Risk Management & Contingency Plan
1. SCOPE
The present procedure applies to every sector in which ‘your firm’ operates.
3. REFERENCES
SEE- EN ISO 9000:2015 - Quality management systems: Foundations and vocabulary
SEE- EN ISO 9001:2015 - Quality management systems: Requirements
SEE-ISO 22163 (IRIS Rev. 3) - International Railway Industry Standard
‘XXXXX’ Quality manual - Applicable revision
4. TERMS AND DEFINITIONS
Are to be considered valid the definitions reported in the mentioned standards SEE-EN ISO 9000:2015 and
SEE-ISO/TS 22163 (IRIS Rev. 3)
5. PROCEDURE
5.1. Introduction
The risk assessment and the emergency plan of the "your firm" Organization have been developed by analyzing the risks associated with the organization's processes and production activities. The following aspects were taken into account for the analysis:
•Production site;
Human resources;
Information systems
Infrastructures
Documentation
Here below is provided an analysis of the risks connected to the different aspects above mentioned, as well as the measures adopted for reducing those considered more relevant for ‘your firm’ Organization. The following scheme gives a graphical representation of the different considered aspects and of the potential connected risks. The analysis of every single analyzed risk and the related mitigation actions have been considered an improvement opportunity for ‘your firm’.
5.1.1. Criteria for estimating acceptability of risks
In the evaluation of the risk a quality-quantity approach is followed, by using a matric based on the following criteria:
IR = Index of Risk = Probability x Severity of Consequences
The consequent classification matrix of risk index used for identifying the critical level of the risk is the following:
X= Severity of consequences (1 to 5), Y= Probability (A to E)
Where
6. PRODUCTION SITE
6.1. Meteorological risk
Analysis: the zone in which ‘your firm’ is located is not subject to particular meteorologic risks more than the common ones such as lightning
Adopted measures: The technological systems of the site include all the measures foreseen by regulations
in force for minimizing the effects of meteorologic events, such as (for example) lightning
[IR = Probability x Severity of Consequences = B1 = Risk very low]
6.2. Volcanic and/or Seismic risk
Analysis: Volcanic risk absent; regarding seismic risk ‘your firm’ organization is located in a plant built according to anti-seismic standards and located in an industrial area where no relevant seismic event has been detected during the years.
[IR = A1]
6.3. Public order risk
Analysis: this risk is to be considered absent considering the area where ‘your firm’ organization is located. [IR = A1]
6.4. Environmental risk
Analysis: Not relevant – considering the position where the company is located. In the last 20 years, there is no record of any relevant environmental event which could presage environmental risks.
[IR = A1]
6.5. Hydrogeological risk
Analysis: Not relevant – considering the position where the company is located, in the last 20 years there is no record of any relevant environmental event which could presage hydrogeological risks
[IR = A1]
6.6. Fire risk
Analysis: ‘your firm’ adopts all the measures foreseen by regulations in force in terms of safety.
Adopted measures: A specific antifire plan is defined according to the legislative requirements applicable to the ‘your firm’ organization.
[IR = B2]
7. HUMAN RESOURCES
7.1. Risk of an absence of personnel
Analysis: ‘your firm’ can have access to human resources through the following channels:
Technical and professional institutes which give instruction in mechanical and electromechanical fields;
University, which gives instruction in Mechanical, Electrical and Electronics Engineering;
The area where the Organization is located is characterized by the presence of other manufacturing realities similar to ‘your firm’ which gave the possibility of growing a substrate of competences where it is possible to find personnel with skills of high technical level;
Interim work: for particular labor activities that don’t need specific competencies, ‘your firm’ relies on specialized interim agencies.
Adopted measures: ‘your firm’ is in continuous contact with schools and universities also through sponsorship of research projects. The Quality Management System includes procedures for mapping competencies, the evaluation of the established competencies and the definition of training plans for the growth of the personnel.
[IR = B1]
7.2. Environmental and Health Risk
Analysis: not relevant – staff absenteeism rates do not predict any environmental and/or health risks associated with personnel working in the ‘your firm’ Organization.
[IR = A1]
8. INFORMATIVE SYSTEMS
8.1. Hardware and Software related risk
Analysis: ‘your firm’ organization adopts standard hardware and software informative systems, such as Microsoft Office suites, computer software systems, etc. The development software runs on standard platforms and does not need any particular hardware.
