The accreditation criterion, “Measurement, Analysis and Improvement”, aims to improve a company’s security policies and practices, and reduce potential risks through implementing a security management system.

A security management system generally includes the followings: identification of hazards, assessment of risks and implementation of remedial measures. The company shall first define the scope and methodology of assessment, and devise relevant procedural guidelines and checklists. A designated staff shall then be appointed to perform routine internal supply chain security risk assessment, as well as to follow up corresponding remedial measures.

Through identifying and analyzing possible hazards faced by each operational process and security measure, the assessment staff shall quantify the probability of occurrence of each hazard and its consequential damages. In general, the assessment staff shall work collaboratively with the field supervisor in charge to analysis related hazards in each operational process.

Upon obtaining the quantified data, the assessment staff can calculate the risks faced by the company. Risk is the product of multiplying the probability of occurrence by consequential damages of each hazard. The risks of different hazards shall then be grouped into different risk categories. For example, a certain accident has a high probability of occurrence and will cause serious damages, its risk may be classified as extremely high.

The assessment staff shall then make respective improvement recommendations for specified risk categories according to the company’s policy. Improvement works usually alleviate the risks by reducing the probability of occurrence, like removing a certain dangerous work process from daily operations; or by reducing the possible consequential damages, such as equipping staff working at height with safety harnesses.

At last, senior management shall examine the submitted recommendations and follow up on those implemented to ensure they are effectively executed. They shall also provide relevant training for the assessment staff on conducting risk assessment.