Pan American Games 2007

• case

Modulo Risk Manager Brings Formal Federated GRC Process to Pan American Games

Take 5,500 athletes from 42 nations across the Americas, add millions of fans, and you have a situation ripe for a security breach. These were exactly the circumstances when Brazil hosted the 15th annual Pan American Games and the 2nd Parapan Games in July 2007 in Rio de Janeiro. Realizing that even an incident that may not initially be regarded as relevant could delay or prevent events from taking place on schedule, the Main Operations Center (MOC) for the Pan American Games, the entity responsible for controlling each game-related activity, left nothing to chance and implemented Modulo's Risk Manager software to ensure a smooth and peaceful competition.

In an event as large as the Pan American Games, reviewing potential risks and ensuring immediate solutions to any incident is key to ensuring a successful competition. As Alexandre Techima, (General Manager for IT Functional Area and MOC Director) explains it, “the MOC first identified the security challenges it anticipated well in advance of the games. Those challenges included lack of time for dissemination of security policies and procedures, lack of proper communication for security issues resolution, and lack of clear responsibilities for security procedures.”

Tackling the Challenge

To meet the security challenges that the committee had determined, the MOC set out to find a centralized solution that would capture high risk vulnerabilities, automatically assess red flags that were an impediment to implementing the security procedures and trigger resolution actions, and provide upper management visibility to high risk factor, actions and recovery status.

“The challenge was in finding the best solution for our reality. Risk analysis surfaces many needs which not always can be remedied at once due to budget constraints”, says Sampaio. The most appropriate action, according to the executive, was to prioritize the processes most critical for the business.

The MOC turned to Modulo for assistance. In turn, Modulo customized a new version of its successful Risk Manager software program for the Games. The software can be customized for various industries and allows auditors, consultants, or security administrators to easily distribute questionnaires online or via email, inventory technology assets, such as workstations, servers and other equipment, as well as non-technology assets such as people, processes and facilities within an organization. Risk Manager centralizes the information collected, eliminating the need for data silos. Information is then compared and measured against regulatory mandates and steps and strategies are provided for maintaining compliance and reducing risk. Finally, automated reports can be generated at any point in the assessment process, providing a snapshot of an organization's risk levels in real time.

During the games, every MOC computer ran Risk Manager, a totally online solution that could be accessed via PDAs by personnel in charge of different Pan American operations. The software operated on three fronts: prevention, mitigation and continuity. In addition, the software acted as a centralized source for recording and monitoring occurrences, while providing quick solutions to incidents and preventing further problems from developing. For example, using Risk Manager, it was possible for Pan American personnel to detect everything from lack of sanitation products in the washrooms at games site, to higher impact issues such schedule changes, athlete transportation and dissemination of real-time information to spectators. In effect, Risk Manager was used to help Game organizers quickly and effortlessly solve any unplanned event throughout the duration of the Games.

According to Techima, “from an operational point of view, the introduction of Risk Manager was fully successful and achieved all proposed objectives. We were able to optimize our human and material resources throughout all games and were able to quickly align internal and external stakeholders towards quick problem resolution.”

A Federated Solution

As the industry trends toward a more federated approach to GRC, experts predict that more organizations will follow in the steps of the Pan American games and employ the use of a security software solution so that risk and compliance accountability is distributed across various lines of business.

At the Games, Risk Manager was implemented in the overall project management and risk management perspective, rather than only in the security system. Therefore, the software provided response consistency and communication between the core and front-end of the organization, providing problem resolution and prioritization in real-time for the Main Operation Center. Any incidents that occurred were simultaneously reported by the operating manager to directors in charge of sporting events, technology, energy, transportation, and others. Events were also reported to central authorities with responsibility, such as government agencies in charge of security and traffic, as well as the Civil Defense Department. Each problem was recorded by the Risk Manager software and was classified to provide for advanced support to decision makers so that MOC could effectively solve the issue.

GRC is beginning to gain a foothold in organizations globally, and, as it gains momentum, technology is assuming a key role in delivering sustainability, consistency, efficiency and transparency across the risk management and compliance process, putting software programs like Modulo's Risk Manager at the forefront of GRC solutions.