Purpose of Risk Assessment Guidelines
Most Corporate Risk and Security requires all locations to implement the baseline physical security controls described in the physical security standards. These controls are considered the minimum standards for the majority of locations. However, as a result of political, environmental or other local issues additional controls may be necessary. An analysis must be completed for each location to determine what additional risk exists and what additional controls are required.
Corporate Risk and Security will conduct a risk assessment of each location every three years or less if necessary.
Risk Assessment: the risk assessment is a process, which identifies and quantifies the real risks and key business factors associated in operating a business location. The process is based upon a survey which facilitates the gathering of data specific to the following: environmental factors, business factors, site location and design, municipal resources, crime and demographic factors, business risk profile factors.
Environmental factors: weather, geological activity, political, chemical.
Business factors: value of operation, proprietary information, key assets (including manufacturing processes) duplicated/non-duplicated activity, level of staff, impact to total corporation.
Site Location and Design: physical attributes, fire suppression, public accessibility, access points and natural hazards.
Municipal Resources: public utilities police and fire resources and response, medical resources, bomb procedures, disaster assistance.
Business Risk Profile: crime history and demographics, population analysis, historical crime survey and possible trends.
Check Out: How to Complete a Risk assessment
Risk Analysis Process:
- Evaluate the risk exposures and determine the corresponding risk category that must be applied to that location, if any, in reference to the Corporate Profile.
- The evaluation for the location must be done and approved by the Corporate Director of Risk and Security.
- Both a vulnerability and exposure matrix will be used for three distinct categories: (1) natural disasters; (2) man-made incidents; and (3) incidents.
Check Out: Understanding of Real Risk
Risk Quantification will be conducted by Corporate Risk and Security who will utilize four categories for quantifying risks in reference to the Corporate Profile:
Category 1 (Extreme Risk):
Civil and other war situations wherein the central government does not control significant geographical areas, which are in the partial control of insurgent forces, or where government control is immediately threatened. Also, nations or cities undergoing violent transformation through a military coup or revolution. A major environmental hazard has been determined to be uncontrollable and would cause serious harm, i.e., volcano. Travel and/or event movement are discouraged.
Category 2 (High Risk):
Locations where terrorist or guerrilla groups pose a serious threat to a nation’s political and/or economic stability; a country or city faced with widespread street violence resulting from political dissension or economic unrest. Also, countries or cities with known potential for military coup/militia groups or evidence of prejudicial treatment against foreign/nationality interests. Only essential travel would be recommended. Any location where company has been the target of terrorists around the world. Additional measures should be set forth to mitigate the threat of bombings, bomb threat searches, and reduce any real event risks to personnel and property. An environmental hazard has been determined to be uncontrollable and would cause harm if incident occurs. Stringent security precautions and travel awareness is warranted.
Category 3 (Moderate Risk):
Locations where political or economic turmoil is evident and/or terrorist/guerilla groups are regularly active but have not become strong enough to threaten government stability. Also, nations or cities involved in potentially violent regional disputes or with high rates of crime. The threat of violence in the work place is high. Non-US locations where the risk exists or is emerging where economic crime, underground/street gang/mob influence is prevalent. The measures designed to prevent or mitigate violence are on property must be implemented in all US locations wherever the risk exists worldwide. An environmental hazard is possible due to location and trend of natural disaster paths, i.e., cyclone paths, tornado alleys, earthquake epic centers, etc. Upgraded security precautions are warranted for travel or investment if disaster mitigation methods are required.
Category 4 (Low Risk):
Locations relatively free of frequently recurring acts of political, economic or criminal violence and societal arrest. Nations or cities where organized antigovernment elements or terrorist/guerilla groups may be active but maintain only limited operational capabilities. No known environmental hazards are apparent. Modest security precautions are warranted for travel or investment if corporate security concepts meet corporate standards.
If you have any questions do not hesitate to contact me.