ATTICS International Risk Management Policy

Document Number

ATTICS-POL-042

Version Number

1.0

Document Control

DC42

Effective Date

06-01-2026

Document Status

Approved

Approval Date

06-01-2026

ATTICS International Risk Management Policy

These policies are developed exclusively for ATTICS International. Any copying, sharing, or reuse without written consent is not permitted.

Purpose

ATTICS International recognizes that effective risk management is essential to protect its people, learners, clients, reputation, operations, and certification credibility.

The purpose of this policy is to establish a structured framework for identifying, assessing, controlling, and monitoring risks to ensure sustainable operations, regulatory compliance, service integrity, and continual improvement.

Scope

This policy applies to all ATTICS International activities, including:

  • Training and educational services
  • Examination and certification activities
  • Auditing and compliance services
  • Inspection, testing, and calibration operations
  • Approved centre management
  • IT systems and data security
  • Financial and administrative operations
  • Health, safety, and safeguarding

Policy Statement

ATTICS International shall:

  • Apply risk-based thinking in all processes
  • Identify and evaluate operational, strategic, compliance, and reputational risks
  • Implement appropriate risk control measures
  • Monitor and review risks regularly
  • Integrate risk management into decision-making
  • Maintain documented risk records
  • Promote a culture of risk awareness

Risk Management Objectives

  • Prevent harm to learners, staff, and stakeholders
  • Protect certification and qualification integrity
  • Ensure compliance with ISO standards and legal obligations
  • Maintain business continuity and service reliability
  • Safeguard data and confidential information
  • Support strategic planning and sustainable growth

Risk Categories

Risks considered include:

  • Operational Risks – service delivery failures, resource shortages
  • Compliance Risks – ISO, legal, regulatory non-compliance
  • Academic & Certification Risks – assessment malpractice, loss of impartiality
  • Technical Risks – laboratory or inspection errors
  • Financial Risks – revenue loss, fraud
  • IT & Cyber Risks – data breaches, system failure
  • Health & Safety Risks – accidents or unsafe environments
  • Reputational Risks – brand misuse or public complaints
  • Strategic Risks – market or partnership failures

Risk Management Process

Step 1: Risk Identification

Risks are identified through:

  • Internal audits
  • Quality assurance reviews
  • Staff and stakeholder feedback
  • Complaints and incidents
  • External audits and accreditation findings

Step 2: Risk Assessment

Each risk is evaluated based on:

  • Likelihood of occurrence
  • Severity of impact
  • Risk levels are classified as Low, Medium, or High.

Step 3: Risk Control

Control measures include:

  • Preventive procedures
  • Staff training and competence assurance
  • Technical and security controls
  • Policy and process improvements
  • Insurance and contingency planning

Step 4: Monitoring and Review

Risks and controls are reviewed through:

  • Internal audits
  • Management review meetings
  • Incident and non-conformance reports
  • Continuous improvement actions

Risk Register

ATTICS International maintains a Risk Register documenting:

  • Identified risks
  • Risk ratings
  • Control measures
  • Responsible persons
  • Review dates

Responsibilities

Governing Board / Top Management

  • Approves risk management framework
  • Reviews high-level risks

Quality & Compliance Manager

  • Maintains risk register
  • Coordinates risk assessments

Process Owners

  • Implement risk controls

All Personnel

  • Identify and report risks

Business Continuity

Risk management findings feed into:

  • Contingency planning
  • Disaster recovery procedures
  • Examination and certification continuity plans

Records

Risk records are stored securely under the Document Retention Policy.

Compliance with International Standards

Aligned with:

  • ISO 21001:2025 – Educational governance and learner protection
  • ISO 9001:2015 – Risk-based thinking
  • ISO/IEC 17024:2012 – Risks to impartiality and certification integrity
  • ISO/IEC 17025 – Technical risk control

Approved By: Mr. Zaib Ali

Authorized Position: Head of Operations

Signature:

zaib signaure

Date: 06-01-2026