Mohannad Maraqa, M.Sc., CAMP,PMD

This paper is to helpful tool in creating Quality Improvement Plan and Risk Plan. Therefore, the information in this document is not real; it’s
the author’s brainchild for extra clarification.
QIP &Risk in Serigraph
By Mohannad Maraqa
Quality Improvement Plan
Activity to be considered: Implementation of a new project to reduce the office paper
Weakness: Uncontrolled office paper consumption to the high rate of paper waste and costly recycling in Serigraph company (usage of 53 tons
of paper)
Impact Measures:
 Financial Impact:
30% reduction cost (maintenance, energy cost etc.)

Environmental Impact:

Working Conditions/Office Productivity:
28% reduction in office paper
25% reduced energy consumption
20-40% decrease of waste time searching for documents
40% increase in the productivity
50-70% saving space for documentation
Duration of the Project: 21 weeks (11th June-19th October)
Quality Improvement Plan and Risk Plan
Page 1
Mohannad Maraqa, M.Sc., CAMP,PMD
Action
Outcome/Success
Criteria
90% of employee
satisfaction
The staff understands
the importance of the
new project and
participates in it.
Deadline
Resources
Person Responsible
15/06/2018
Lead trainer
IT manager reduces
printing devices and
adapts a connected
workplace.
30% reduction of the
printer devices
22/06/2018
IT manager
implements new
database management
system
(DBMS)which allows
interchanging
documents save the
documentation of all
departments and
communicate with all
of the employees.
100% implementation 17/08/2018
of the new database
management system
(DBMS)
1week: Trainer.
Training materials: a
system of attendance,
room for the training
program, planning for
training. Equipment:
tablet or computer
devices per every
person.
One week: Staff,
electricians,
technicians.
Awareness about the
exact amount of
printing devices,
awareness about the
connected workplace.
Equipment: computer
devices
8 weeks: Program
Developer,
technicians.
Knowledge about the
development of a new
simple software
system. Equipment:
computer devices.
Investment of money
Trainer trains
employees about the
importance of
reduction of office
paper
Quality Improvement Plan and Risk Plan
Monitoring
Arrangements
Attendance report,
feedback after
training, a 30minutes
evaluation test of the
staff.
IT manager
Report signed off.
IT Manager
Report signed off.
Page 2
Mohannad Maraqa, M.Sc., CAMP,PMD
Project Manager
trains the entire staff
for the new database
system of
communication and
saving documentation
and for the correct
way of printing
(format of the
document, doublesided copies etc.)
Environmental
specialist implements
a guideline for the
decrease of office
paper and informs the
employees about the
new environmental
policy
90% employee
satisfaction.
70% improving staff
knowledge skills.
24/08/2018
One week: Trainer.
Training materials: a
system of attendance,
room for the training
program, planning for
training. Equipment:
tablet or computer
devices per every
person.
Project Manager
Attendance report,
feedback after
training, 30 minutes
evaluation test of the
staff.
100% environmental
guidelines made
accessible to staff.
28/09/2018
Environmental
specialist
Confirmation reading
by all employees.
Reports signed off.
Project Manager
invents a marketing
campaign (catchy
slogans next to
printing devices etc.)
for the reduction of
office paper.
100% implementation 19/10/2018
of the new marketing
campaign.
3 weeks: Knowledge
about the current
environment
situation.2 weeks:
Producing Reports,
information about
new policy.1 week
transportation of
reports via new
software system.
3 weeks: Stickers
with slogans, posters.
Staff
Project Manager
Reports signed off.
Quality Improvement Plan and Risk Plan
Page 3
Mohannad Maraqa, M.Sc., CAMP,PMD
Risk Specification
Risk Item Description: New database management system (DBMS) is not
Risk ID:
secure
SS01
Author: Mohannad Maraqa
Risk Statement Condition: if the new database management system (DBMS) is not secure,
Risk Statement Consequences(s):
then, the date is not protected,
then, the documentation, the personal emails, and the confidential papers could be available
to the internet,
then, people out of the company could have access to them, and the company has financial
losses and decreased productivity.
Probability: High
Impact: Very High
Earliest the risk could have an effect:
Latest the risk could have an effect:
Starting from the design of the new database Ending the installation of the new database
system.
system.
Mitigation Plan(s):
1. Check the functionality of the database system before installation.
2. Adopt the strong and multifactor access and data management controls for restricting the
uncontrolled access.