Adopted measures: ‘your firm’ has adopted measures for data protection. For details please refer to PRQ
4.2/D procedure “IT management of documents and data”. [IR = B2]
8.2. Fraud and/or hacker attack risk
Analysis: not relevant – ‘your firm’ doesn’t manage data which can be subject to specific attacks by external subjects such as hackers.
[IR = A2]
9. INFRASTRUCTURE
9.1. The risk for interruption of supply services (Water, Gas, Fuels, Electricity, Internet, Phone, etc...) Analysis: not relevant – ‘your firm’ is located in an industrial area. Supply services are granted by institutional providers. Until today, no cases of emergency related to this aspect have ever been recorded.
[IR = A2]
9.2. Risk related to suppliers of materials needed for production
Analysis: the most critical suppliers are the ones related to the supply of raw materials, mainly structural steel plates, Beams, Channels, Angles, Pipes, etc.
Adopted measures: for the most critical raw materials, ‘XXXXX’ Organization has alternative suppliers:
more generally speaking any kind of supply foresees more than a qualified supplier. [IR = B1]
9.3. Risk related to the theft of raw materials
Analysis: raw materials used by ‘XXXXX’ Organizations are not subject to thefts.
Adopted measures: ‘XXXXX’ plant is equipped with alarm systems directly connected to law enforcement
and night security services. Warehouse stocks are limited to the minimum and logistics procedures are applied in such a way to grant a continuous flux of materials from the suppliers, according to the production needs. (MRP – Material Resource Planning - criteria)
[IR = A1]
9.4. Risk related to fault of critical equipment
Analysis: equipment used by ‘XXXXX’ organization is redundant for most of its production processes, which is compensated by sister concern capacities except machining. Until today, no cases of emergency related to the process itself and in general to problems associated with faults of critical equipment have been recorded.
Adopted measures: ‘XXXXX’ has a scheduled maintenance plan kept under strict control by the personnel in charge of maintenance activities.
Quality Management System includes appropriate procedures and documented work instructions made to ensure, with the support of the functions involved, the repeatability of the production process in other organizations of similar production and external to ‘XXXXX’ (i.e. at “approved” competitor suppliers
10. DOCUMENTATION
10.1. Risk related to loss of documentation due to fire: Analysis: Fire can lead to loss of documents needed for production
Adopted measures: the documents relevant for production and product management means are available on both paper and electronic format.
Regarding electronic data, a backup procedure is foreseen as described in the procedure PRQ 4.2/C
“XXXXX management of documents and data”. [IR = B2]
10.2. Risk related to loss of documentation for fraud or theft:
Analysis: The main production archives are located in the technical office. This area is always subject to supervision by the personnel/security surveillance cameras.
Adopted measures: areas in which archives are located can be accessed only by the appointed ‘XXXXX’
personnel. See also privacy-related procedures. [IR = A2]
11. RISK ANALYSIS OF MAIN PROCESSES
The table FMEA-XXXXX PROCESSES 20190402.xls shows the risk assessment and mitigation plan related to the main processes of ‘XXXXX’ (see Diagram of processes, 4.4.4). For this analysis, the typical FMEA table has been used.
As shown in the table, for each risk attributed to every process, a score related to Frequency (evaluation of problem repetition), Severity (evaluation of gravity of the issue), and Detectability (evaluation of detectability of the issue).
If the product of the 3 numbers (calculation=F*S*D) is greater than 100, a mitigation plan must be carried out.
12. RISK ANALYSIS OF OUTSOURCED PROCESSES
The table “FMEA-XXXXX OUTSOURCED PROCESSES” shows the risk assessment and mitigation plan related to the outsourced processes of ‘XXXXX’ (see Diagram of processes, 4.4.4). For this analysis, the typical FMEA table has been used.
As shown in the table, for each risk attributed to every process, a score related to Frequency (evaluation of problem repetition), Severity (evaluation of gravity of the issue), and Detectability (evaluation of detectability of the issue).
If the product of the 3 numbers (calculation=F*S*D) is greater than 100, a mitigation plan must be carried out.
