Implementing Governance Systems in Higher Education and Healthcare
Dive into the world of governance with a focus on safety, security, and risk management in higher education and healthcare settings. Explore the core principles of governance frameworks, the importance of managing multiple management systems, and the integration of safety and security protocols. Discover how organizations like the Academic Medical Centre and University of Amsterdam Medical Centre prioritize governance for societal safety and meet evolving threats effectively.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
Governance: a way of management Integrated Safety and Security Management System Higher Education (MISH) Beer Franken Academic Medical Centre (AMC) University of Amsterdam Medical Centre
AMC introduction AMC 1,000 beds 10,000 daily visitors 4,500 students 7,000 staff 970 million annual turnover In process of merging with Amsterdam-based VUmc (roughly 80% of AMC's size)
My introduction Information security & privacy protection Cooperate with security (physical access, thefts), health & safety, environmental protection Meddler with respect to device safety, software safety, risk management (non- financial) Nosy parker on patient safety
Why manage governance Safety, security, hazards, risks, health, protection etc: not (y)our core business Societal expectations: safe, secure etc Increasing societal complexity Continuous evolving threat landscape Big consequences, sometimes huge Not in control? No sign-off from the accountant Risk appetite needs substance
The core of governance PDCA: Plan the processes to reach the target Do: execute the processes & collect data Check the results & compare with the target Act: adjust the processes to get back on track
PDCA implementation Implemented in most management systems, eg: ISO 9001 quality management ISO 14001 environmental protection OSHAS 18001 occupational health & safety ISO 20000 IT service management ISO 27001 information security ISO 55000 physical asset management SA8000 social accountability
Managing multiple mgmt systems More difficult as they grow in number Many, many differences at detail level Led to confusion and implementation problems ISO came up with a high level structure (HLS) for management systems Makes it easier to use multiple management systems MISH is based on HLS
MISH deliverables The (normative) MISH itself (12 pages of text) The manual (or how-to guide) (over 60 pages) Both in English and in Dutch Freely downloadable from http://integraalveilig-ho.nl/thema/integraal/organisatie/mish/ and http://integraalveilig-ho.nl/thema/integraal/organisatie/ managementsysteem-integrale-veiligheid/ repectively
Preparation phase The institution and its environment Parties' needs and expectations Scope Establishment of a management system Leadership and engagement Mgmt system institutionalized in policy docmt Responsibilities (RACI) and powers (responsible, accountable, consulted, informed) } risks
Risk-based (1) Damage classes for organisation very high Leads to bankruptcy, end of activities or comparable. high 10 million damages in one year; prohibits organisation to execute (part of) strategic plans; repair of reputation takes > 3 years; damaging liability claim 5 10 million damages in one year; requires time and attention of the executive board; reputation repairs take 1 3 years medium low 1 5 million damages in one year; requires considerable management attention; reputation damaged in national media very low < 1 million damages in one year; requires some management attention; some negative publicity 13
Risk-based (2) Damage classes for individuals catastrophic >1 death; life changing disability; serious trauma with slow recovery expectation ditto fatal 1 >1 serious trauma with medium recovery expectation; serious psychological trauma ditto very serious 1 >1 trauma with medium recovery expectation; considerable psychological trauma ditto serious 1 >1 trauma with fast recovery expectation; psychological discomfort ditto nuisance 1 14
Risk-based (3) Chance classes very small 0,5% within a year | once in 200 years small 5% within a year | once in 20 years medium 10% within a year | once in 10 years | twice in 20 years large 20% within a year | once in 5 years | 4 time in 20 years very large 50% within a year | once in 2 years | 10 times in 20 years 15
Risk-based (5) Risk classes chance very small small medium large very large damage class 5 high high high very high very high 4 medium high high high very high 3 medium medium high high high 2 low medium medium medium high 1 low low low medium medium 16
Scope Working conditions (health & safety) Environmental protection Public safety Integrity (staff, research) Information security Privacy (complaince) Intellectual property protection Hazardous materials and substances Internationalisation Building security Crisis management Radicalization etc etc etc yes/no? yes/no? yes/no? yes/no? yes/no? yes/no? yes/no? yes/no? yes/no? yes/no? yes/no? yes/no?
Plan-phase (1) Actions on the risks and responsibilities that are achievable banning undesirable activities continuously improving Set targets for relevant levels, roles and jobs specific, measurable, time-bound, assessable with allocated resources, assigned responsibilities being carried out and monitored
Plan-phase (2) Support Resources Competencies Awareness Communication Documentation (production, processing and management
Do-phase Execute! define criteria for the processes manage the processes in line with the criteria keep documented information up to date make sure that processes are carried out as planned
Check-phase (1) Monitor, measure, analyse and evaluate what, how, what and when Execute an internal audit plan and execute audit programme(s) define audit scope and audit criteria select auditors,safeguard neutrality and objectivity report audit results to relevant management retain proof of the audit and the audit results
Check-phase (2) Perform an executive review: status of actions from previous mgmt reviews changes in relevant external/internal matters information on the implementation of MISH: non-conformities and corrective action monitoring and measurement results audit results opportunities for continuous improvement
Act-phase Non-conformities and corrective actions manage and correct nonconformities resolve the consequences prevent repeats implement necessary actions and assess the effectiveness of each corrective activity make changes to mgmt system, if necessary Continuously improve suitability, adequacy and effectiveness of mgmt system
Intended results Fulfilled requirements and expectations of stakeholders and other parties Integrated control over security, with capability maturity modelling: initial unpredictable, chaotic repeatable professionals at work defined professionalism in place managed quality comes into focus optimized well-oiled machine, fine-tuning only
The handbook Explains explanations how-to's Elaborates how to self-assess additional sources of information Exemplifies sample implementation shows relationships