3. Restrict the access using individual usernames and passwords by each user.
4. Determine who is responsible to have access to each documents' category (financial data,
company’s policy data etc.).
5. Monitor the access in Wi-Fi system by enforcing strong passwords, limit the number of
failed login etc.
6. Apply a maintenance strategy to all used computers ensuring its effective usage.
7. Create a well-configured firewall such as anti-virus products controlling the threats,
preventing the access from unknown users.
8. Remove unused applications, oldest versions from the devices (laptops, tablets, mobile
phones) to reduce the vulnerabilities of the new database management system.
9. Implement a robust backup strategy in order to eliminate the risk of losing data or
destroyed data caused by malware.
10. Apply the data encryption software to protect the database in case of data leakage.
11. Implement Data Protection Act (DPA) to control the leakage of data and ensure the data
protection according to legislation.
12. Train the staff to obtain awareness about the cybersecurity and recognise the threats
involved malware and phishing emails.
Contingency Plan(s):
1. Provide IT technical emergency staff to turn off the Wi-Fi access to all employees,
limiting the breach of the data.
2. Provide IT technical emergency staff to defect the threat in the system, format all the
computer devices and update their software.
3. Provide IT technical staff to control the applications and version of the installed programs
in each device.
4. Provide a recovery plan including procedures, backup strategy to reduce the damage of
unsuccessful security system.
5. Provide IT manager to analyse and evaluate the impact of the breach including financial
loss, lack of the competitive advantage etc.
6. Provide IT department to investigate the causes of the unsatisfactory security system such
as uncontrolled access of the employees, weak passwords etc.
Quality Improvement Plan and Risk Plan
Page 4
Mohannad Maraqa, M.Sc., CAMP,PMD
Inform all the employees about the breach of the new database management system
(DBMS) in order to not use this database until it will be fixed.
8. Inform the authorities (the police) and third parties including banks to reduce the financial
loss.
9. Arrange legal actions against the competitors that using the company's data or to the
hacker who access the database management system
7.
Quality Improvement Plan
Identification of the specific activity
Printing companies affect the environment directly due to the nature of the process of printing
and are willing to reduce their environmental footprint. In Serigraph Company, it is
embedded in the philosophy of sustainability which contains the equality of the
environmental policy, the social responsibility and the economic growth. After implementing
this philosophy, Serigraph considers the minimization of the environmental footprint in intracompany as well (Leifeld, 2011). Implementing the new project to reduce the office paper, it
is achievable the decrease of damage of environment (Siegel & Hatcher, 2012). Moreover,
the impact of the cost and energy saving is noticeable (Calton, 2005). Finally, the working
conditions have been improved creating the comfortable environment and self-improvement
of employees due to the new knowledge skills that obtain (Agencies, 2014).
The motivation of implementing a new project related to the office reduction paper emerged
due to the adaption of this new project by other companies (Leifeld, 2011)as well as the
environmental legislation and the campaigns which are realized globally (McCool, 2007).
Additionally, the uncontrolled printing behaviour is the largest reason for consumption as
well as the cost saving that could be achieved by implementing and supporting a new office
reduction system (Chartered, 2010). Another motivation is that the paper consumption has
visual impact and influences the employees’ productivity (Agencies, 2014).
The implementation of a new project that minimizes the office paper is the solution of the
paper consumption. This project includes the development of a new connected workplace and
the reduction of printing devices (Cisco, 2007). Secondly, the application of a new database
management system (DBMS)improves the communication of the employees and ensures the
saving of the documentation while offering the space saving in the office and employee
satisfaction by reducing waste time searching documents (Agencies, 2014). Thirdly, the
organization culture should be changed by inventing an environmental campaign and support
the employees in the reduction of the office paper (Cole & Fieselman, 2013).
Impacts and benefits of implementing the new project
The weakness of the old environmental policy is the uncontrolled printing in offices which
leads to costly recycling policy and high rate of wastes creating the negative environmental
impact of the company.
Quality Improvement Plan and Risk Plan
Page 5
Mohannad Maraqa, M.Sc., CAMP,PMD
The adaption of a new project about the reduction of office paper entails a lot of advantages
including environmental, economic and working productivity impact. In the first place, the
most important benefit is the financial impact. Indicatively, the firm will be able to achieve
30% of the decrease in the cost. The cost-saving includes the maintenance cost, energy
consumption which is minimized by 25% (McCool, 2007). Apart from the financial
performance, the environmental legislation for a sustainable and ‘green' office support the
companies to adopt a new policy and reduce the consumption of office paper by 28% (Siegel
& Hatcher, 2012). Adapting the new project, the space-saving between 50% and 70% is
possible. Additionally, the employees' productivity is increased by 40% while the decreased
waste time searching the documentation could be from 20% to 40% (Agencies, 2014)
Description of the actions of the Quality Improvement Plan (QIP)
The achievement of the described impacts above is able to increase the performance of the
company on economic terms as well as the environmental footprint and employees’
productivity. The guideline of the six developed actions is outlined in Quality Improvement
Plan (QIP) and is described below.