1 विस्तार
इस प्रक्रिया का दायरा संगठन से जुड़े उत्पादन गतिविधियों के व्यवधान के संभावित जोखिमों की पहचान करने और आपातकाल के मामले में सक्रिय होने के लिए आवश्यक प्रक्रियाओं को परिभाषित करने के लिए संगठन द्वारा अपनाए गए तरीकों का वर्णन करना है। इसके अलावा संगठन के अध्याय 4_0 संदर्भ में परिभाषित मुख्य analy ‘XXXXX 'प्रक्रियाओं से जुड़े जोखिमों का विश्लेषण किया जाता है।
2. आवेदन
वर्तमान प्रक्रिया हर उस क्षेत्र पर लागू होती है जिसमें 'XXXXX' संचालित होता है।
3. संदर्भ
SEE- EN ISO 9000: 2015 - गुणवत्ता प्रबंधन प्रणाली: नींव और शब्दावली
SEE- EN ISO 9001: 2015 - गुणवत्ता प्रबंधन प्रणाली: आवश्यकताएँ
SEE-ISO 22163 (IRIS Rev. 3) - अंतर्राष्ट्रीय रेलवे उद्योग मानक
। XXXXX की गुणवत्ता मैनुअल - लागू होने योग्य संशोधन
4. नियम और शर्तें
उल्लेखित मानकों SEE-EN ISO 9000: 2015 और में उल्लिखित परिभाषाओं को मान्य माना जाता है
SEE-ISO / TS 22163 (IRIS Rev. 3)
5. प्रक्रिया
5.1। परिचय
संगठन की प्रक्रियाओं और उत्पादन गतिविधियों से जुड़े जोखिमों का विश्लेषण करके "XXXX" संगठन की जोखिम मूल्यांकन और आपातकालीन योजना विकसित की गई है। विश्लेषण के लिए निम्नलिखित पहलुओं पर ध्यान दिया गया:
•निर्माण स्थान;
मानव संसाधन;
सूचना प्रणालियों
Infrastructures
प्रलेखन
यहां नीचे दिए गए विभिन्न पहलुओं से जुड़े जोखिमों का विश्लेषण प्रदान किया गया है, साथ ही relevant XXXXX के संगठन के लिए अधिक प्रासंगिक माने जाने वाले लोगों को कम करने के लिए अपनाए गए उपाय। निम्नलिखित योजना अलग-अलग माना पहलुओं और संभावित जुड़े जोखिमों का चित्रमय प्रतिनिधित्व करती है। प्रत्येक एकल विश्लेषण जोखिम और संबंधित शमन क्रियाओं के विश्लेषण को 'XXXXX' के लिए एक सुधार अवसर माना गया है।
5.1.1। जोखिमों की स्वीकार्यता का अनुमान लगाने के लिए मानदंड
निम्न मानदंडों के आधार पर मैट्रिक का उपयोग करके जोखिम के मूल्यांकन में गुणवत्ता-मात्रा दृष्टिकोण का पालन किया जाता है:
IR = जोखिम का सूचकांक = संभाव्यता x परिणाम की गंभीरता
The scope of this procedure is to describe the modes adopted by the organization for identifying the potential risks of interruption of production activities linked to the organization itself and to define the procedures needed to be activated in case of emergency. Furthermore are analyzed the risks linked to the main ‘ ‘your firm’ processes, defined in the chapter 4_0 Context of the organization.
2. APPLICABILITYThe present procedure applies to every sector in which ‘your firm’ operates.
3. REFERENCES
SEE- EN ISO 9000:2015 - Quality management systems: Foundations and vocabulary
SEE- EN ISO 9001:2015 - Quality management systems: Requirements
SEE-ISO 22163 (IRIS Rev. 3) - International Railway Industry Standard
‘XXXXX’ Quality manual - Applicable revision
4. TERMS AND DEFINITIONS
Are to be considered valid the definitions reported in the mentioned standards SEE-EN ISO 9000:2015 and
SEE-ISO/TS 22163 (IRIS Rev. 3)
5. PROCEDURE
5.1. Introduction
The risk assessment and the emergency plan of the "your firm" Organization have been developed by analyzing the risks associated with the organization's processes and production activities. The following aspects were taken into account for the analysis:
•Production site;
Human resources;
Information systems
Infrastructures
Documentation
Here below is provided an analysis of the risks connected to the different aspects above mentioned, as well as the measures adopted for reducing those considered more relevant for ‘your firm’ Organization. The following scheme gives a graphical representation of the different considered aspects and of the potential connected risks. The analysis of every single analyzed risk and the related mitigation actions have been considered an improvement opportunity for ‘your firm’.
