Quality Management 2.0 Blog

Cyber Threat Risk Assessment for Products and Consumers

Posted by Mary McAtee on Mar 17, 2015 @ 03:00 PM

Understanding your Role and Responsibility for Risk Assessment and Controls

In almost everything in Quality there are multiple facets of responsibility. The same applies when we talk about cyber security and threat assessment. The last time I spoke about this topic I addressed our responsibility for protecting our own organization’s intellectual property and security. This time I am concerned with how we protect those who depend on the products and services we provide. Market demands for increasingly intelligent products coupled with rapidly evolving software and wireless technology provides the means for companies to deliver exactly what the market demands. What is equally clear is that the ability of companies to assess the risk for the user and their privacy is not coming close to keeping pace with these advances. Just because the capability for smart devices is more readily available is no guarantee that prudent product management decisions are being made. The media is filled with stories about misuse of everything from baby monitors to auto-assist parking in late model vehicles.

Read More

Topics: Risk Management, Risk Assessment & Analysis, quality and compliance, Risk assessment, Mitigation and Controls

Cyber Security and Threat Assessment for Risk Assessment

Posted by Mary McAtee on Jan 22, 2015 @ 09:00 AM

One of the positive peripheral results from the flurry of reactions to the movie, “The Interview” was a short-lived media focus on cyber-terrorism.  The recognition of cyber-attacks has been slow to evolve but is gaining traction. In the last major threat assessment document, prepared during the final year of the Bush Administration, the term Cyber Threat was mentioned by name less than ten times. Last year’s assessment prepared by the Obama Administration mentioned Cyber Terrorism less than 100 times. The current joint intelligence threat assessment document just released mentioned Cyber Terrorism more than 1000 times. C-SPAN recently televised the briefing to the House Intelligence committee by the NSA and CIA. As redacted as I am sure it was it was still chilling. Malware (most likely introduced by China years ago) has been identified in several locations in the infrastructure for the nation’s power grid and water purification and delivery systems. While this specific threat has been neutralized, the idea of a foreign government or other groups planting a latent threat that can be activated when and if the mood strikes is very unsettling. These are not simple annoying denial of service attacks. One of the municipal power generation facilities cooperated with the NSA and permitted activating the malware on one turbine generator control system. The program once activated, took control of the turbine and forced it to run out of safe operating limits until it self–destructed. One can easily imagine the impact on a major city and the entire economy if this or similar incidents were to happen.

Read More

Topics: Risk Assessment & Analysis

Proactive Threat Assessment and Risk Mitigation

Posted by Mary McAtee on Nov 19, 2014 @ 12:46 PM

Contingency Planning

Proactive Threat Assessment and Risk Mitigation

Maybe it is because I am a New Yorker and lived through both 9/11 and Superstorm Sandy but I have an ingrained set of memories related to both events. I remember the scramble to pluck people off of the shoreline after the Towers had fallen. Thousands of people were crammed between the Hudson River and safety. Everything that floated and could get close to shore became a rescue vessel. It was the most massive water evacuation since Dunkirk. Among the responding vessels were ferries, tugs, recreational crafts, Police and Fire Boats not to mention everything that the USCG could deploy for the effort. With the exception of the professional rescue vessels, all the responders were pretty much making it up as they went along, yet they still managed to save thousands. What emerged from the experience was the realization that there needed to be coordinated rescue plans and training for urban water disasters. Less than a decade later that training and contingency planning effort was put to good use. Within three minutes of Sully hitting the water in what became known as the “Miracle on the Hudson” a very well-coordinated flotilla of ferries and working vessels were off-loading survivors. During Superstorm Sandy, no one expected a storm surge that would flood the Midtown and Battery Tunnels all the way to their ceilings. The same inundation of floodwaters swamped the basements of hospitals and other critical infrastructure facilities. The unforeseen consequence of 30 feet of floodwater in the basements of major hospitals and emergency planning facilities was the total submerging and destruction of emergency power generation equipment. Every critical building had redundant power generating equipment and thousands of gallons of fuel all of which was located in basements and sub-basements and were totally rendered useless and in many cases added fuel spills to compound the problem. Millions have been spent to relocate generators and fuel supplies to roofs and underground tank systems. These are just two cautionary tales about the failure to identify and mitigate risk.

Read More

Topics: Risk Assessment & Analysis, risk mitigation

Risk Assessment - What Could Possibly Go Wrong?

Posted by Mary McAtee on Oct 22, 2014 @ 04:00 PM

Like pretty much everyone else with a pulse I have watched the sad spectacle of Ebola marching into my living room on every news outlet. Much like an anvil hitting a cartoon character repeatedly, I am gob smacked by the cascading series of lousy decisions made at every level.

Read More

Topics: CAPA, APQP, Risk Management Software, FMEA, Risk Assessment & Analysis

Overlooked Supply Chain Management Areas?

Posted by Mary McAtee on Jul 15, 2014 @ 04:00 PM

Mitigation and Contingency Controls

My colleagues and I have addressed various approaches to formal Risk Assessment. We have talked about the methodology for utilizing Risk Assessment tools for overlooked areas such as Supply Chain Management. We even conducted a webinar on best practice for assessing and managing risk.

Read More

Topics: Supply Chain Management, IBS America, Mary McAtee, Risk Assessment Software, Risk Assessment & Analysis, Supply Chain Risk

Risk Management - Depend on your QMS Tools

Posted by Mary McAtee on Jul 02, 2014 @ 03:15 PM

Risk Management as a Career Tool

In the last blog I vented my most annoying compliance issue. This week I thought I would switch gears to my most amusing and embarrassing Quality moments.

Read More

Topics: Quality Management Software, QMS, Mary McAtee, Corrective Actions and Preventive Actions, Risk Management Software, Risk Management, FMEA, Risk Assessment Software, Risk Assessment & Analysis

Data Overload: Obscuring the Forest with Trees with Risk Analysis

Posted by Mary McAtee on Apr 04, 2014 @ 11:00 AM

Statistical Analysis, Trending and Risk Assessment Pitfalls

One of the few gifts of being older is a sense of perspective. Interestingly it cuts both ways. For every situation where I am impressed by the immediate availability of Business Intelligence data I am equally perplexed by the seemingly conscious efforts of organizations to ignore or misread the data. There are all sorts of data collection systems that can keep a finger on the pulse of a process and the quality and risks associated with the outputs.

Read More

Topics: IBS America, QSYS, Mary McAtee, Corrective Actions and Preventive Actions, Document Management Systems, Corrective Action Software, Risk Management Software, Risk Assessment & Analysis, corrective and preventative actions

Browse by Tag