Does State of Flux carry out a robust risk assessment and management process? – SupplierBase

At State of Flux, risk assessment is carried out at different levels, primarily at the business functions level. Risk assessments are carried out for: Projects, IT, Operations and HR. We have proper processes, templates and roles in place for continual risk management.

The Head of each department identifies the risks with the help of their team. A manager is assigned in every project and one of their roles is to foresee any risk that might occur during the life of the project and ensure they do not become issues. This is done by analysing the impact of this risk taking place. If, however, a risk becomes an issue, it can be handled within the team and, if required, it is escalated to director level.

We also continuously review our risk templates and are improving them for better recording and documentation of company risks. There are weekly and monthly meeting updates with live and ongoing projects with the managers, executives and board of directors where potential risks and issues (when identified) are discussed and actions are put in place to resolve such issues. We run annual trainings to better train our team so that everyone understands their role and responsibilities and it also covers risk management.

Also, penetration tests are performed on an annual basis on the SupplierBase application. A penetration test is a simulated cyber-attack against the system, which aims to uncover vulnerabilities in order to fix them and enhance our security policies. According to the results of the penetration tests, we make the changes and fixes that need to be implemented.