The implementation of the new environmental project about the reduction of office paper
entails changes in the culture of the company and in the working environment. Due to a
different application and the newly emerged environmental culture, it is required the training
of the employees by the trainer to raise the awareness about the importance of the new project
(Moormann et al., 2011).It is proved that to implement successfully a change in the
organisation, the appropriate training program is necessary to be realized by supporting the
staff self-awareness and improving the team effectiveness during the project’s process
(PaperLess, 2017). An effective training program enhances the motivation of the employees
to comprehend and participate in the new project and consequently improving their
productivity. The outcome is presented in Quality Improvement Plan (QIP) and is composed
of the 90% of employee satisfaction. The training program is monitored by attendance report
to be sure about the involvement of the staff in training as well as an examination after
training program for the evaluation of employees (Fretty, 2006).
Action two and three are executed by the IT manager. In particular, in action two, IT manager
implements a connected workplace while reduces the unnecessary printing devices. The IT
manager has the awareness of the exact number of needed printers and the application of this
new system (Agencies, 2014). Due to the application of connected workplace, the visual
impact has been improved by the elimination of the documentation (Cisco, 2007). However,
some organisations refuse to invest money and time to create a connected workplace,
preferring adopting payment system for printing. More specifically, each employee should
pay for printing (PaperLess, 2017). In action three, the new adapted database management
system (DBMS) allows the users to improve the communication in intra-company by
interchanging documents whilst saving a large amount of the documentation. The
communication is improved by 20% and it realised the 30% reduction of the printing devices.
Apart from the well-skilled program developer, it should be required the investment of the
money for the development of the database. Reports are submitted to IT manager by the
Quality Improvement Plan and Risk Plan
Page 6
Mohannad Maraqa, M.Sc., CAMP,PMD
employees for the usage of the software (McCool, 2007). Although, adopting a new database
management system containing the company’s documentation and confidential papers,
includes a risk regarding the system security as well as the easy usage of the system by the
employees. The new system should be applied by well-educated IT employees considering
the data security and the control of the system that is an essential element for the company's
reputation (Dey et al., 2007).
Action four also involves one-week staff training schedule for the usage of the new database
management system (DBMS) and a sustainable way of printing which is monitored by
attendance reports and an examination after training. The training program entails practice
lesson using the new database system and for a new way of printing. The sustainable printing
consists of the format of the document, the double-side copies and the exclusive use of
technology. This is very important to pursue the staff about the main objective of the
system’s implementation being the positive environmental impact. To create a sustainable
office, it is necessary the employees’ involvement in order to embrace the new culture and
implement it other actions regarding the environmental policy including the waste reduction.
The total implementation of the new system increases the employees’ confidence and staff
knowledge skills (Calton, 2005).
The fifth action is an adequate environmental policy based on ISO standards which presents a
guide for a ‘green’ office and is adopted by the environmental specialist. Additionally, the
new policy is transmuted in the total company by information reports about its impacts and
benefits via the new software system. The new system is being accessible to the employees
and therefore, the staff’s awareness is increased about the new environmental policy is
highlighted by McCool (2007). The adoption of the upload environmental policy through ISO
standards is compulsory for all companies regarding the new strict legislations due to the
emerged global environmental issues. To motivate the organisations implementing the strict
environmental legislations many countries adopt a bonus system for the most sustainable
organisations by reducing their taxes. On contrary, a new sustainable system implies funds
investment (new equipment, training programs etc.) that some companies are not able to
invest.
The last action is executed by the project manager who invents a campaign using stickers,
posters and catchy slogans that are placed in the printing devices during the procedure of the
project. The successful implementation of the campaign is expected to provide positive
environmental impact. Finally, a controlled system is installed to manage the personnel
printing footprint (McCool, 2007).
