Combining Security and Safety Risk Management in Critical Infrastructure
Published: 2022
Author(s) Name: Robert Kemp and Richard Smith |
Author(s) Affiliation: De Montfort University, Leicester, England, United Kingdom.
Locked
Subscribed
Available for All
Abstract
Within the critical infrastructure sector, risk management for safety and security are often treated as disjoint processes. Separating these processes creates duplication of effort when safety and security concerns align, and it will obscure the situations where a trade-off between safety and security needs to be resolved. This paper proposes a risk management process that enables an organisation to carry out safety and security risk assessment within one combined process. The results show that this is possible, but changes need to be made within the organisation and the process for it to be successful. Some examples of the changes are around terminology used, culture and how threats and hazards are assessed. The combining of the risk management process for safety and security can also support compliance to safety and security standards. Often organisations will need to comply with both standards and can leverage the combined risk management process to allow compliance without creating two separate risk management processes.
Keywords: Critical infrastructure, Risk Management, Safety, Security, Standards.
View PDF