Tools and Techniques in Risk Assessment in Public Risk Management Organisations

Risk assessment and the knowledge provided through this process is a crucial part of any decision-making process in the management of risks and uncertainties. Failure in assessment of risks can cause inadequacy in the entire process of risk management, which in turn can lead to failure in achieving organisational objectives as well as having significant damaging consequences on populations affected by the potential risks being assessed. The choice of tools and techniques in risk assessment can influence the degree and scope of decision-making and subsequently the risk response strategy. There are various available qualitative and quantitative tools and techniques that are deployed within the broad process of risk assessment. The sheer diversity of tools and techniques available to practitioners makes it difficult for organisations to consistently employ the most appropriate methods. This tools and techniques adaptation is rendered more difficult in public risk regulation organisations due to the sensitive and complex nature of their activities. This is particularly the case in areas relating to the environment, food, and human health and safety, when organisational goals are tied up with societal, political and individuals’ goals at national and international levels. Hence, recognising, analysing and evaluating different decision support tools and techniques employed in assessing risks in public risk management organisations was considered. This research is part of a mixed method study which aimed to examine the perception of risk assessment and the extent to which organisations practise risk assessment’ tools and techniques. The study adopted a semi-structured questionnaire with qualitative and quantitative data analysis to include a range of public risk regulation organisations from the UK, Germany, France, Belgium and the Netherlands. The results indicated the public risk management organisations mainly use diverse tools and techniques in the risk assessment process. The primary hazard analysis; brainstorming; hazard analysis and critical control points were described as the most practiced risk identification techniques. Within qualitative and quantitative risk analysis, the participants named the expert judgement, risk probability and impact assessment, sensitivity analysis and data gathering and representation as the most practised techniques

Implementing GDPR in the Charity Sector: A Case Study

Due to their organisational characteristics, many charities are poorly prepared for the General Data Protection Regulation (GDPR). We present an exemplar process for implementing GDPR and the DPIA Data Wheel, a DPIA framework devised as part of the case study, that accounts for these characteristics. We validate this process and framework by conducting a GDPR implementation with a charity that works with vulnerable adults. This charity processes both special category (sensitive) and personally identifiable data. This GDPR implementation was conducted and devised for the charity sector, but can be equally applied in any organisation that needs to implement GDPR or conduct DPIAs

A Model-Based Approach to Comprehensive Risk Management for Medical Devices

The European medical technology industry consists of around 27,000 companies, more than 95% of them small and medium-sized enterprises (SMEs), with over 675,000 employees [MEDT17]. In the European Union (EU) alone, medical devices constituted by far the biggest part of the medical technology (MedTech) sector with a market of 95 billion euros in annual sales in 2015 [EURO15].The European medical technology industry consists of around 27,000 companies, more than 95% of them small and medium-sized enterprises (SMEs), with over 675,000 employees [MEDT17]. In the European Union (EU) alone, medical devices constituted by far the biggest part of the medical technology (MedTech) sector with a market of 95 billion euros in annual sales in 2015 [EURO15]

