5 11, 2016

General Data Protection Regulation

2017-07-05T11:36:09+02:00Blog, Compliance, Cyber security|

Introduction This overview highlights the key themes of the General Data Protection Regulation (GDPR) to help organizations understand the new legal framework in the EU. Relevance Data Protection is a topic that can be analyzed from a risk perspective using the BowTie method. Our partner P@ssport offers training courses for Data Protection Officers Who does [...]

22 07, 2016

Common Cyber Attacks – Reducing the impact, Governance and the state of it now

2017-08-04T13:45:23+02:00Articles & Reports, Blog, Compliance, Cyber security, IT|

Guestblog - Peter Rus, Enterprise Architect for Passport The first country in the world that has implemented laws and not directives concerning protecting critical infrastructure were the United Arab Emirates. We in the Netherlands already have the Bill on Notification of data leaks (Wetsvoorstel Meldplicht datalekken en uitbreiding bestuurlijke boetebevoegdheid Cbp, the Bill). The Bill introduces a duty [...]

4 04, 2016

Functional Safety: the next edition of IEC 61511

2019-06-26T10:28:58+02:00Blog, Compliance|

On the 18th of May 2016, Mirek Generowicz presented a paper on 'Functional Safety: the next edition of IEC 61511'. This blog post refers to his paper, that is available here. Introduction Layers of Protection Analysis (LOPA) is presented in the IEC 61511 standard, and many of our users may not have yet discovered the [...]

21 01, 2016

European Offshore Safety Directive

2017-08-03T13:06:30+02:00Articles & Reports, Blog, Compliance, Maritime, Oil & Gas|

Following the Deepwater Horizon incident in the Gulf of Mexico in April 2010, the European Commission (EC) expressed its initial views on the safety of offshore oil and gas operations in its communication ‘Facing the challenge of the safety of offshore oil and gas activities’ (published on 13 October 2010). The EC communication concluded that [...]

5 01, 2016

Making risk data useful for all layers in your organisation

2017-08-03T13:11:27+02:00Blog, BowTieServer, Compliance|

People with different positions need different risk information. Senior Management shouldn’t be bothered looking at nitty gritty details, while on the other hand, these are the details that operational personnel actually needs to be able to execute their job. This is one of the challenges that will be resolved by BowtieServer: making the same risk [...]

8 07, 2015

ALARP thinking – Prescriptive safety: Have we gone too far?

2019-05-21T13:59:33+02:00Articles & Reports, Aviation, Blog, Compliance|

Guest blog from Risktec also published in Riskworld issue 27 2015 In NASA’s heyday, the safety of the space shuttle was assured by a strict adherence to ‘Flight Rules’. These were black and white rules that identified precisely what action should be taken under specific circumstances. For example, if instrumentation suggested a fuel cell had failed, the [...]

5 07, 2015

Contextual Information Management – Linking the “paper” compliance world to “real” barrier based risk management

2017-08-03T13:27:59+02:00Blog, BowTieServer, Compliance|

  The upcoming release of BowTieServer will include a contextual ‘wiki based’ information management system, as an integral part of BowTieServer. The BowTieServer Wiki allows documentation to be integrated into risk management. Instead of having separate documents floating around, the documentation can be part of the bowties and linked to specific sections or even paragraphs. [...]

5 01, 2014

Norwegian Oil and Gas Regulator Focusing on Safety Barriers

2017-08-03T13:33:20+02:00Blog, Compliance, Oil & Gas|

The oil and gas regulator in Norway, the PSA, has made barrier maintenance a priority for 2014. The PSA states, “Failure or weakening of barriers is a frequent cause of undesirable incidents in the petroleum sector.” The regulator finds that operators’ variability in the implementation of regulatory requirements is linked to differing levels of maturity [...]

7 07, 2013

Bowtie risk assessment for inspection authorities

2017-08-11T16:13:16+02:00AuditXP, Blog, Compliance|

The Enforcement Regulatory Cycle is extensively used to assist governmental agencies to manage the enforcement process and to develop inspection strategies. Risk-based inspection has been identified as the best practice for successful enforcement. The Bowtie methodology is a risk assessment method that can be used as a tool for risk communication and risk based inspections. [...]

5 10, 2012

Trust and control in the outsourcing industry for financial institutions

2017-07-05T10:10:37+02:00Blog, Compliance, Finance|

The International Standard on Assurance Engagements (ISAE) 3402 standard (former: SAS 70) is the world standard for service providers to give customers assurance on the quality of services they source out. The ISAE 3402 standard has a retrospective character. Due to increased attention by regulators for internal controls at financial institutions, the default ISAE 3402 standard [...]