Risk specification
Identify the specific risk
After analysing and evaluating the quality improvement plan for reducing the office paper in
Serigraph Company, it is required for the implementation of the risk management through the
detailed plan. Adopting the risk management, it could monitor the project’s process by
reducing the financial, social and environmental impact of emerged risks and improve the
Quality Improvement Plan and Risk Plan
Page 7
Mohannad Maraqa, M.Sc., CAMP,PMD
project’s quality and profitability (Meyer, 2015). In this report, it is used three risk techniques
analysing and evaluating the risk management of the project including risk grid analysis,
Riskit graph analysis and Ishikawa diagram as demonstrated in Appendices.
At the first place, the risk identification including the potential risks, its impacts, and the
possible consequences dimensions, is displayed in this report in Appendix A. The risk grid
technique enables to identify and map the rating of potential risks depending on the described
dimensions avoiding the biggest damage in the project. As displayed in Appendix A, the
training’ failure due to non-attendance to the program is obtained as a risk (T01, T02) in new
software systems as highlighted by Dey et al. (Dey et al., 2007). Additionally, the failure of
success of a connected workplace (CW01) is addressed as a risk that required mitigation and
contingency plan and highlighted by yellow colour (Appendix A)(Cisco, 2007). Due to the
new implementation of a database management system (DBMS), the severity of the risk to
the system’s security (SS01) and crash (SS02) implies the direct control and reduction of its
impact in the process of the project(ICO, 2016; Dey et al., 2007). As a risk with very high
impact and high probability, the insecure database system is presented in the risk
specification sheet and analysed and evaluated below.
Nowadays, due to the increased technology and the growing interest of IT projects supporting
the management of the companies, exist studies claim that the security of data in the new
database systems is the major issue and a trend in management(Dey et al., 2007; ICO, 2016;
Dalal & Chhillar, 2012).According to the risk specification, if the new system is not secure,
the data are not protected and the company has a big loss through the leakage of important
documents regarding the company’s financial performance as well as the supplier’s lists and
its confidential papers. Thus, all documents could be available on the internet and
competitors may be used them to gain the competitive advantage of the company. These
consequences have a very high impact regarding the profitability, the productivity, and the
economic performance as well as high probability.
Ishikawa or fishbone diagram (Appendix C) is a visualization tool for categorizing the
problem’s causes by asking why identifying the problem’s roots. Before designing the
fishbone diagram, it is placed a brainstorming session the potentials causes of the problem
categorize them based on the hierarchy’s level.
After the risk identification, it is needed to lower the likelihood of the most damaging risk in
order to reduce its loss. To minimize the negative impact of the project that is produced by
the risk occurrences, it is created a mitigation plan that is the detailed determination of
appropriate actions. A complete risk analysis contains also the contingency plan, in order to
control the outcomes of the risk occurrences. Contingency plans aim to prepare the company
to respond to the emergency and monitor the consequences. The mitigation and contingency
plan for the insecurity of the new database management system (DBMS) are presented in the
risk specification sheet and evaluated in the next sections.
Quality Improvement Plan and Risk Plan
Page 8
Mohannad Maraqa, M.Sc., CAMP,PMD
Mitigation Plan
The strong motivation to create a Quality Improvement Plan is the cost’s reduction while the
potential risk of the insecure database system has occurred. Designing the Ishikawa diagram,
it is identified the roots of the problem in four categories according to Appendix C.
Decreasing the impact of likelihood this specific risk, the mitigation plan is developed.
At the first place, the leakage of confidential data is caused by the uncontrolled access in the
new system by the majority of staff due to the lack of strong passwords and the control of
Wi-Fi system (Dalal & Chhillar, 2012). The second cause of the system’s insecurity is the
creation of a well-configured firewall for system's protection in order to avoid virus products
threatening the new database management system (DBMS)(ICO, 2016).In case of data’s
leakage, the most effective solution is the installation of data encryption software using an
extra firewall protecting the data (MFT, 2008). Another possibility of failure of the system's
security is the weakness of maintenance strategy of the electrical equipment (laptops, tablets,
and smartphones) (Dalal & Chhillar, 2012). To name examples improving the maintenance
strategy are the removal of unused oldest versions applications for vulnerabilities’ reduction
and the backup plan to minimize the risk of the loss data. According to the relevant
legislation regarding the security of data, the mitigation plan also involves the installation of
Data Protection Act (DPA) to ensure the data protection (ICO, 2013). Ensuring the awareness
of staff about the cybersecurity and the threats' recognition involved malware and phishing
emails is a milestone for a successful mitigation plan. The mitigation plan contains the
checking the functionality of the database system before the system’s installation.