5.1.1. Criteria for estimating acceptability of risks
In the evaluation of the risk a quality-quantity approach is followed, by using a matric based on the following criteria:
IR = Index of Risk = Probability x Severity of Consequences
Score
|
PROBABILITY
|
Event probability
|
E
|
Maximum
|
The certain event, that will happen one or more times during the project
|
D
|
High
|
It will happen frequently, 1 time every 10 projects
|
C
|
Medium
|
It will happen occasionally, 1 time every 100 projects
|
B
|
Low
|
It will happen rarely, 1 time every 1000 projects
|
A
|
Minimum
|
Unlikely, 1 time every 10 000 or more projects
|
Score
|
SEVERITY
|
The severity of consequences: impact on costs
|
5
|
Catastrophic
|
Leads to the conclusion of the project
|
4
|
Critical
|
Cost of projects exceeds 50% the budget
|
3
|
Major
|
Cost of projects exceeds by 30% the budget
|
2
|
Significant
|
Cost of projects does not exceed 10% of the budget
|
1
|
Negligible
|
Minimal or with no impact
|
The consequent classification matrix of risk index used for identifying the critical level of the risk is the following:
X= Severity of consequences (1 to 5), Y= Probability (A to E)
Low
|
Medium
|
High
|
Very high
|
Very high
|
Low
|
Low
|
Medium
|
High
|
Very high
|
Very low
|
Low
|
Low
|
Medium
|
High
|
Very low
|
Very low
|
Low
|
Low
|
Medium
|
Very low
|
Very low
|
Very low
|
Very low
|
Low
|
Where
IR
|
GRAVITY
|
Actions
|
E4, E5, D5
|
Very high risk
|
Unacceptable risk: implement new team processes or radical changes. Bring to the attention of the top management.
|
E3, D4, C5
|
High risk
|
Unacceptable risk: as above.
|
E2, D3, C4, B5
|
Medium risk
|
Unacceptable risk: careful management, consider alternative team processes or radical changes. Bring to the attention of the top management.
|
E1, D1, D2, C2, C3, B3, B4, A5
|
Low risk
|
Acceptable risk: control, monitoring, careful management.
|
C1, B1, A1, B2, A2, A3, A4
|
Very low risk
|
Acceptable risk: as above.
|
6. PRODUCTION SITE
6.1. Meteorological risk
Analysis: the zone in which ‘your firm’ is located is not subject to particular meteorologic risks more than the common ones such as lightning
Adopted measures: The technological systems of the site include all the measures foreseen by regulations
in force for minimizing the effects of meteorologic events, such as (for example) lightning
[IR = Probability x Severity of Consequences = B1 = Risk very low]
6.2. Volcanic and/or Seismic risk
Analysis: Volcanic risk absent; regarding seismic risk ‘your firm’ organization is located in a plant built according to anti-seismic standards and located in an industrial area where no relevant seismic event has been detected during the years.
[IR = A1]
6.3. Public order risk
Analysis: this risk is to be considered absent considering the area where ‘your firm’ organization is located. [IR = A1]
6.4. Environmental risk
Analysis: Not relevant – considering the position where the company is located. In the last 20 years, there is no record of any relevant environmental event which could presage environmental risks.
[IR = A1]
6.5. Hydrogeological risk
Analysis: Not relevant – considering the position where the company is located, in the last 20 years there is no record of any relevant environmental event which could presage hydrogeological risks
[IR = A1]
6.6. Fire risk
Analysis: ‘your firm’ adopts all the measures foreseen by regulations in force in terms of safety.
Adopted measures: A specific antifire plan is defined according to the legislative requirements applicable to the ‘your firm’ organization.
