Welcome to the website for the Rocky Mountain Chapter of RIMS! 

Mission Statement

Advance the Risk Management profession among our members, students and business community through educational programs, professional development resources and networking opportunities.

Our Events


  • Enterprise Security Risk Management Conference

    As a sponsoring organization for the upcoming Enterprise Security Risk Management Conference on February 21st at the Magnolia Hotel in Denver, we'd like to direct you to the link below to find out more about this educational program.  Discounted registration available for Rocky Mountain RIMS Chapter members.

Legislative Update

General Data Protection Regulation
Effective May 25, 2018

The European Union (EU) adopted the GDPR with the purpose to regulate organization’s management of data with a primary focus on protections of personal information stored and processed by businesses. This outline provides the highlights of the regulation.

1. GDPR is adopted by the European Economic Area (EEA) which includes the EU* plus Iceland, Liechtenstein, Norway and Switzerland.

2. It covers any company doing business in the EEA (or has employees therein). The liability for failure to follow the regulations is massive fines of up to 4% of global revenue or 20 million Euros, whichever is larger. In May 2017 Facebook was fined $122 million under the GDPR’s predecessor. Potential liability could be in range of $1.6 billion.

3. Persons must be provided the option of Opt In or Opt Out – the choice can be withdrawn at any time.

4. Persons are granted the right to access their data, and obtain a copy of their data, in an interchangeable format. (Formatting is underdevelopment by Microsoft, Facebook, Google and Twitter)

5. Persons have the right to “be forgotten” – this applies to third parties who may also have access to the data.

6. All data processes going forward must be designed with the concept of “Privacy by Design”. This is a new approach to system design requiring businesses to adopt specific design processes that check-point and document the privacy protections at each step.

7. Data breaches must be reported to EEA authorities within 72 hours of the suspected breach.

8. Personal data includes:
a. Personally Identifiable Information (PII - similar to the US privacy regulations) – Name, birthdate, drivers license, passport, address, social security number. New is a person’s IP address(es)
b. Sensitive personal data, including:
i. Racial or ethnic origin
ii. Political opinions
iii. Religious or philosophical beliefs
iv. Trade union membership
v. Genetic or biometric data
vi. Health
vii. Sex life or sexual orientation
viii. Criminal offenses/convictions


  • From a risk management perspective, one of the benefits of automation is that robots can play a significant role in reducing injuries when deployed to replace or support workers in high-hazard jobs, such as those involving high force and repetition. Continue reading
  • According to the Bureau of Labor Statistics’ (BLS) Census of Fatal Occupational Injuries in 2017, a total of 5,147 fatal work injuries were recorded in the United States. And while this data marks 43 fewer casualties than in 2016, employers Continue reading
  • The Aviation Safety Network (ASN) released its 2018 accident statistics, marking a notable uptick in fatalities from 2017. ASN recorded a total of 15 fatal commercial airliner accidents (12 passenger and three cargo flights), resulting in 556 fatalities. This is in Continue reading
  • National Flood Insurance Program May 31st Extension Avoids Dangerous Lapse in Coverage NEW YORK – In the waning hours prior to the U.S. Federal Government’s partial shutdown, RIMS, the risk management society™, welcomed congressional action to extend the National Flood Insurance Program (NFIP). Extended through May 31, Continue reading