Risk Assessment Plan
Risk Management Plan for Defense Logistics Information Service
Ronald E. Horne
This Risk Management Plan is an overall look at how Defense Logistics Information Service can protect it’s data. The implication of lost confidential government data is the primary cause for this plan, and will be treated with the utmost importance.
2. GUIDING PRINCIPLES
This plan will be presented through a formal, written, written risk management, and security safety program.
The Security Safety and Risk Management Program supports the DLIS philosophy that government safety and risk management is everyone’s responsibility. Teamwork and participation among management, providers, and staff are essential for an efficient and effective patient safety and risk management program. The program will be implemented through the coordination of multiple organizational functions and the activities of multiple departments.
DLIS supports the establishment of such clauses and best practices. An in depth look at mistakes made and ways we can learn from them will be at the forefront of out investigation. Constructive feedback will play a large part as well. In a just culture, unsafe conditions and hazards are readily and proactively identified, mistakes are openly dicussed, and suggestions for systematic improvements are welcomed. Individuals are still held accountable for compliance with safety and risk management practives. As such, if evaluation and investigation of an error or even reveal reckless behavior or willfull violation of policies, disciplinary actions can be taken.
3. SCOPE AND BOUNDARIES
The DLIS Security and Safety Risk Management Program encompasses many operational departments and services throughout the organization. Including the following:
• Buildings and grounds
• DOD regulatory compliance
• Disaster preparation and management
• Employee health
• Even/indcident/accident reporting and investigation
• Human resources
• Information technology
• Legal and contracts
• Safety and security
• Staff education
Further, events and risks will be analyzed based on:
• Requests for confidential data
• Reports and minutes
• Event, incident, or near miss reports
• Monitoring systems based on objective criteria
• Results of failure mode and effects analysis of high risk processes
• Root-cause analyses of sentinel events
All policies will be in compliance with the following:
Section 2330a of title 10, United States Code (10 USC 2330a), requires the Secretary of
Defense to submit to Congress an annual inventory of contracts for services performed during the prior fiscal year for or on behalf of the Department of Defense (DoD). The inventory must include the number of contractor employees, expressed as full-time equivalents for direct labor, using direct labor hours and associated cost data collected from contractors, except that estimates may be used where such data is not available and Carul0t reasonably be made available in a timely manner for purposes of the inventory.
In an interim response provided to the congressional defense committees on July 18, 2011, the USDCP&R) stated that the 44 individual Components would develop their respective plans in coordination with his staff and would submit these plans directly to the congressional defense committees by September 30, 2011. To date, the Office of the USD(P&R) has reviewed 41 of 44 plans, of which 36 have been signed by Directors/Commanders or other senior Component leadership official. The 36 signed plans received to date were provided to the Congress and serve as the basis for the Department's plan at Enclosure I. The remainder of the individual Component plans shall be