Final Draft OSeM Batch Repoting iRAISE_consolidated

TERHAD

BRIEFING ON BATCH REPORTING FORM

Process Flow Chart, Fill Guidelines and e-FORM simulation
Socialisation with OSeM staff

By RISE
23 Mar 2021

1

Type of Incidents and Reporting Channel TERHAD

iRAISE E-Mail to: FMCares

Mechanical/Electrical Equipment Failure – High Security Zone/Impact Building and Infrastructure
• Security System - CCTV, PIDS, AACS, BVAS, VMS • Lift or door malfunction
• Security barrier • Collapse of building or structure
• Speed gate • Fire-related system malfunction
• Access card to High Security Area (HAS) • Lighting malfunction
• Firearm and other security equipment • Glass breakage
Physical Security Risk • Water Leakage
• Unauthorised physical entry • Damage/loss of Bank’s assets
• Terrorism e.g. Bomb Threats and attacks • Untrimmed Shrub, Bush and Fall Tree
• Seizure of prohibited/dangerous items
• Civil Unrest E-Mail to: Business Owner
• Public Disturbance e.g. mental illness, threaten to PB
• Vandalism SHE Incident (PERMI - DSO)
Internal Fraud and Corruption • Death, severe injury
• Accidents/General Liability (injury, slips and falls)
Leakage of confidential and secret information to external party e.g. • Health Impairment/Occupational Disease
vendor • Epidemic
• Breach of health and safety law/regulations
iRAISE-Batch Reporting • Negligence on safety at workplace
• Animal Intrusion e.g. snake, monkey
Mechanical/Electrical Equipment Failure – Low/Med. Security Zone/Impact People Risk (JMIS)
• Security System - CCTV, PIDS, AACS, VMS • Breach of CoE or unethical behavior e.g. harassment
• Security barrier Designated Working Person/Group
• Speed gate • Whistleblowing cases
• Access card
2

Reporting Timeline TERHAD

Escalation to Escalation to Escalation to
Director, respective CIO/
Incidents DRO and CSO/ AG/ DG Governor and relevant Report/Upload Verification Approved in IRAISE
RMD RPOs (Risk Policy in IRAISE
Critical, major or moderate in IRAISE Within 3 months
impact** Immediate Owner) (New) Within 7 (or action plans
SHE incidents working days
Immediate Immediate Within next completed)
(Potential breach of risk working day
appetite and tolerance)* from discovery

Minor and insignificant Director’s Batch reporting
Impact** (New) discretion on monthly
basis

*Please refer to Appendix I for the Bank’s Risk Appetite and Tolerance
**Please refer to Appendix II for Impact Parameters Tables

3

OSeM Batch Reporting Flow Chart TERHAD

Procedure Who When

Start

Incident discovered by 1st Reporter i.e Polis Bantuan
contact person i.e. Reporter or OSeM staff

Fill in the ‘Incident Capture’ Refer slide 7 Reporter i.e Polis Bantuan Immediate – within 24hrs.
sheet/tab or OSeM staff Within 7 working days

Fill in the ‘Root Cause’, Refer slide 8,9 Verifier i.e Premise Officer
‘Impact’ and ‘Action Plan’

sheet/tab

Continuous monitoring and B Verifier i.e Premise Officer Daily/Weekly
regularly update Batch Verifier i.e Premise Officer 4

Reporting form on action
taken by vendor

Submit Batch Reporting
form to RISE

A

OSeM Batch Reporting Flow Chart TERHAD

Procedure Who When

A

Consolidate and standardise RISE Officer Every 15th and 30th of the month
Batch Reporting form 1st of the next month
RISE Officer
Delegate Batch Reporting
form to relevant unit Respective unit e.g.
TECHPRO Officer
Batch Reporting details to be
validated or verified B
Yes
Need further clarification?
Respective unit e.g. 4th of the next month
No TECHPRO Officer 5
Return Batch Reporting

form to RISE

C

OSeM Batch Reporting Flow Chart Who TERHAD

Procedure RISE Officer When
RISE Officer
C Deputy Director/Director 5th of the next month
Deputy Director/Director 5th of the next month
Final review Batch B Deputy Director/Director
Reporting form Yes RISE Officer 6th of the next month
7th of the next month
Submit Batch Reporting
form to Approver 6

Approver to review Batch
Reporting Form

Need further clarification?

No
Approve Batch Reporting
form and return to RISE

RISE to upload the Batch Refer slide 10
Reporting Form to iRAISE

D

OSeM Batch Reporting Flow Chart Who TERHAD

Procedure RISE Officer When
All Officers
D 7th of the next month

Circulated approved Batch
Reporting to all OICs and

relevant officers

Filing and continuous
monitoring

END

7

Batch Reporting Form Template TERHAD

Diisi oleh Reporter

Incident capture tab

Incident Loss Event T1 Loss Event T2 Loss Event T3 Incident Description Reporting Date Date of Incident No Tolerance Location Estimated Reporter Department Details of Location Status
Reporting (dropdown list) (dropdown list) (dropdown list) (yyyy.mm.dd) (yyyy.mm.dd) (dropdown list) (dropdown list) (dropdown
Amount Loss (User ID only)
ID list)
(starts with

no. 1)

