Difference between revisions of "Part 2: RAR - Treatment and Control v2"
Jump to navigation
Jump to search
| (47 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| − | + | {{Button Back BCM RAR}} {{Template:Planning Methodology RAR}} | |
| + | = <span style="color:#0000FF">'''RAR 2-1: Risk Treatment and Evaluation of Existing Controls''' = | ||
| − | + | '''''Note that the text in '''italics''' serves as supporting instructions for participants attending and attempting BCM Institute's Blended Learning assignment''''' | |
| − | + | After identifying the list of threats faced by the organisation in the previous section, participants will then proceed to the Risk Treatment and Control section | |
| − | + | ='''Threat''' (Col 2)= | |
| − | + | [[Image:RAR TreatmentControl 2.0.jpg|thumb|800px|right|Treatment and Control|RAR 2-1: Risk Treatment and Evaluation of Existing Controls]] | |
| − | '''[[ | + | The name of each threat identified in [[Part 1: RAR - List of Threats v2|List of Threats]]. |
| − | ** | + | {{Template:BL-BCM-5Banner}} |
| − | + | * Organisation BCM Coordinators are to ensure that all threats that have been highlighted in the previous section are represented here under the threat column. | |
| − | ** | + | |
| − | *''' | + | = '''Existing Risk Treatment''' (Col 3 to 6) = |
| − | ** | + | Existing [[Risk Treatment]] refers to the mitigating measures '''already''' put into place by the organization to handle recognized threats. 4 risk treatments are available to address the majority of the risks posed by threats |
| − | + | * [[Risk Avoidance]] | |
| − | ** | + | * [[Risk Reduction]] |
| + | * [[Risk Transference]] | ||
| + | * [[Risk Acceptance]] | ||
| + | |||
| + | |||
| + | ''Read more explanatory notes for [https://blog.bcm-institute.org/bcm-planning-methodology/assessing-your-risk-treating-your-risk Risk Treatment]. Note that the assignment of Risk Treatment is based on the overall risk appetite of the organisation’s top management, which may vary from a different organisation.'' | ||
| + | |||
| + | = '''Existing Controls''' (Col 7) = | ||
| + | ''These are the controls currently implemented for the organization to mitigate the risk posed by the threat.'' | ||
| + | |||
| + | * [[Control|Controls]] are instruments or practices that are used to manage risk. All controls fall within one of the above 4 treatment options and serve as an elaboration of the existing risk treatments. | ||
| + | * Existing Controls are "Controls" that are already implemented within your organization to manage the identified risk. | ||
| + | ** For example, if the fire is a threat, existing controls could include fire extinguishers, fire wardens, and an evacuation plan. | ||
| + | |||
| + | = '''Additional (Planned) Controls''' (Col 8) = | ||
| + | {{Button Back BCM RAR}} | ||
| + | *Additional "Planned" Controls are Controls that will be identified within the questionnaire. | ||
| + | ** In the example of fire again, an additional control could include setting up an alternate assembly area to congregate in the event of wet weather | ||
| + | |||
| + | = <span style="color:#0000FF">'''Instruction to BL-B-3/5 M2 Participant''' = | ||
| + | |||
| + | * Select at least two (2) threats from RAR 1-1 List of Threats. | ||
| + | * Complete every entry for all the columns for the two threats. | ||
| + | * Remember to highlight the existing control if you have selected and inserted "Y" in one of the four "Risk Treatment" entries. | ||
| + | * It is alright to have more than one risk treatment for each selected threat | ||
| + | * Do remember to propose "Additional (Planned) Controls" that you may want to recommend to your organisation. | ||
| + | <br><br><br> | ||
| + | {{Template:BLCoursesBanner}} | ||
Revision as of 08:22, 2 January 2022
Contents
RAR 2-1: Risk Treatment and Evaluation of Existing Controls
Note that the text in italics serves as supporting instructions for participants attending and attempting BCM Institute's Blended Learning assignment
After identifying the list of threats faced by the organisation in the previous section, participants will then proceed to the Risk Treatment and Control section
Threat (Col 2)
The name of each threat identified in List of Threats.
- Organisation BCM Coordinators are to ensure that all threats that have been highlighted in the previous section are represented here under the threat column.
Existing Risk Treatment (Col 3 to 6)
Existing Risk Treatment refers to the mitigating measures already put into place by the organization to handle recognized threats. 4 risk treatments are available to address the majority of the risks posed by threats
Read more explanatory notes for Risk Treatment. Note that the assignment of Risk Treatment is based on the overall risk appetite of the organisation’s top management, which may vary from a different organisation.
Existing Controls (Col 7)
These are the controls currently implemented for the organization to mitigate the risk posed by the threat.
- Controls are instruments or practices that are used to manage risk. All controls fall within one of the above 4 treatment options and serve as an elaboration of the existing risk treatments.
- Existing Controls are "Controls" that are already implemented within your organization to manage the identified risk.
- For example, if the fire is a threat, existing controls could include fire extinguishers, fire wardens, and an evacuation plan.
Additional (Planned) Controls (Col 8)
- Additional "Planned" Controls are Controls that will be identified within the questionnaire.
- In the example of fire again, an additional control could include setting up an alternate assembly area to congregate in the event of wet weather
Instruction to BL-B-3/5 M2 Participant
- Select at least two (2) threats from RAR 1-1 List of Threats.
- Complete every entry for all the columns for the two threats.
- Remember to highlight the existing control if you have selected and inserted "Y" in one of the four "Risk Treatment" entries.
- It is alright to have more than one risk treatment for each selected threat
- Do remember to propose "Additional (Planned) Controls" that you may want to recommend to your organisation.
