Processing

After the analysis session, it is important to process the results in a proper manner. The risk analysis process supervisor can use the following steps.

• Further elaborate on the measures that were determined in broad outline during the analysis session. Consider various possible solutions, such as organizational, technical and people-oriented measures. Make a distinction between preventive measures (focused on the causes), detective measures (focused on the incident itself) and repressive measures (focused on the consequences).
• Determine for each measure who will be the intended measure owner and what the desired end date for the implementation is.
• If the risk owner was not present at the analysis session, finalize the risks and measures in consultation with the risk owner. This means that the risk owner accepts or adjusts the choices made during the analysis session.
• Have the risk owner indicate the validity period of the risk analysis. Include this in the report. After this period, the risk analysis will need to be updated.
• Submit the risk analysis report to the risk owner.
• Record the risks in this risk register.
• Work out any technical details of the measures in consultation with content experts. Pay attention to the feasibility and costs of the measures.
• Measures may be implemented by someone other than the risk owner. This other person then becomes the measure owner. Finalize the measures in consultation with the risk owner and the measure owner.
• If a risk is not accepted, but the measures cannot be implemented for whatever reason, the risk owner will ensure that the designated manager or director officially accepts the risk.
• Record the measures in this risk register.