hash, framework evidence map and date-of-record
Public governance pages — publish policies, meeting summaries, scheme of delegation and required declarations to a public-facing site
FOI & SAR handling — request intake, response-deadline tracking, document compilation, exemption classification where applicable
Linked everywhere — risk → control → policy → action → project → meeting; click any link for the full chain
Audit log — every change, who/when/what, before & after; tamper-signed and retained 7 years
Anomaly detection — daily scan surfaces spikes, SLA elevation, compliance overdues, high-residual risks; deduped
Weekly headteacher briefing — Friday per-school digest with one recommended action
Private by construction — AI off until enabled per workspace, PII-redacted, BYO key or managed, cost-capped

See it running

Real screens from the live demo.

Click any screen to view it full size, or try it live at portal.alresfordmat.uk. Module docs on the docs site.

Risk register with likelihood x impact scoring and mitigations — Risk register — 5x5 matrix scoring, owner per risk, residual after mitigations.

Single risk detail page with mitigations, controls, review history — Risk detail — mitigations, linked controls, review history, escalation log.

Compliance frameworks list with per-framework compliance percentage — Frameworks — adopt KCSIE / Cyber Essentials / ISO 27001 and track each one's compliance posture with linked evidence.

Policy library with version history + sign-off workflow — Policy library — version history, sign-off chain, scheduled review.

Governance actions tracked from board and committee meetings — Governance actions — what was committed at the board, who owns it, evidence of completion.

Keystone Intelligent Assist answering an executive question over the trust snapshot — Keystone Intelligent Assist — ask "what risks if we take on another school?" and get a grounded answer. Aggregated counts only; names stripped before the AI provider.

Per-workspace AI settings with feature toggles and cost caps — AI settings — every feature off until you turn it on, per workspace. BYO key or managed credentials, monthly cost cap.

See Governance & risk running today.

Click around the live demo at portal.alresfordmat.uk — real product, synthetic data, no sign-up. Or get a 7-day private instance seeded with your academy structure.

Try the live demo → Request a private eval