Contingency plan
An essential element of the new software implementation regarding the risk management is
the conceptualization of potential risks during the process of the project. In case of the failure
of mitigation plan or the risk occurred turning into a problem, the risk’s control is realized by
implementing the contingency plan.
The Riskit Graph Analysis that is depicted in Appendix B visualizes and formalises the risks,
their impact, and their consequences. Starting for the first emerged event, while the IT
manager perceived the leakage of data through the threat detection in the security software,
the company is required to take technical actions in order to avoid the total leakage of data.
Possible reactions involving turning off the Wi-Fi interrupting the internet connection as well
as the implementation of maintenance strategy using the backup plan and Data Protection Act
(DPA) can lead to the minimization of data leakage and the recovery of lost data. Interrupting
the internet connection, also it leads to the working time interruption and the company needs
to send the staff home until the fix of the system by the IT department. In Riskit Graph
Analysis is illustrated the effects due to the developed actions depending on the cost and time
loss as well as the company’s reputation and productivity.
Understanding the usage of company’s documentation due to the unusual traffic activity to
the company’s bank accounts, it is necessary to be prepared and inform the authorities (police
and banks) as well as the company’s employees about the leakage of data. These actions
affect negatively the company’s reputation by informing factors out of the company. Another
alternative is to take legal actions against hackers in order to restore the company’s
reputation. In every event, the reaction doing nothing is always an option containing the
highest negative impact of the company and it is not preferable.Through the contingency
plan, it is essential to its implementation limiting the damage of the occurred risk and its
consequences.
Quality Improvement Plan and Risk Plan
Page 9
Mohannad Maraqa, M.Sc., CAMP,PMD
References
Agencies, C.D.&., 2014. Colorado Department of Public Health and
Environment Print Optimization Business Case. [Online] Available at:
https://www.colorado.gov/pacific/sites/default/files/Case%20Study%20%20Print%20Optimization_1.pdf [Accessed 2015].
Calton, R., 2005. Office Paper Waste Prevention Case Study. [Online]
East Bay Regional Available at:
http://www.stopwaste.org/sites/default/files/Documents/ebrp_final_10130
5.pdf [Accessed 2006].
Chartered, S., 2010. Reducing and Eliminating Paper Consumption.. A
best guide for Corporate Office.
Cisco, 2007. How Cisco Achieved Environmental Sustainability in the
Connected Workplace. [Online] Available at:
https://www.cisco.com/c/dam/en_us/about/ciscoitatwork/downloads/ciscoi
tatwork/pdf/Cisco_IT_Case_Study_Connected_Worplace_Summary.pdf.
Cole, E. & Fieselman, L., 2013. A community-based social marketing
campaign at Pacific University Oregon: Recycling. International Journal
of Sustainability in Higher Education, 14(2), pp.176-95.
Dalal, S. & Chhillar, R., 2012. Case Studies of the most common ans
severe types of software system failure. International Journal of Advanced
Research in Computer Science and Software engireening , 2(8).
Dey, P., Kinch, J. & Ogunlana, S., 2007. Managing risk in software
development projects: a case study. Industrial Management & Data
Systems, 107(2), pp.284-303.
Fretty, P., 2006. Training the troops. PM Network, 2(1), pp.4-8.
ICO, 2013. ICO. [Online] (2.0) Available at:
https://ico.org.uk/media/about-the-ico/policies-and-procedures/1853/dataprotection-regulatory-action-policy.pdf [Accessed August 2013].
ICO, 2016. A practical guide to IT security. Ideal for the small business.
[Online] Available at: https://ico.org.uk/media/forQuality Improvement Plan and Risk Plan
Page 10
Mohannad Maraqa, M.Sc., CAMP,PMD
organisations/documents/1575/it_security_practical_guide.pdf [Accessed 6
January 2016].
Leifeld, N., 2011. ASQ. [Online] Serigraph Available at:
https://asq.org/quality-resources/social-responsibility-serigraph [Accessed
2 May 2011].
McCool, C., 2007. How to Reduce Printing Costs by 17%:A Guide to
Doing Well and Doing Good by Printing Less. [Online] (1.1) Available at:
http://www.printgreener.com [Accessed September 2008].
Meyer, W.G., 2015. Quantifying risk: measuring the invisible. In PMI®
Global Congress. London,England, 2015. Project Management Institute.
MFT, G., 2008. Go Anywhere Managed File transfer. [Online] Available
at: https://www.goanywhere.com/resource-center/case-studies/generalplastic-corp-sa [Accessed March 2009].
