Draft:Atrisk

Atrisk Corporation (Atrisk)  is an ultra-private American security company headquartered in Wilmington, Delaware,  and founded by Nicolas Pendland. The company is registered as a Delaware Corp, the structure used by 66% of the Fortune 500 because of its corporate secrecy and being considered a domestic corporate haven. The company operates within the United States, United Kingdom, Middle East, Eastern Europe, and is publicly known to serve corporate and institutional clients, focusing on at-risk, enterprise employers. The company started by offering "Compliance Postings," which involved legally redeveloping and redesigning the federally-required notices of the United States Government and other regulatory agencies, including the Occupational Safety and Health Administration (OSHA), Department of Defense (DOD), Department of Justice (DOJ), Department of Labor (DOL), Equal Employment Opportunity Commission (EEOC), among others. And most recently, "Atrisk Payments," division of the company, developed the cryptocurrency payment processor known as AtriskPay, which currently only supports Bitcoin (BTC) and transacting with the company itself.

Employee safety and security
Training Materials, "Materials," within the context of ‎Employers & Institutions: Products & Motives, serve as the safety/security framework of the company. These Materials are available in multiple formats, including documents, audio files, and digital-use versions, and are designed to provide instruction on safety/security matters. The purpose is to inform and educate employees within the client organization, and their content attempts to encompass a spectrum of safety/security subjects.

The presentation of their information was designed to be "clear and accessible," intending for the information to be easily understood by a diverse audience. A frequently noted characteristic of the Materials is "adaptability," meaning they are designed to be relevant in numerous scenarios and in reaction to changing "security circumstances." This could decrease the need for content retractions or redistributions. Their topic variety attempts to address both general and specific safety/security concerns, depending on the operational danger to the employer. Their distribution is facilitated through the Platform and "situation-specific" partner content delivery networks (CDN). Individual Briefings, "Briefings," are one-on-one conversations between the Atrisk Advisor and an employee. These meetings are scheduled and conducted via the Platform, and focus on providing personal safety/security guidance. The text-based communication format is intended to encourage an "honest dialogue," so employees may express any safety/security questions to their Advisor.

This structure is also intended to allow for "open communication," and thereby the employees are encouraged to openly discuss their personal safety/security questions or concerns without "fear of judgment or misunderstanding." As reported, Advisors conduct these Briefings with the focus being "constructiveness" and based on each employee's circumstances and understanding. The Briefings incorporate real-time, two-way communication, allowing employees to receive immediate responses and answers to their questions or concerns. This interactive style is paired with Personal Analyses, which could enhance the overall usefulness of the safety/security information provided.

Scenario Blueprints, "Blueprints," are step-by-step instructional guides designed to assist employees in handling various safety/security scenarios. They offer the framework to support employees during realistic security incidents. The topic selection includes how to "recognize and respond" properly to the forms of social engineering, including phishing attacks and impersonation, in both digital and physical environments. Additionally, Blueprints provide strategies for identifying medical emergencies and outline their best practices for managing these sensitive situations.

The scope of scenarios addressed within these Blueprints is intentionally broad, with the purpose of preparing employees for critical situations they may encounter. A prominent feature is the inclusion of "transcript simulations," which attempt to replicate or recreate real-life scenarios. The transcript simulations demonstrate various social engineering techniques, including baiting, pretexting, and quid pro quo. Through understanding the transcript simulations, employees should gain practical knowledge about the tactics or methods used in the featured social engineering scenarios, which thereby should improve their ability to "recognize and respond" properly. Seemingly especially for these Blueprints, the ease of access and availability to employees is highly emphasized, they are provided as a large percentage of Training Materials. However, even though their accessibility is stressed, employers may still choose to suppress or restrict access via Access Controls.

Government collaboration
Trend Reports, "Reports," are documents that analyze "current and emerging" safety/security trends that may impact operations. They include subjects such as changing FBI crime patterns, potential political instability, and emerging crime trends and "methods," to anticipate unexpected increases in incidents. An important part of Reports is their examination of "emerging" methods and techniques, as there would especially be within the fields of social engineering and fraud.

Their purpose is to provide employers/employees with insights into any developing threats to aid them in implementing "pragmatic strategies" for preparing for and preventing incidents that could compromise their "physical or financial security," while maintaining privacy and accessibility.

Compliance Postings, "Postings," are documents that address regulatory requirements in the workplace. These include required or recommended content from the previously mentioned U.S. Government regulatory bodies, including the Occupational Safety and Health Administration (OSHA), Department of Defense (DOD), Department of Justice (DOJ), Equal Employment Opportunity Commission (EEOC), and Department of Labor (DOL), among others. The distribution and display of the information, whether "Compliance Postings" or not, is legally required.

Atrisk is responsible for accurately redeveloping and recreating Postings, ensuring they meet legal recognition standards. The recreated Postings are then categorized as "required materials" within the Training Materials browser, inside of the Platform, to provide employers/employees with "organized and efficient" access to compliance resources, offering them in various formats, including print, digital, audio, and "digital-use," to improve their ease of access and to accommodate different content consumption preferences. Postings operate by fulfilling regulatory obligations regarding required information dissemination and reinforcing other services or teachings, such as Individual Briefings or Personal Analyses, by providing third-party, standardized, and authoritative information on similar protocols. They are also included directly within the Training Materials on the Platform. Their relevance is optimized by aligning them with specific needs, such as varying state requirements. Postings thus provide a "consistent and compliant" approach for employers/employees to meet regulatory posting obligations while improving employee awareness of legally required or recommended safety/security guidelines, workers' rights, and other necessary topics.

