Risk prevention: Prophylaxis

Risk prevention: Prophylaxis

Technical measures
  • Identification of possible technical solutions
  • Are there already proven methods?
  • Assessment of the benefits or cost-benefit effect
  • What is the application experience?
  • Purchasing / tendering
  • Examination of the effect, implementation of exercises and tests
  • Regular testing of alternative/new technologies and their effects (advantages and disadvantages compared to established systems; also without approval)
Organizational measures

Depending on the degree of risk and the organisational requirements, a risk organisation or risk management structure must be planned and applied.

Identification of the possible solutions or the necessary behaviour.

  • Identification of existing specialists for emergency & crisis intervention
  • Emergency Organigram
  • Establishment, awareness raising and training of stakeholders (certification)
  • Manual, regulations, checklists

Regular training and incident drills (announced and unannounced).

Adaptation of contingency plans, checklists and procedures when relevant framework conditions change.

Continuous updating and refresher training every 2 to 3 years.

Coordination & training of the cooperation with security services, police, fire brigade etc. 

Communicative measures

Communication within the company, authority, etc. at all levels.

  • Communication plans
     Responsibilities
     Content & Language Rules
  • External hotline
  • Feedback
  • Feedback
Financial/financial measures
  • priority setting
  • Determination of the means
  • Internal control system (ICS) in day-to-day operations
    Process integrated controls
    Strict separation of functions
    Segregation of Duties (SoD)

  • ICS as a monitoring and control body
    Monitoring (key figures, red flags, warnings)
    KPI system (structure, adjustment, evaluation)

  • Internal audit
    –     Objective & independent consulting authority
Information technology (IT) measures
  • IT Landmap Analysis (Hardware)
  • IT system analysis (software)
  • Administration
  • Support
Legal & administrative measures
  • Internal Policies & Procedures (e.g. Code of Conduct)
  • Powers & authorities (e.g. transactions requiring consent)
  • Contract management and deadline monitoring
Examination of the impact of the measures
  • Document level
  • Reality
Examination of possible multiple sources of error
  • Fault Tree Analysis