[IR = B2]
7. HUMAN RESOURCES
7.1. Risk of an absence of personnel
Analysis: ‘your firm’ can have access to human resources through the following channels:
Technical and professional institutes which give instruction in mechanical and electromechanical fields;
University, which gives instruction in Mechanical, Electrical and Electronics Engineering;
The area where the Organization is located is characterized by the presence of other manufacturing realities similar to ‘your firm’ which gave the possibility of growing a substrate of competences where it is possible to find personnel with skills of high technical level;
Interim work: for particular labor activities that don’t need specific competencies, ‘your firm’ relies on specialized interim agencies.
Adopted measures: ‘your firm’ is in continuous contact with schools and universities also through sponsorship of research projects. The Quality Management System includes procedures for mapping competencies, the evaluation of the established competencies and the definition of training plans for the growth of the personnel.
[IR = B1]
7.2. Environmental and Health Risk
Analysis: not relevant – staff absenteeism rates do not predict any environmental and/or health risks associated with personnel working in the ‘your firm’ Organization.
[IR = A1]
8. INFORMATIVE SYSTEMS
8.1. Hardware and Software related risk
Analysis: ‘your firm’ organization adopts standard hardware and software informative systems, such as Microsoft Office suites, computer software systems, etc. The development software runs on standard platforms and does not need any particular hardware.
Adopted measures: ‘your firm’ has adopted measures for data protection. For details please refer to PRQ
4.2/D procedure “IT management of documents and data”. [IR = B2]
8.2. Fraud and/or hacker attack risk
Analysis: not relevant – ‘your firm’ doesn’t manage data which can be subject to specific attacks by external subjects such as hackers.
[IR = A2]
9. INFRASTRUCTURE
9.1. The risk for interruption of supply services (Water, Gas, Fuels, Electricity, Internet, Phone, etc...) Analysis: not relevant – ‘your firm’ is located in an industrial area. Supply services are granted by institutional providers. Until today, no cases of emergency related to this aspect have ever been recorded.
[IR = A2]
9.2. Risk related to suppliers of materials needed for production
Analysis: the most critical suppliers are the ones related to the supply of raw materials, mainly structural steel plates, Beams, Channels, Angles, Pipes, etc.
Adopted measures: for the most critical raw materials, ‘XXXXX’ Organization has alternative suppliers:
more generally speaking any kind of supply foresees more than a qualified supplier. [IR = B1]
9.3. Risk related to the theft of raw materials
Analysis: raw materials used by ‘XXXXX’ Organizations are not subject to thefts.
Adopted measures: ‘XXXXX’ plant is equipped with alarm systems directly connected to law enforcement
and night security services. Warehouse stocks are limited to the minimum and logistics procedures are applied in such a way to grant a continuous flux of materials from the suppliers, according to the production needs. (MRP – Material Resource Planning - criteria)
[IR = A1]
9.4. Risk related to fault of critical equipment
Analysis: equipment used by ‘XXXXX’ organization is redundant for most of its production processes, which is compensated by sister concern capacities except machining. Until today, no cases of emergency related to the process itself and in general to problems associated with faults of critical equipment have been recorded.
Adopted measures: ‘XXXXX’ has a scheduled maintenance plan kept under strict control by the personnel in charge of maintenance activities.
Quality Management System includes appropriate procedures and documented work instructions made to ensure, with the support of the functions involved, the repeatability of the production process in other organizations of similar production and external to ‘XXXXX’ (i.e. at “approved” competitor suppliers
10. DOCUMENTATION
10.1. Risk related to loss of documentation due to fire: Analysis: Fire can lead to loss of documents needed for production
Adopted measures: the documents relevant for production and product management means are available on both paper and electronic format.
Regarding electronic data, a backup procedure is foreseen as described in the procedure PRQ 4.2/C
“XXXXX management of documents and data”. [IR = B2]
10.2. Risk related to loss of documentation for fraud or theft:
Analysis: The main production archives are located in the technical office. This area is always subject to supervision by the personnel/security surveillance cameras.
Adopted measures: areas in which archives are located can be accessed only by the appointed ‘XXXXX’
personnel. See also privacy-related procedures. [IR = A2]
11. RISK ANALYSIS OF MAIN PROCESSES
The table FMEA-XXXXX PROCESSES 20190402.xls shows the risk assessment and mitigation plan related to the main processes of ‘XXXXX’ (see Diagram of processes, 4.4.4). For this analysis, the typical FMEA table has been used.
