Risk mitigation measures are introduced with the objective to:
• Eliminate the risk; or
• Mitigate the risk, if elimination is not feasible; or
• Cope with it, if neither elimination nor mitigation is feasible.
The identification of appropriate risk mitigation measures requires a good understanding of the hazard and the factors contributing to its occurrence. For this reason, a risk matrix needs to be completed. Risk mitigation measures may work by reducing the probability of occurrence, or the severity of the consequences, or both. Achieving the desired level of risk reduction may require the implementation of more than one mitigation measure.
The possible approaches to risk mitigation
include:
• Revision of the system design
• Modification of operational procedures
• Changes to staffing arrangements
• Training of personnel to deal with the hazard.
The expected safety improvement potential of any proposed risk mitigation measure must be assessed by examining closely whether the implementation of the mitigation measure might introduce new risk in the system. This is done by applying the hazard identification and risk assessment steps and evaluating the acceptability of the risk with the proposed mitigation measures in place.
The residual risk of a system is the risk that remains after the people, process and technology security measures have been implemented. When assessing residual risk, the following questions should be answered: “What are the controls required to be implemented for this system? What percentage of the required controls has been implemented? The answers to the above questions should be used to generate a score for residual risk. The percentage of compliance is a quantitative score than can be converted to a qualitative “effectiveness” rating. For example, a control implementation of 90% or higher may be considered “highly effective,” while a control implementation of 70% or lower may be considered “ineffective.”