In the first part of this process based risk analysis example we have identified risky activities and separated them from the activities that we consider to be at no risk. Now we will inspect the remaining endangered activities in more detail. We want to find out, which technical entities are involved and what their technical risk is. The intention is to identify technical entities that we have to protect and to separate entities that we may ignore. That gives us the capability to reduce the amount of protective measures. The result will be a list of sensitive key entities and their technical risk.
Entities involved in activities
We have identified three critical activities so far: Alarm company’s fire fighters, alarm city fire department and alarm company’s security service. If those activities cannot be performed properly our company has a serious problem.