As shown in the table, for each risk attributed to every process, a score related to Frequency (evaluation of problem repetition), Severity (evaluation of gravity of the issue), and Detectability (evaluation of detectability of the issue).
If the product of the 3 numbers (calculation=F*S*D) is greater than 100, a mitigation plan must be carried out.
12. RISK ANALYSIS OF OUTSOURCED PROCESSES
The table “FMEA-XXXXX OUTSOURCED PROCESSES” shows the risk assessment and mitigation plan related to the outsourced processes of ‘XXXXX’ (see Diagram of processes, 4.4.4). For this analysis, the typical FMEA table has been used.
As shown in the table, for each risk attributed to every process, a score related to Frequency (evaluation of problem repetition), Severity (evaluation of gravity of the issue), and Detectability (evaluation of detectability of the issue).
If the product of the 3 numbers (calculation=F*S*D) is greater than 100, a mitigation plan must be carried out.
Note- put your firm name in place of "XXXXX".
जोखिम प्रबंधन और आकस्मिकता योजना1 विस्तार
इस प्रक्रिया का दायरा संगठन से जुड़े उत्पादन गतिविधियों के व्यवधान के संभावित जोखिमों की पहचान करने और आपातकाल के मामले में सक्रिय होने के लिए आवश्यक प्रक्रियाओं को परिभाषित करने के लिए संगठन द्वारा अपनाए गए तरीकों का वर्णन करना है। इसके अलावा संगठन के अध्याय 4_0 संदर्भ में परिभाषित मुख्य analy ‘XXXXX 'प्रक्रियाओं से जुड़े जोखिमों का विश्लेषण किया जाता है।
2. आवेदन
वर्तमान प्रक्रिया हर उस क्षेत्र पर लागू होती है जिसमें 'XXXXX' संचालित होता है।
3. संदर्भ
SEE- EN ISO 9000: 2015 - गुणवत्ता प्रबंधन प्रणाली: नींव और शब्दावली
SEE- EN ISO 9001: 2015 - गुणवत्ता प्रबंधन प्रणाली: आवश्यकताएँ
SEE-ISO 22163 (IRIS Rev. 3) - अंतर्राष्ट्रीय रेलवे उद्योग मानक
। XXXXX की गुणवत्ता मैनुअल - लागू होने योग्य संशोधन
4. नियम और शर्तें
उल्लेखित मानकों SEE-EN ISO 9000: 2015 और में उल्लिखित परिभाषाओं को मान्य माना जाता है
SEE-ISO / TS 22163 (IRIS Rev. 3)
5. प्रक्रिया
5.1। परिचय
संगठन की प्रक्रियाओं और उत्पादन गतिविधियों से जुड़े जोखिमों का विश्लेषण करके "XXXX" संगठन की जोखिम मूल्यांकन और आपातकालीन योजना विकसित की गई है। विश्लेषण के लिए निम्नलिखित पहलुओं पर ध्यान दिया गया:
•निर्माण स्थान;
मानव संसाधन;
सूचना प्रणालियों
Infrastructures
प्रलेखन
यहां नीचे दिए गए विभिन्न पहलुओं से जुड़े जोखिमों का विश्लेषण प्रदान किया गया है, साथ ही relevant XXXXX के संगठन के लिए अधिक प्रासंगिक माने जाने वाले लोगों को कम करने के लिए अपनाए गए उपाय। निम्नलिखित योजना अलग-अलग माना पहलुओं और संभावित जुड़े जोखिमों का चित्रमय प्रतिनिधित्व करती है। प्रत्येक एकल विश्लेषण जोखिम और संबंधित शमन क्रियाओं के विश्लेषण को 'XXXXX' के लिए एक सुधार अवसर माना गया है।
5.1.1। जोखिमों की स्वीकार्यता का अनुमान लगाने के लिए मानदंड
निम्न मानदंडों के आधार पर मैट्रिक का उपयोग करके जोखिम के मूल्यांकन में गुणवत्ता-मात्रा दृष्टिकोण का पालन किया जाता है:
IR = जोखिम का सूचकांक = संभाव्यता x परिणाम की गंभीरता
No comments:
Post a Comment
Please do not enter any spam link in the comment box