Technical partnerships
Asterion, "Atrisk/OpenAI," is the simplified AI assistant developed by Atrisk under OpenAI, tailored for employee use. Its primary role is to offer "detailed and immediate" explanations for questions about a variety of safety/security topics. The Asterion knowledge base is a blend of the Atrisk principles from Training Materials and the data provided by OpenAI, which allows it to cover a range of topics. These topics are known to include, but are not limited to, medical emergencies, fraud prevention, phishing or impersonation, social engineering, customer-involved incidents, and threats of harm. Asterion was trained (machine learning) to generate specialized "transcript simulations" and expand on more specific safety/security questions.

The user interface was designed for simplicity and "ease of use," with an intent of allowing users to interact with Asterion without the need for "technical experience" or any "prompt engineering knowledge." It should handle "many–most" safety/security questions and topics. Asterion was also seemingly developed to support a high number of concurrent users as it does accommodate usage up to the total number of registered employees within the organization, for use in various "applications or initiatives" that an employer could, possibly upon the guidance of the Advisor, implement.

Existing Integration, "Integration," "Upload," involves the review, potential redesign, and technical incorporation of any "existing training resources" into the Platform. At the beginning of the "Integration process," employers/employees upload any resources using the file-explorer interface. These uploads can include a variety of file types, such as documents and audio formats, similar to Training Materials. The reported goal of Integration is to effectively "utilize and enhance" any preexisting training resources that the employer may already possess.

The Integration process involves evaluation of the submitted files, this evaluation examines the accuracy of the actual information, the "usability" of the resources, and their "compatibility" with the Atrisk safety/security framework. After this evaluation, there often will be the redesign phase, which focuses on standardizing and optimizing the resources to increase effectiveness. The redesign phase also attempts to retain any original messaging identified in the resources and ensuring they align with any requirements, and the before mentioned safety/security framework. After any optimizations are finished, they are then finally integrated into the Platform, and their partner Content Delivery Networks (CDN). They are organized into corresponding Training Material sections to maintain "continuity" and accessibility.

Data and analysis
Server Monitors, "Monitors," provide employers/employees with information regarding the web performance and status (uptime) of the domain (DNS) and pages of their website. This monitoring focuses on web parameters such as response time, status metrics, and downtime reports, which are important for maintaining an "optimal user experience." A primary function of the Monitors is the ability to check their website response times. This involves measuring the speed at which a website responds to user requests, which is a major indicator of server efficiency and usability. Monitoring response times helps in identifying potential performance issues early for quick fixes.

Another major component is performance and status metrics, which offers an overview of website availability and optimization, providing insights into the "operational function" of the website and its pages. Additionally, they incorporate the monitoring and reporting of any/all website downtime, detailing the error codes and durations of any periods when a website or individual page is unavailable. This information may be used by employers/employees to identify and address any internal issues that may be impacting website performance.

Personal Analyses, "Analyses," are risk-analysis reports that offer employees safety/security guidance based on their "personal circumstances." The Analyses are developed based on each employee's personal circumstances, including their job description, associated risks, and individual situations. The objective is to provide guidance that is relevant to the unique conditions of each employee. The process of creating an Analysis involves "detailed examination" of the associated risks with an employee's position within their workplace, this includes assessing threats and/or hazards related to their specific duties and responsibilities.

The risk-analysis report also offers certain guidance on mitigating these risks. Overall, their purpose is to prepare employees for both the current and anticipated workplace risks. After receiving an Analysis, employees are "often" given an opportunity for a follow-up Individual Briefing with the Advisor, which would allow the employee to ask questions directly, explain any personal factors, and further improve their understanding of the safety/security information provided in their Analysis.

Incident Tracking, "Incidents," provided by the Advisor, focuses on the documentation of safety/security incidents within the workplace via an "incident repository" which includes incident reports, Atrisk Incident Reporting Codes (AIR Codes), and other reports from third-party or internal sources. The tracking process begins when an incident is submitted by directly communicating with the Advisor. Any submitted reports should include detailed information about the incident, including a title, description, the individuals involved, witnesses, and the specific location where it occurred.

After receiving this information, the Advisor enters the incident into the logging system and determines its own "AIR Code." This code is used to identify the incident and should hasten communication between the employer, employees, and their Advisor. This service emphasizes "thorough documentation" of each incident, as the information logged includes a name for the incident, a brief title summarizing its nature, the date and location, and its "AIR Code." Additional recorded incident report details include information about the affected individuals, witnesses, and a detailed description. This "tracking system" maintains the previously mentioned "incident repository," and offers a chronological record of any and all workplace incidents. This could aid in identifying any patterns or recurring issues, and it also serves as a reference for Advisors in their consulting and analyses.

Client settings
Access Controls, "Controls," applied by the employer, are mechanisms designed to manage and regulate employee access to various sections of the Platform. This feature enables employers/employees to allocate, restrict, or customize "Clearance Levels" for employees. Each section of the Platform can be accessed via the corresponding "Clearance Level's" Personal Identification Number (PIN) and URL, depending on the settings of the employer. This access control system allows employers/employees to set different levels of access depending on the roles and responsibilities of different groups.

For example, an internally well-known and simple PIN/password may be used for sections such as "Individual Briefings," to allow all employees to have authorization, whereas more sensitive areas, like "Incident Tracking," could be limited to a higher Clearance Level only for authorized personnel, with an obscure, complex PIN/password. Employers modify these Controls for the Platform, including the URLs, PINs, and Rules to access different sections. To make changes, employers submit a "change request" to their Advisor, who then oversees the implementation of the changes and ensures they meet their minimum requirements. This clearance-based access control attempts to ensure that employees only have authorization for appropriate sections.