Control System Ongoing Improvement
Malfunctions identified via permanent operation monitoring or during periodic reviews are referenced and analyzed. Corrective actions are then planned and implemented.
• Malfunction identification
The malfunctions to be examined are identified using a number of available sources: the initial remediation plan, feedback on risk remediation and incidents in installed control systems, and periodic reviews by operational management.
• Malfunction analysis
Malfunctions are studied to deduce risks faced by the organization. These are then analyzed as previously discussed by determining risk factors with the possible help of a cause-and-effect diagram.
• Risk treatment implementation
When the risk treatment actions to be undertaken, the control data storage requirement, and the risk measurement indicators to be implemented have been determined, an action plan including the necessary resources, budgets, deadlines and implementation managers is defined.
• Risk treatment action plan monitoring
The frequency and terms of risk treatment plan monitoring are established.
The
HOPEX Business Process Analysis repository enables the definition of controls carried out during enterprise business process execution, and the specification of which organizational, IT or human resources will implement them (see
Risk Treatment and Controls).