Nematerijalni indikatori u razvoju tehničkih sustava

Kontinuirano mjerenje i praćenje izvedbe projekata razvoja tehničkih sustava nužno je za objektivnu i jasnu procjenu dinamike ostvarivanja ciljeva, ranu detekciju i ispravljanje pogrešaka, te davanje pravodobne povratne informacije potrebne za uspješno upravljanje projektima. Tradicionalni pristupi upravljanja projektima razvoja tehničkih sustava uobičajeno koriste materijalne indikatore za mjerenje izvedbe projekta. Da bi informacija o izvedbi projekta bila potpuna, potrebno je uključiti i socio-tehničku perspektivu – značajke sudionika, procesa i radnoga okruženja. Socio-tehnička se perspektiva može opisati pomoću operativnih nematerijalnih indikatora s naglaskom na ponašanje pojedinaca i timova, razmjenu znanja te rješavanje tehničkih problema i stvaranje novih ideja. Analiza individualnog i timskog rada u hijerarhijskim organizacijskim strukturama osnova je za bolje razumijevanje, praćenje i mjerenje dinamike izvedbe projekata. Modeliranjem dinamike nematerijalnih operativnih indikatora omogućuje se proaktivno upravljanje projektima razvoja tehničkih sustava i prepoznavanje operativnih rizika vezanih uz te indikatore. U okviru disertacije predloženi su nematerijalni indikatori svrstani u četiri cjeline intelektualnog kapitala na individualnoj i timskoj razini: kompetencije i znanje, komunikacija i razmjena informacija, inovativnost i ideacija te motivacija i zadovoljstvo. Predloženi je popis nematerijalnih indikatora poslužio kao polazište za izradu ankete, razvoj aplikacije za uzorkovanje rada i osmišljavanje integracije s IT sustavima, čime se omogućuje praćenje izvedbe pojedinaca i timova u stvarnom vremenu. Uzorkovanje rada do sada nije korišteno u ovom kontekstu, te omogućuje kvantitativno i objektivnije prikupljanje podataka o aktivnostima u razvoju tehničkih sustava na individualnoj i timskoj razini. U okviru doktorskog rada, definiran je i model agregacije koji omogućuje izračun agregiranih vrijednosti indikatora za cjeline intelektualnog kapitala. Koristeći težinske faktore dobivene pomoću Metode potencijala, agregirana vrijednost indikatora izračunava se upotrebom diferencijalno ponderirane linearne agregacije. Studija slučaja provedena je u tvrtki čije su istraživačke i razvojne djelatnosti orijentirane na sustave za proizvodnju, distribuciju i transformaciju električne energije. Nakon provedene studije slučaja analiza indikatora omogućila je detaljan uvid u izvođenje aktivnosti tijekom razvoja ugradbenih upravljačkih sustava i vrednovanje predložene metode. Postupak vrednovanja podijeljen je na dva dijela: 1. vrednovanje izvedivosti i korisnosti metode i 2. vrednovanje rezultata. Vrednovanje izvedivosti i korisnosti metode obuhvaćalo je usporedbu s pristupima u literaturi, upotrebu studije slučaja i razmatranje primjene metode u širem kontekstu. Prvi dio vrednovanja potvrdio je da su pojedinačni indikatori pravilno definirani i da predložena metoda ispunjava namijenjenu svrhu u smislu unutarnje konzistentnosti i vanjske relevantnosti. Za vrednovanje rezultata nematerijalnih indikatora poslužila je usporedba s rezultatima analize organizacijskih rizika dobivenih primjenom organizacijske metamatrice (društvena mreža, mreža znanja, mreža resursa, mreža zadataka). Drugi dio vrednovanja potvrdio je trendove indikatora te komplementarnost predložene metode s metodama za analizu organizacijskih rizika

Incorporating contextual integrity into privacy decision making: a risk based approach.

This work sought to create a privacy assessment framework that would encompass legal, policy and contextual considerations to provide a practical decision support tool or prototype for determining privacy risks, thereby integrating the privacy decision-making function into organisational decision-making by default. This was achieved by way of a meta-model from which two separate privacy assessment frameworks were derived, each represented as a stand-alone prototype spreadsheet tool for privacy assessment before being amalgamated into the main contribution of this work, the PACT (PrivACy Throughout) framework, also presented as a prototype spreadsheet. Thus, this work makes four contributions. First, a meta-model of Contextual Integrity (CI) (Nissenbaum 2010) is presented, where CI has been broken down into its component parts to provide an easy to interpret visual representation of CI. Second, a practical privacy decision support framework for assessing data suitability for publication as open data, the ContextuaL Integrity For Open Data (CLIFOD) questionnaire is presented. Third, the scope of the framework is expanded upon to include other industry sectors or domains. To this end, a data protection impact assessment (DPIA), the DPIA Data Wheel, is exhibited that integrates the provisions brought in by the General Data Protection Regulation (GDPR) with CI and a revised version of CLIFOD. This framework is applied and evaluated in the charity sector to demonstrate the applicability of the concepts derived in CLIFOD to any domain where data is processed or shared. Finally, this work culminates with the main contribution of this work, one overarching framework, PrivACy Throughout (PACT). PACT is a privacy decision framework for assessing privacy risks throughout the data lifecycle. It has been derived and underpinned by existing theory though the amalgamation of CLIFOD and the DPIA Data Wheel and extended upon to include a privacy lifecycle plan (PLAN) for managing the data throughout its data life cycle. PACT, incorporates context (using CI), with contemporary legislation, in particular, the General Data Protection Regu- lation (GDPR), to facilitate consistent and repeatable privacy risk assessment from both the perspective of the data subject and the organisation, thereby supporting organisational decision making around privacy risk for both existing and new projects, systems, data and processes