Modern business in developed countries has been applying a risk estimation for a long period of time. The possession of the Risk Assessment Act is now a legal obligation in our country, and not having it or untimely updating it also entails high misdemeanour sanctions from 50,000 to 500,000 rsd, and from 100,000 to 1,000,000 rsd for financial and banking organizations, according to national regulations such as the Law on Private Security, the Rulebook on the Method of Performing Technical Protection and the Use of Technical Assets, the Decree on Technical Requirements for Obligatory Installation of the System of Technical Protection in Banks and Other Financial Organizations, the Regulation on Detailed Criteria for Determining Obligatory Secured Facilities and the way of carrying out the protection activities. In addition, risk assessment, at its core, also has national and international standards such as, ISO 9001 and ISO 27001.
By risk establishment of a standardized risk management process that consists of three basic phases shown in the images, you will get the answers to the basic questions which we will try to simplify to make the process clearer and to confirm that we comply with the above principle not to do it as a formality - but to adapt to the specifics of your organization.
For risk establishment services we have engaged licensed security managers and professional consultants with completed postgraduate security studies and respectable operative, teaching and scientific experience in this field, who are fully qualified to apply the national standard SRPS AL.2.003 - Safety and Resilience of Society, in Relation to the international standards and make a Risk Estimation Act of quality which can be applied in practice and according with this standard..
With such personnel we can offer a high quality risk estimation service, both for optimal implementation of physical and technical security, as well as for assessing all types of risks for your business system as a whole.
We fully apply the norms and principles that define national and international standards, we do not obey the form, but the Risk Estimation Act is logically adapted to the specifics of your organization. Experience shows that the template application of the standard meets the form and the obligation, but very often the result is currently a formally satisfactory act that quickly becomes virtually unusable or burdensome which requires additional resources and costs for the simple reason that there are no two completely identical organizations. From such realistic bases, the experience and knowledge of our risk managers and consultants, with your active cooperation, enables us to develop a Risk Estimation Act and establish a risk management system based on the ISO 31000 standards, in relation to the specifics of your organization, without the need for additional resources and costs, so that your employees relieved while doing their everyday tasks. Established goals will be tested immediately after the application.
Risk management process ISO 31000
- Identifying risks, will answer basic questions about the risks to which you are exposed, how to identify and define them.
- Risk analysis will answer the basic questions about the possibility of accidents that could produce risks and how severe or difficult accidents might be
- Risk estimation will answer the basic question - Is the estimated level of risk acceptable? If the answer is positive, standardized recording and monitoring with defined measures will be done. If the answer is negative, we ask for further answers to the basic questions - Whether the risk can be eliminated and how, and if it cannot be eliminated, we will find answers to the basic questions about the possibilities of risk reduction to an acceptable level with defined concrete measures and procedures in each individual case.
Risk estimation process SRPS AL.2.003.
Respecting the standardized risk management process presented in the Risk Estimation Act, we will define:
- Optimal system of physical and technical protection or optimization of existing, wherever possible, at no extra cost or with minimal costs, using adequate measures which do not disturb regular activities.
- The probability and consequences with specific risk mitigation options for each applicable risk type set out in SRPS AL.2.003 or identified for your organization, with a clear analysis and comparison of the value of the investment and potential costs in relation to the potential damage and value of the material or intellectual property.
Additionally, we will propose an optimal Security Management System for your business in relation to the size and complexity of your organization, at no extra cost through the existing resources of your organization.
We will adjust the price of our services to your capabilities and the size of your organization or facility protection.