Why you need a risk management programme and how to get started

• Train employees on company policies, safety programmes, information management and emergency response. Provide regular refresher training for all employees. Create documented training records. 
• Develop, review, and test your emergency evacuation plan at least every 12 months. 
• Include background checks and employment history verification when hiring. 
  
• Use a security system that removes access for former employees and contractors. 
  
• Establish policies and safeguards to protect against fraud and embezzlement. 
  
• Train employees to properly use and maintain personal protective equipment  
  
• Make sure you have a suitable ergonomics program in place. 
  

• Identify all hazardous materials (including flammable or combustible liquids) and ensure that suitable controls are in-place to safely use, store, dispense and dispose of these materials. 
• Ensure that fire risks have been suitably assessed. Fire control equipment should be maintained in an operable condition and serviced in accordance with applicable standards. Fire detection equipment should be appropriate for the premises and signal to a constantly attended location. 
• Maintain clear, unobstructed access routes and work spaces. 
• Ensure electrical systems are installed and inspected in accordance with applicable Regulations. Replace any extension cords with permanent wiring. 
• Ensure machinery has appropriate guards and documented lockout/tagout procedures. 
• Provide a suitable, controlled, reception space for visitors.

• Implement a Business Continuity Management program and develop Emergency Response Plans. Review the program and exercise the plans annually. 
• Prepare for natural hazard events. For example in a flood zone move critical assets above the potential flood levels; have appropriate materials available (sandbags, flood barriers, etc.); install controls to prevent pollution.  

• Have in place a formal cyber security policy with input from a qualified IT security professional using accepted cyber security standards, such as the ISO27001 or NIST Cyber Security frameworks. The policy should cover all business systems (including, for example, administrative databases, manufacturing software and design systems, CRM & ERP tools), network connections with customers and vendors, cloud storage and back up management systems, and secure product development processes.  
• Ensure Cyber events and response plans are included in your Business Continuity Management Programme 
• Create a specific Data Breach Response Plan to assist with the containment of, investigation into and notification requirements following any data security incident. Ensure it is annually reviewed and tested to remain effective and relevant.  
  
• Regularly back up critical data and system information, store off site and test its recovery, ensuring the recovery capabilities meet your business needs sufficiently to minimise impact on revenues in the event of system failure/data loss. 
• Implement robust access management procedures throughout your network, including access to critical systems and sensitive data including personal, health, and confidential business information.  
• Train your staff at least annually on good cyber hygiene, including strong password management, social engineering/phishing awareness, and the importance of protecting sensitive information. 

For more information about how we can help you mitigate risk in your business, visit our Property and Casualty Risk Engineering page >