Risk Causes Controls
Inappropriate/unauthorised release of emergency warning to the public Lack of/ineffective training/familiarity with the system Training course provided to all employees on system
Competency testing of employees including scenario testing
Detailed change management plan, including familiarisation requirements, for any upgrades to the system
Self-explanatory/simple categorisation of drills
Inappropriate/confusing categorisation of actions within the system Categorisation chart maintained at each work station
Simplified Graphic User Interface
Explanatory notes available within the system when hovering over the link
Lack of/ineffective regular testing of the system Test program for internal systems testing
Test program for external/public systems
Test procedures and checklists for each type of test
Lack of/ineffective verification system prior to release of warning System design includes verification of selection from drop-down menu
For initiation of public "non-drill" warning, additional verification required
Supervisor to release "non-drill" warning with verification code
Software failure Software maintenance program
Software testing
External cyber attack Firewalls
IT Security Policy
Penetration testing program
Disabling of external storage device capability
Regular training/updates/bulletins in relation to cyber-security threats
Lack of/ineffective warning protocols built into the system Audible alarm connected to "non-drill" initiation of warning system
Alarm initiated on Supervisor's computer as well as employee's
Supervisor to release "non-drill" warning with verification code
Deliberate action by an employee Background checking of employee upon hiring
For initiation of public "non-drill" warning, additional verification required
Supervisor to release "non-drill" warning with verification code
Lack of/ineffective supervision Policy requiring Supervisor "on the floor" at all times
For initiation of public "non-drill" warning, additional verification required
Supervisor to release "non-drill" warning with verification code
Lack of attentiveness by employee Rostering policy
Fatigue Management Plan
System designed for one person to be able to release warning For initiation of public "non-drill" warning, additional verification required
Supervisor to release "non-drill" warning with verification code
Audible alarm connected to "non-drill" initiation of warning system
Alarm initiated on Supervisor's computer as well as employee's
Lack of/ineffective handover on shift change Handover procedure
Lack of verification of source of information prior to warning being issued Source verification policy
Source verification procedure
For initiation of public "non-drill" warning, additional verification required
Supervisor to release "non-drill" warning with verification code