Business Continuity: 6 Key areas to consider in Site Assessment, Risk Assessment, and Vulnerability Analysis
Site Assessment / Risk Assessment / Vulnerability Analysis
A careful assessment of building infrastructures and management systems is an important part of any overall business continuity program.
Evaluation of a site’s existing physical security structure (facilities, systems, and processes) and assessment of how well an organization is protecting its people and property against likely threats is a critical part of a company’s business continuity plan.
At Firestorm, we lead with a member of our team with subject matter expertise in security related issues. We then evaluate the facility grounds, building, and existing physical security systems and processes to determine how well key assets are being protected.
We also assess the ability to determine how well prepared an organization is to detect, assess, and respond to incidents.
Below are the 6 areas of systems and processes we consider key to evaluate during any safety and security program evaluation:
- Monitoring Access: Employee, guest, and vehicle access points (Guard gates, check-in procedures)
- Video Surveillance: Cameras, lighting, analytics, etc.
- Building Systems:Electronic access control and metal detectors
- Environmental Health & Safety:OSHA regulations (Hazardous materials procedures, etc.)
- Life/Safety Systems:Incident detection, assessment, and response (Fire protection systems, signage and specialized plans for evacuations, fire drills, etc.)
- Space Management:Work areas and working conditions (Lighting, ergonomics and floor layout)
Additionally, risk assessment evaluates the threats that are specific to a unique organization and environment.
The evaluation of threats should include natural/biological hazards and technological/human-induced hazards. For natural threats, historical data concerning frequency of occurrence for given natural disasters such as tornadoes, hurricanes, floods, fire, or earthquakes is used to determine the credibility of the given threat.
Using this information, an overall risk ranking is then be assigned to each type of threat. The overall risk rating is a subjective rating that considers each threat’s severity, likelihood, and controls, and supports ’s ability to prioritize threats and identify risk control measures.
- Previous incidents are analyzed and potential threats or events identified, beginning with the obvious, and working toward the less likely.
- A hazard vulnerability analysis tool (Hazard Impact Matrix) is used to evaluate your company’s level of preparedness.
- Risk factors are categorized as to their disruption to the company in high,moderate, or low classification.
- Human, property, and business impacts is evaluated and ranked from negligible to severe.
- Prioritization of hazards is used to evaluate and determine a score below which no action is necessary.
- The most effective triggers are identified in order to have an efficient and effective response to an incident, should one occur.
QUESTION: Have you conducted a full assessment of your organization’s site, systems and processes? What were the results, and steps you took to protect vulnerabilities?