Moormann, J., Börner, R. & Wang, M., 2011. Advancing staff training:
transforming a paper-based role play into a workflow management system.
Development and Learning in Organizations: An International Journal,
25(6), pp.16-19.
PaperLess, 2017. PaperLess. [Online] Available at:
http://paperlesseurope.com/wp-content/uploads/UK-Fast_CaseStudy_V4.pdf [Accessed 2016].
Siegel, D. & Hatcher, N., 2012. Case Study: Education and Outreach
Campaign Reduces Paper Usage. [Online] Available at:
https://www.epa.gov/sites/production/files/2015-05/documents/cs5-opmpaper-reduction.pdf [Accessed February 2014].
Quality Improvement Plan and Risk Plan
Page 11
Mohannad Maraqa, M.Sc., CAMP,PMD
Appendix A
Risk Grid
Code
T01
CW01
T02
SS01
SS02
MC01
T03
Risk
Staff did not attend to the
environmental
training
program
Consequences
Impact
Not well-informed employees due Very Low
to the absences in the training.
Delays due to the need of
retraining
New connected workplace No reduction of office paper, high Medium
is
not
be
adopted energy consumption, financial loss
successfully
Staff did not attend to the Not well-educated employees due Medium
database
management to the absences in the training.
system (DBMS) program
Delays to customer’s services
creates decreased productivity and
failure to meet customer’s
requirements, financial loss
New database system is not Not protected data, financial loss, Very High
secure
delays to customer’s services
creates decreased productivity and
failure to meet customer’s
requirements
New
database
system Loss of data, delays to customer’s Very High
crashed
services affects financial cost.
Decreased productivity and failure
to meet customer’s requirements
Probability
Medium
New marketing campaign is
not be implemented
Staff fail to inform about a
new
environmental
guideline
Very Low
Less energy saving, less financial Very
loss
Low
Not well-informed employees due Low
to the unsuccessful communication
in the company
Low
Low
High
Medium
Very Low
Risk Heat-map
Impact Very Low
Probability
Very Low
MC01
Low
High
Very High
T03
Low
Medium
Medium
CW01
T01
T02
High
SS02
SS01
Very High
Quality Improvement Plan and Risk Plan
Page 12
Mohannad Maraqa, M.Sc., CAMP,PMD
Appendix B
Riskit Graph Analysis
Reaction
Send employees home in
order to fix the damage
Event
Data are not protected
due to the detected
threats in the security
system
Reaction
Provide recovery plan for the
loss data using the back-up
plan
Effect
Additional cost, time and
resources loss due to extra
working hours, no impact for
company’s reputation
Reaction
Implement maintenance
strategy including
implementation Data
Protection Act (DPA)
Effect
Financial cost, time loss due
training, resources loss due to
additional working hours, no
impact for reputation
Reaction
Detect the threats in software
system through the security
system by the IT staff (eg
malware, damaged files)
Factor
New database
management
system is
unsecure
Reaction
Evaluate the impact of the
leakage of data by the IT
manager financially
Reaction
Emergency actions: Turn off
WiFi, update the system
Reaction
Do nothing
Event
Uncontrolled data
access from hackers due
to the unusual traffic
activity to the
company’s bank
accounts
Effect
Work loss due to the unexpected
holidays, additional cost for new
equipment, time and resources
loss for repairing the system
Reaction
Inform employees about the
data leakage
Reaction
Inform authorities (police,
bank) about the data leakage
Reaction
Arrage legal actions against
hackers for data access
Reaction
Do nothing
Quality Improvement Plan and Risk Plan
Effect
Resources loss for IT manager,
time loss/increased working
hours, no impact for company’s
reputation
Effect
Time loss and resources loss for
IT department, financial cost
Effect
Time and resources loss
stoppage / low productivity,
negative impact of company’s
reputation
Effect
Financial loss, time loss,
stoppage, low productivity,
decreased company’s
reputation
Effect
Time and resources loss
stoppage / low productivity ,
decreased reputation
Effect
Time and resources loss,
reputation loss, negative
impact for company’s
reputation
Effect
Time loss, financial and
resources cost from law
department, decreased
company’s reputation
Effect
Financial loss, time loss,
stoppage, low productivity,
decreased company’s
reputation
Page 13
Mohannad Maraqa, M.Sc., CAMP,PMD
Appendix C
Ishikawa Diagram
Quality Improvement Plan and Risk Plan
Page 14