Some scientists believe that their only responsibility is to do research and everything else is for the university at the other hand sustainability can only exist by being responsible
Professors want to teach their students everything, especially if they are interested which may lead to security problems. The probability of an incident is low but when there is an incident, it is a severe one.
Some people don’t take the biosecurity risks seriously enough so it is likely that they will not take the measurements seriously enough and when you are not conscious of risks, things that shouldn’t happen will happen. Researchers might approach risk with a safety approach, like a risk incident is an act of god. They take measurements and think that it will never happen again. However when you look at security objects, there is always someone that is thinking about getting around these measures.
When you look at risk, in general, there are two types Dynamic risk: which can provide for either a profit or a loss. (Enterprise) Static risk: which can only provide for a loss (Hazard) Together with the audit manager, you adopted the idea to look at risk management in a wide scope so you could cover enterprise management. We started with hazard risk because people seem to think that enterprise risk is about their daily work and don’t realize that there are other kinds of risk.
The university needed someone to implement hazard risk management within the university. We decided that there needed to be a hazard risk management system that covered the entire scope of the university, including both safety and security and ICT security and all processes needed to be united included, such as every small unit dealing with parts of security and safety so that all processes could be viewed and controlled as one system.
We began the project by looking at hazard risks in this context and connecting them to organizational goals. For instance, why do we need a university? To educate students and to do research. The strategy was developed in align to these goals. We collected the interest of all faculties and business units and try to view them from a central point and create a central organizing force so we could tell the board of directors that the university is in control.
The System: The policy: Implement security and safety from the point of view of risk management. all units deal with their operational issues of hazard risk but only within one organization which is responsible for the whole process. 31-01-11
- Report to the board of directors of the university. - Responsible for keeping track of the processes of the whole university - Makes decisions independently when board of directors is not present. - In charge of making decisions when there is a crisis - To ensure that the organization in control - Checks to ensure that faculty security and safety implementations are adequate to controle the situation. - Risk research (development of risk profile including scenarios), identification, assessment and management. This includes priority setting.
Implementation and control Handbook developed which covers several issues that should be managed within the faculties. For instance, protecting valuable assets. Biosecurity is included in the concept plans Once security and safety goals are set, it is up to the faculties to decide how they want to reach the goals. They can use any means of security or safety they want and in most cases will apply best practices.
A security problem needs strategic solutions and control measures that begin by taking account of the existing organization and organizational responsibilities and are developed from there. This ensures that the measures will be sustainable within the organization.
Universities mostly are Profi-naïve t.i. professional in knowledge and research Naïve in trusting every bright student researcher or employee Traditional security measures like camera and fences are difficult to operationalize in universities because universities prefer an open climate where knowledge and information is openly shared In universities you need to make individuals responsible
When next to balanced H-RM policy, regulations and a little technique, everybody feels responsible for his/her cirkel of 25 mtr diameter We don’t need severe measurement that makes education and research in academic way impossible
Presentation Ron Massink
Hazard Risk Management Bio security & Dual use
Science & (common) sense <ul><li>Responsibility of science & scientists </li></ul><ul><li>Responsibility of community </li></ul><ul><li>Responsibility of organizations </li></ul><ul><li>Several initiatives in this area like the project on Bio security resulting in the Biosecurity code proof there is a shared responsibility for preventing dual use </li></ul>
Sci-fi? Ghost hunting? Routine? Our responsibility ? Not for me? Dual use prevention at universities
Difference Safety Security Security = Intentional Counter measures last as long as somebody finds a way to work around them Safety = accident Countermeasures a good solution lasts long So stay alert… FOR EVER!
(E)Riskmanagement <ul><li>Enterprise Riskmanagement : All risks threatening the continuity of an organization </li></ul><ul><li>(Dynamic risk) </li></ul><ul><li>- Political risk (law) </li></ul><ul><li>- Economical risk </li></ul><ul><li>- Financial risk (stock market) </li></ul><ul><li>- Social risk (employment) </li></ul><ul><li>- legal risk (liability) </li></ul><ul><li>Hazard Riskmanagement : - Safety </li></ul><ul><li>(Static risk) - Health </li></ul><ul><li>- Wellness </li></ul><ul><li>- Environment </li></ul><ul><li>- Security </li></ul><ul><li>- Business Continuïty </li></ul>Hazard Risk Management
Mission and Goals Hazard Risk Management (H-RM) Integrale Veiligheid <ul><li>Risk monitoring in a way that enables DUT to take the necessary or even higher risk to create opportunities </li></ul><ul><li>Reduces the change for incidents by proactive risk management </li></ul><ul><li>Quality assurance and improvement of DUT H-RM in education, research and de management processes </li></ul><ul><li>Share with the primary processes “Research and Education” the best practices developed in H-RM (IV) and vice versa use research for the H-RM management process </li></ul><ul><li>Share the instruments developed in H-RM (IV) with partners and society </li></ul><ul><li>Provide students with a H-RM related fundamental attitude which will be useful in business </li></ul>
WELFARE ENVIRON MENT SAFETY RISP RISK INVENTORY & STEERING PROCES Organization Hazard Risk Management (Integrale Veiligheid) HEALTH SECURITY IT SECURITY Hazard Risk Management/ INTEGRALE VEILIGHEID CRISISMANAGEMENT BUSINESS CONTINUITY MANAGEMENT
Proces responsibility H-RM within Delft University of Technology DUT : Faculties, Business Units, Services, Students Integrated Safety, Security and IT security (= H-RM)
Steering-coordinating-connecting-sending-cooperating-assurance H-RM organization within Delft University of Technology
Control concepts H-RM (IV) <ul><li>Organization wide direction and coordination </li></ul><ul><li>Related and coherent safety, security and IT security policy plans </li></ul><ul><li>Organization wide frameworkplans for all disciplines including: </li></ul><ul><ul><ul><li>Standards framework </li></ul></ul></ul><ul><ul><ul><li>Result responsibility </li></ul></ul></ul><ul><ul><ul><li>Integration of methods, systems and best practice </li></ul></ul></ul><ul><li>Local (line) responsibility for implementaion of frameworkplans </li></ul><ul><li>Decentralised plans that meet the results criteria of frameworkplans but leave room for couleur locale </li></ul>Regiegroep OCW
News & developments <ul><li>Other Universities also adopted the idea of Hazard Risk Management </li></ul><ul><li>Delft University of Technology: chair of OCW Hazard RM working group </li></ul><ul><li>H-RM Participation in: DUT Biosecurity project (Koos van der Bruggen) </li></ul><ul><li>Participation International Nuclear Security Education </li></ul>Integrated bio security goals <ul><li>Incident registration </li></ul><ul><li>Acess control </li></ul><ul><li>Employe and student training and awareness </li></ul><ul><li>Specific dangerous goods listing </li></ul><ul><li>Employe screening </li></ul>
Who is responsible ? DELFT University of Technology Risk mgt dept. Real est. Fac.
We are all responsible ! DELFT University of Technology IV VGWM FM 25 m 25 m 25 m 25 m 25 m 25 m 25 m 25 m 25 m 25 m 25 m 25 m 25 m 25 m 25 m 25 m 25 m 25 m 25 m 25 m 25 m 25 m 25 m 25 m 25 m 25 m 25 m 25 m 25 m 25 m
IV Hazard Risk Management Research Responsibility + = Sustainable innovation Biosecurity shouldn’t be dependent on one serious caretaker. When the caretaker leaves security is lost. Bio security should be integrated in an overall hazard risk management system which is grounded in a culture of united responsibility