Free trial

30 November 2015

Network Rail reveals new approaches to risk management

Content team

Network Rail has revealed how it has developed new risk management strategies in order to take a broader but more nuanced approach to assessing potential threats to its business.

The company, which owns and manages the majority of rail infrastructure in England, Scotland and Wales, is trying to move away from the outdated, one-dimensional perception of risk management.

Speaking at Computing magazine's Enterprise Security and Risk Management Summit 2015, Paul Watts, head of information security at Network Rail, said the traditional view of corporate risk management focuses on potential impediments to achieving key business outcomes.

In the past, methods of measuring risk have been similarly blinkered, failing to look beyond the probability of certain problems and their potential impact.

"That single dimension of risk measure no longer supports the modern-day demands for good enterprise risk management," said Mr Watts.

The Network Rail executive illustrated his point by referring to how less mature companies typically approach risk management - by developing and implementing a rigid strategy that is not revisited for years, by which time the risk environment has altered dramatically.

Discussing the unique methodology his own company is now using, Mr Watts said risk assessment should be a flexible, considered process that takes into account various potential outcomes.

"Risk is [now] measured and qualified against multiple vectors of risk outcome or impact such as safety - which is absolutely critical to Network Rail - financial, legal, regulatory and reputational," he explained.

In light of the new threats emerging in the digital age, one of the company's biggest risk management considerations - particularly when it comes to acquiring new digital technologies for railways - is cyber security.

Mr Watts revealed that security assurance and asset security accreditation schemes are among the main components of Network Rail's ongoing cyber security business transformation programme.

Content team, Bureau van Dijk

How Bureau van Dijk can help you

Certainty is a highly-prized commodity in business. Data might be getting bigger all the time, but this only makes extracting value from it more difficult.

In capturing and treating private company information we aim to give you more certainty – and help you make better decisions and work more efficiently.



Our solutions are designed to help different business challenges and streamline your workflow. Many of our customers blend our information with their own internal data to get a more complete picture of the companies in their ecosystem.

Try our more certain approach –
welcome to the business of certainty.