SYMBIOSIS CENTER FOR INFORMATION AND TECHNOLOGY

RISK ASSESMENT REPORT

SIC MESS

SUBMITTED BY:
Shruti Moon (11030241174)
Sumit Nautiyal (11030241177)
Aliasgar Kaderji (11030241189)
Palak Dabas (11030241190)
Kinjal Gupta(11030241191)

1
 Table of Contents

1. INTRODUCTION............................................................................1

1.1 INTRODUCTION…................................................................1

1.2 SCOPE OF RISK ASSESMENT.....................................……2

1.3 APPROACH TO RISK ASSESMENT....................................2

2. RISK IDENTIFICATION................................................................3

2.1 RISK IDENTIFICATION........................................................3

2.1.1 IDENTIFICATION OF THREATS......................................3

2.1.2 IDENTIFICATION OF VULNERABILITY........................4

2.1.3 IDENTIFICATION OF RISKS..........................................5

3. CONTROL ANALYSIS.................................................................6

3.1 CONTROL ANALYSIS.........................................................6

4. THREAT IMPACT & LIKELIHOOD............................................7

4.1 THREAT IMPACT & LIKELIHOOD DETERMINATION............7

5.OVERALL RISK.........................................................................8

5.1RISK LIKELIHOOD DETERMINATION.................................8

5.2RISK IMPACT ANALYSIS....................................................8

5. RECOMMENDATIONS................................................................9

2
 LIST OF TABLES

TABLE1: RISKCLASSIFICATION……………………2

TABLE 2: CREDIBLE THREATS …………………………3

TABLE 3: VULNERABILITY IDENTIFICATION………..4
TABLE 4: IDENTIFIED RISKS…………………………….5
TABLE 5: THREAT ANALYSIS……………………………7
TABLE 6: RISKLIKELIHOOD DETERMINATION………8

3
 CHAPTER 1
INTRODUCTION
1.1 INTRODUCTION
We performed the risk assessment of SIC mess . The contract of SIC mess is with COMPASS
GROUP INDIA . It is a UK based company. The risk assessment is performed in accordance with
the methodology described in NIST guidelines . We have used a qualitative approach to do the risk
assessment. It includes following steps:

1. Data gathering:
2. Establish Threat library:
3. Impact and likelihood of threat
4. Vulnearbility assessment
5. Evaluate existing controls strength
6. Total Risk value
7. Evaluate residual risk
8. Recommendation
9. Reporting

Participants and their roles in risk assessment include the following:-

Mr. Deepak Kumar, site manager, he is the stake holder of SIC mess and has provided information
through interview and questionare. He bascically train the employees of the mess about the safety
measures to be taken during work . He keeps a check on the safety of the employees..

Mr. Sanjeev Tiwari, stock keeper , provided information through interviews . He is responsible for
receiving the grocery , vegetables , milk and also check the quality of the received product.

Employees (mess staff), provided information through interviews and questionare . They safely carry
out the food process , proper handling of equipment , report ill health to their supervisor.

Mr. Dilesh Patle , Supervisor , provided information through interviews and questionare. He Checks
the personal cleanliness of food handlers, keep check on the employees,Keep track of food preparation
process.

Mr. Nilesh Adiwale, Supervisor , provided information through interviews and questionare. He
Checks the personal cleanliness of food handlers, keep check on the employees,keep track of all
maintenance work.

4
Mr. Sonu Bhavankar , supervisor , provided information through interviews and questionare. He
Checks the personal cleanliness of food handlers, keep check on the employees.

1.2 SCOPE OF RISK ASSESMENT:

SIC Mess

The scope of our risk assessment is SIC mess in general. In this we considered the risk due to
employees of compass group handling the SIC mess , risk involved in food handling, due to
environment . Bascically we have considered all manmade risks like risk due to employees in handling
food and disgruntlesd employee. All environmental risk like risk due to electricity, fire spread , water
spillage etc.

1.3 APPROACH TO RISK ASSESMENT:

As described above the approach used in risk assessment is qualitative approach . In the qualitative
approach we classify the risks as High , moderate and low. Then give definitions to all these High,
moderate and low. We classify the risks as described below:-

Table 1: Risk Classification

Risk Level Risk Description
High Severe effect like harm to individual’s life
Medium Serious impact on operations
Low Limited impact or very less impact

Based on this classifications all the risks that are found in the system are to be given rating of high
moderate and low.

5
 CHAPTER 2
RISK IDENTIFICATION

2.1 Risk Identification

The purpose of this step is to identify the risks to the mess. The risk occur in the system when
the vulnerabilities in the system or its environment can be exploited by threats.

