- Threat Mode Effects Criticality Analysis (TMECA®)
- Vendor Quality Assessment
- Troubleshooting and Remediation
- Incident Investigation and Root Cause Analysis
- Contract Language and Management
Athens Group, integrating risk management methods across all of our services, expands the traditional risk realization chain by implementing an early lifecycle, preventative approach. The traditional risk realization chain is quite simple and looks like this: Hazard ➔ Harm
It follows that the traditional management process look something like this:
- Identify the hazard
- Identify the harm
- Evaluate the probability a hazard becomes a harm – the risk
- Determine if that risk is “as low as reasonably practicable” (ALARP) and acceptable
- If not ALARP or acceptable, eliminate or mitigate that risk
Hazards are at the root of the chain, so a key question would be – “What causes a hazard?” At least two things must occur before a hazard can become a harm:
- First a defect must be introduced in design or implementation.
- Second, that defect must trigger a situation whereby the hazard is present.
Athens Group risk realization chain includes the root cause of the hazard:
Defect ➔ Trigger ➔ Hazard ➔ Harm
And as a result, Athens Group looks at four levels of risk, not just one – and the identifiable hazard and harm at each level:
- Risk of a defect being introduced
- Risk of defect going undetected
- Risk of the trigger occurring
- Risk the trigger causes a hazard that can lead to a harm
Risk management begins with defect management – which means the concept, requirements, design and verification activities all need to be focused on defect identification, prevention, and detection. This approach lowers the risk of defects, cutting off the risk realization chain at its root. This is the best and most cost effective way to reduce risk.