Contoh Cara Pengisian

Incident Status
(dropdown
Reporting ID Loss Event T1 Loss Event T2 Loss Event T3 Incident Description Reporting Date Date of Incident No Tolerance Location Estimated Reporter Department Details of
(yyyy.mm.dd) (yyyy.mm.dd) (dropdown list) Amount Loss (User ID only) (dropdown list) Location list)
(starts with (dropdown list) (dropdown list) (dropdown list) CCTV intermittent connection at Zone 12
Barrier In Basement Tunas Kijang telah rosak 2021.03.09 BNM HQ 14C Approved
no. 1) 2021.03.09 Tunas Kijang Tunas Kijang Approved
Didapati reader Kad Akses Bilik Kawalan
1 Damage to physical assets and security infrastructures Building and Infrastructure (includi CCTV failure tidak berfungsi. Hubungi MO bertugas untuk 2021.03.09 2021.03.09 No BNM HQ SDAFIF Jabatan Pengurusan Keselamatan Organisasi (JPK)
tindakan. Kerja-kerja baik pulih dijalankan, 2021.03.09 No SDRAS Jabatan Pengurusan Keselamatan Organisasi (JPK)
2 Damage to physical assets and security infrastructures Building and Infrastructure (includi Door access/ security barrier / selesai penggantian dan setelah diuji
berfungsi baik.
speed gate/ access card failure

3 Damage to physical assets and security infrastructures Building and Infrastructure (includi Door access/ security barrier / 2021.03.09 No SDRAS Jabatan Pengurusan Keselamatan Organisasi (JPK) Lobby A Approved

speed gate/ access card failure

Pilih dari Drop down list yang disediakan Tarikh diisi Staf User PC ID Pilih Lokasi
Mengikut nombor turutan. Satu insiden satu cell (barisan) mengikut format Dikosongkan Kejadian di
yang ditetapkan; Pilih Premis BNM Premis BNM
(yyyy.mm.dd) i.e.
2021.03.09

(Tahun) (Bulan) (Hari) Pilih ‘No’ Setelah semua butiran
telah diisi lengkap, pilih
Reporter hendaklah memberi maklumat dengan lengkap;
5W1H – What, Who, When, Where, Why and How ‘Approved’

8

Batch Reporting Form Template TERHAD

Root cause tab Diisi oleh Verifier

Incident Reporting Root Cause T1 Root Cause T2 Root Cause T3
ID Root Cause ID (dropdown list) (dropdown list) (dropdown list)

(follows incident (Please leave blank)
reporting ID)

Incident Reporting Root Cause ID Root Cause T1 Root Cause T2 Contoh Cara Pengisian
ID (Please leave (dropdown list) (dropdown list)
Root Cause T3
(follows incident blank) Technology Hardware and software (dropdown list)
reporting ID) Process Poor maintenance
1 Software malfunction (e.g. system bug) and hardware defects
2 Technology Hardware and software Equipment is not sustained or preserved, either by neglect or ignorance
3
Software malfunction (e.g. system bug) and hardware defects

Dikosongkan Pilih dari Drop down list yang disediakan

Mengikut nombor turutan. Satu insiden satu cell (barisan)

Impact tab Contoh Cara Pengisian

Incident Reporting ID Impact ID Impact Type Impact Rating Incident Reporting ID Impact ID Impact Type Impact Rating
(follows incident reporting ID) (Please leave blank) (dropdown list) (dropdown list) (follows incident (Please leave blank) (dropdown list) (dropdown list)
reporting ID)
Business Objective Minor
1 Business Objective Insignificant
2 Business Objective Minor
3

Dikosongkan Pilih dari Drop down list yang disediakan

Mengikut nombor turutan. Satu insiden satu cell (barisan)

9

Batch Reporting Form Template TERHAD

Diisi oleh Verifier

Action plan tab Description Start Date End Date PIC Status
(yyyy.mm.dd) (yyyy.mm.dd) (dropdown list)
Incident Reporting
ID Action Plan ID

(follows incident (Please leave blank)
reporting ID)

Incident Reporting Action Plan ID Description Start Date End Date PIC Status
ID (Please leave (yyyy.mm.dd) (yyyy.mm.dd) (dropdown list)
OSEM
(follows incident blank) 2021.03.10 2021.03.10 OSEM Completed
reporting ID) 2021.03.15 2021.03.15 OSEM Completed
1 Call vendor and issue resolved 2021.03.09 2021.03.09 Completed
New barrier was installed and tested ok
2 Vendor reset the system and tested ok Jika telah
diambil
3 tindakan, pilih
‘Completed’.
Dikosongkan Verifier hendaklah memberi maklumat dengan lengkap, Tarikh diisi mengikut format yang Jika masih
tindakan yang diambil oleh Vendor sehingga masalah telah ditetapkan; (yyyy.mm.dd) i.e. dalam tindakan
2021.03.09 vendor, pilih
diselesaikan (sistem kembali berfungsi baik); ‘In-Progress’
5W1H – What, Who, When, Where, Why and How (Tahun) (Bulan) (Hari)

Mengikut nombor turutan. Satu insiden satu cell (barisan)

10

Uploading Batch Reporting in iRAISE ByTDERORHAD

11

Uploading Batch Reporting in iRAISE ByTDERORHAD

Once uploaded, you will be able to see the data generated as below.

12

Next Forward Action TERHAD

1. Staff to famaliarise themselves on type of incidents and appropriate channel to report the incidents
2. Staff able to distinguish the Security Zoning at each BNM premises such High, Medium and Low Security Zones and

its impact to the Bank/Department
3. Staff to fill the Batch Reporting (online) form correctly, accurately and completely within timeline given

13

Thank You

14