top of page
site-background.jpg

CiiMS Risk

CiiMS Risk is an Enterprise Risk solution providing capabilities for threat and risk identification, mitigation and monitoring as well as its groundbreaking risk forecasting capabilities. Integrated with the full CiiMS offering, it allows for seamless and all-encompassing operational management.

Background

For many years, the CiiMS solution has played a considerable role in the day-to-day operationalisation of risk mitigation activities. These risks however, defined in organisational risk registers, are typically far removed from the tactical and operational processes. They do however provide important context to the purpose of the mitigation activities. Without this context activities are performed without appreciation for their function and importance.

​

Just as it is impossible to determine acceptable financial performance, without context over the annual budget and financial target as a baseline, it is impossible to determine acceptable risk exposure, without the context of the organisations risk appetite. Introducing CiiMS Risk.

Risk Management

Risk Registers can be managed on the CiiMS platform, providing the capability to identify threats and risks that affect an organisation, business and/or process, assess their potential impact, and define the mitigation strategy and activities needed to successfully manage and mitigate its impact.

​

​Threat Risk Assessments (TRA) are conducted on configurable cycles and can be applied to multiple disciplines, whether it is Physical Security, Health and Safety or Information Security.

​

​Where applicable, Threat Levels can be tracked based on the threat actor’s Intent and Capability, providing for a comparable metric in the form of a Threat Score. These Threat Score are adjusted over time allowing for further detailed analysis to understand and interpret the dynamic threat and risk landscape.

​

​Risks are not only categorised and measured according to Probability and Severity, but also against each of the respective Potential Consequences for example, ‘Financial Loss’, ‘Operational Downtime’, and/or ‘Injuries and Fatalities’, to name a few.

​

Risk Scores per Potential Consequence can be plotted on the Industry Standard, yet configurable, Risk Matrix Chart.

​

Mitigation Activities can be developed and recorded for each Potential Consequence, together with the anticipated Residual Probability & Residual Severity.

​

Risk Appetite can be defined within the Threat Risk Assessment per Consequence, where its unit of measure can be configured to the relevant respective consequence, where ‘Financial Loss’ may be measured in US Dollar, while ‘Operational Downtime’ may be measured in Production Hours.

​

The integration of these features extends to the Incidents module found in CiiMS Intel.  In the Incidents module each ‘Actual Consequence’ and ‘Severity’ can be recorded against the event, indicated in the same measurable unit per Consequence.

Empowered with this data, the number of insights and correlations that can be measured and tracked is indispensable.  From simply tracking Residual Risk Score over time, to comparing and tracking Risk Appetite against Actual Consequences.

Risk Forecasting

The American writer Mark Twain often said: “History doesn't repeat itself, but it often rhymes”.

​

Online Intelligence has witnessed many initiatives over the years, that aim to track the patterns and recurrence of specific incident types.  Most of which yielded limited success due to the narrow perspective with which history was considered.

 

CiiMS 7 introduces an entirely new way to approach event forecasting by widening the view with which we consider correlation events.

​

Through the development of an extremely configurable and dynamic rules engine, CiiMS 7 allows business and organisations to define the scenarios that contribute to elevated risk.  It furthermore generates actionable tasks once elevated levels have been reached.

 

The process in operationalising the Risk Forecasting capability starts by identifying a focus area or Risk Event.  Focusing on the preceding events that have been found to be potential contributors in the past, scenarios are developed and weighted accordingly.

 

CiiMS modules that are compatible with these scenarios include Occurrences, Checklist Responses, Incidents, Information Reports as well as Residual Risks Scores made available by the new CiiMS Risk Module.

 

Once risk forecasting scenarios have been configured, both historic and new events are periodically evaluated to determine whether it fits the criteria of any scenario, considering the details of the event as well as the spatial temporal considerations. These are referred to as Impact Events.

 

CiiMS 7’s Forecasting capability then consolidates all Impact Events up to a Scenario Risk Score, and further consolidates all Scenario Risk Scores up to the Risk Event Score and Level.  This means that every relevant facility, will have a Risk Event Level associated to it, calculated by continuously considering all data and inputs received.

 

As the calculated Risk Event Level elevates past a threshold, an actionable event is generated to call attention to the specific facility.  This event will highlight the elevated risk level, and provide necessary context, chronologically detailing each historic event in context to its impact on the facility, leading up to the alert.

 

CiiMS Risk allows for informed decision making, while every action taken can be recorded within the event’s workflow, even if it means that the risk has been accepted.

CiiMS Risk Highlights

  • Comprehensive Risk Management

  • Configurable Threat Risk Assessments (TRA)

  • Monitoring and Assessing of the Threat Landscape

  • Tracking of Potential vs Actual Consequences

  • Dynamic Client Specific Risk Forecasting

  • Risk Mitigation and Response

bottom of page