The process of risk identification consist of three components:

1. Identification of threats

2. Identification of vulnerabilities
3. Identification of risks

2.1.1 Identification of Threats:

The purpose of this component of risk identification is to identify the credible threats. A threat
is credible if it has the potential to exploit an identified vulnerability. Threats were gathered
using questionare and interviews.List of threats identified is as follows.

Table 2:Credible Threats Identified for SIC Mess

Fire Contaminated food Slips , Trips & Falls

Lpg Gas Leakage Electricity Power Failure

Disgruntled employee Improper Handling of Tools Human Error

and Machinery

Chemical spills Smoker’s material Hot surface

Pest n insects Hazardous substances Water cooler

Electrical Appliances Cylinders Smoker’s Material

6
2.1.2 Identification of Vulnerability :
The second component is to identify the vulnerability. Following are the vulnerabilities found in
the system.

Table 3: Vulnerability identification

Gas Leakage Excess soda in food Improper Food Temperature

Excess Heat Unhygenic food condition Unauthorized entry of people

Improper ventilation Excess cleaning chemical Water Spillage

Naked Flame Insects and pests Food Spillage

Smoker’s material Substandard Cooking material Slippery Surface

Carelessness in Handling Stale food Leakage in Cylinder

Improper circuitery Exposed points Lack of Awareness

Lack of Stringent Policies Improper Employee Prolonged exposure to

verification machines noise

Dirty Nails Improper maintenance Uncovered hairs

Carelessness in informing Improper pest control Improper Cleaning of food

about preparation area

Improper disposal of wate and Lack of knowledge about Improper storage

left out chemicals

Improper usage Short circuit Voltage Fluctuations

Power Cuts Transformer Damage Unclean cooler

7
 2.1.3 Identification of Risks
The final component is to identify the risk by pairing the threat and vulnerability which
lead to the risks. Following is the list of risks

Table 4: Identified Risks

Loss of individual’s life Loss to assets Infrastructure loss

Food Poisening Vomitings Allergies

Fever Throat infections Juandice

Diahoeara Injuries Fatal accident

Sprains & bruises Cuts Muscle tear

Fracture Damage to mess Food Spoilage

Contamination of food Damage to machinery Disruption in operations

Spread of infection Delay in food delievery to Deafness

the students

Refer Excel Sheet 1: Risk Identification

IRM Excel Sheet.xlsx

8
 CHAPTER 3
CONTROL ANALYSIS
3.1 CONTROL ANALYSIS
The purpose of this step is to find the existing controls that are in place in the SIC mess. These
controls correspond to the requirements of the policy, Standard and audit standards.

Refer Excel Sheet2: Control Identification

IRM Excel Sheet.xlsx

9
 CHAPTER 4
THREAT IMPACT & LIKELIHOOD

4.1 THREAT IMPACT & LIKELIHOOD

In this step we find the impact and likelihood of threat. And from that we find the consolidated
value of threat.

Table 5: Threat Analysis

Threat likekihood
Threat Impact HIGH MODERATE LOW

HIGH HIGH MODERATE MODERATE

MODERATE MODERATE MODERATE LOW
LOW LOW LOW LOW

Refer Excel Sheet3: Threat consolidated value

IRM Excel Sheet.xlsx

10
 CHAPTER 5
OVERALL RISK

5.1 RISK LIKELIHOOD DETERMINATION

The purpose of this step is to assign a likelihood rating as high , moderate or low to each
risk defined in table 3. This is a subjective judgement based on the likelihood a
vulnerability mightr be exploited by a credible threat. The following factors should be
considered:

 Probabaility of threat occurrence based on previous experience and situation

 Existence and effectiveness of current or planned threats.

Table 6: Risk Likelihood determination

Threat likekihood
Effectiveness of controls LOW MODERATE HIGH

HIGH LOW LOW MODERAYE

MODERATE LOW MODERATE HIGH
LOW MODERATE HIGH HIGH

5.2 RISK IMPACT ANALYSIS

The purpose of this step is to assign a impact rating as high , moderate or low to each risk defined in
table 3. The impact rating is determined based on the severity of the adverse impact that would result
from an occurrence of the risk.

Refer Excel sheet 4: Overall Risk

IRM Excel Sheet.xlsx

11
 CHAPTER 6
RECOMMENDATIONS
6.1 Recommendations:
The purpose of this step is to recommend additional actions required to respond to the
identified risks as appropriate to the operations of mess. The gaol of the recommended risk is
to reduce the residual risk to the mess. The following factors should be considered in
recommending controls and the alternative solutions to minimize or eliminate the identified
risks.

Legislation and regulation

Safety and reliability

Operational impact

Refer Excel sheet 5:Recommendations

IRM Excel Sheet.xlsx

12