Site Assessment / Risk Assessment / Vulnerability Analysis

Site Assessment

A careful assessment of building infrastructures and management systems is an important part of an overall business continuity program. Firestorm evaluates existing the physical security structure (facilities, systems, and processes) and assess how well an organization is protecting its people and property against likely threats. This site inspection is led by a member of the Firestorm team with subject matter expertise in security related issues.

Firestorm evaluates the facility grounds, building, and existing physical security systems and processes to determine how well key assets are being protected. Firestorm also assesses the ability to determine how well prepared an organization is to detect, assess, and respond to incidents. Systems and processes evaluated during the safety and security program evaluation may include:

Monitoring Access: Employee, guest, and vehicle access points (Guard gates, check-in procedures)
Video Surveillance: Cameras, lighting, analytics, etc.
Building Systems:Electronic access control and metal detectors
Environmental Health & Safety:OSHA regulations (Hazardous materials procedures, etc.)
Life/Safety Systems:Incident detection, assessment, and response (Fire protection systems, signage and specialized plans for evacuations, fire drills, etc.)
Space Management:Work areas and working conditions (Lighting, ergonomics and floor layout).

Risk Assessment / Vulnerability Analysis

A formal risk assessment is needed to properly understand a company's risks and how those risks could be better addressed through additional controls. Knowing the threats your company faces will enable the organization to manage the results, and respond effectively. The analysis also results in the identification of specific enhancements for: leadership requirements, decision processes, command and control operations, emergency response, employee procedures, streamlined communication techniques and facility/equipment upgrades.

Firestorm’s process determines the risks (events or surroundings) that can adversely affect the organization and its resources (examples include: people, facilities, technologies) due to business interruption. The process will also determine the potential loss such events can cause, and the controls needed to avoid or mitigate the effects of those risks.

Firestorm’s risk assessment evaluates the threats that are specific to your organization and environment. The evaluation of threats will include natural/biological hazards and technological/human-induced hazards. For natural threats, historical data concerning frequency of occurrence for given natural disasters such as tornadoes, hurricanes, floods, fire, or earthquakes is used to determine the credibility of the given threat.Using this information, an overall risk ranking will then be assigned to each type of threat. The overall risk rating is a subjective rating that considers each threat’s severity, likelihood, and controls, and supports ’s ability to prioritize threats and identify risk control measures.

Previous incidents are analyzed and potential threats or events identified, beginning with the obvious, and working toward the less likely.
A hazard vulnerability analysis tool (Hazard Impact Matrix) is used to evaluate your company's level of preparedness.
Risk factors are categorized as to their disruption to the companyin high, moderate, or low classification.
Human, property, and business impacts is evaluated and ranked from negligible to severe.
Prioritization of hazards is used to evaluate and determinea score below which no action is necessary.
The most effective triggers are identified in order to have an efficient and effective response to an incident, should one occur.