Risk Management in Critical Infrastructure Industry
- ICS cyber security, ics security, ics security assurance, ics security training

In critical infrastructure industries, such as energy, water telecommunications, mining, and transportation, risk management is an important framework for ensuring the risk across the entire organization is always under its “safe” level. The risk itself can be in the form of operational risk, safety risk, financial risk, or other types of risks. By managing the risk properly through the systematized framework, the risk can be controlled at its safest level and aligned with the corporate risk appetite. Risk management has several core steps to be undertaken to ensure risks are managed properly, the following are the stages of risk management:
• Hazard Identification
Identification of types of hazards is one type of accident identification, this includes systematic identification of potential hazards in the area of operations, such as chemical hazards, ergonomic hazards, biological hazards, electrical hazards, and other types of hazards.
• Risk Assessment
Risk assessment deals with how to assess the hazards and map them into certain levels (usually using a risk matrix) to determine their consequences and probabilities. Risk assessment often involves qualitative (descriptive) and quantitative (numerical) methods to evaluate risk based on factors such as frequency of exposure, severity of consequences, and number of people affected.
• Controlling the Risk
The risk should be controlled to be able to position it to a certain level. The acceptable level of risk also known as ALARP level, stands for “As Low As Reasonably Practicable”. Risk control involves the prevention and mitigation actions.
• Controls Implementation
The next stage of the risk management framework is to implement the risk controls strategy as described in point no. 4. The aim is to implement the controls properly to eliminate or reduce the risk to its ALARP level.
• Continuous Improvement
This step requires all involved entities to always review the existing risk through periodic risk review, re-design the controls strategy as required, ensuring the situation that can lead to risk is always managed properly by incorporating all changes against the existing environment that can affect the risk scenario and its strategic controls action.
The effectiveness of risk management planning and implementation will influence the safety assurance of critical infrastructure entities to achieve safety assurance. The goal of risk management is not to focus only on the people, but also the environment, operations, financial, and all stakeholders. Being safe means, we can provide a safe environment for all people to work in, a safe environment for all stakeholders to become our partners and a safe environment for all to become our strategic support in achieving the goals of the organization.