International risk management standards require the entity to adopt a defined and documented process for risk assessment
that will enable the entity to understand the threats to and vulnerabilities of its critical activities.
This is emphasized in the Business Continuity and Emergency Planning Standard (NFPA 1600) sections on RISK ASSESSMENT.
5.3.1 The entity shall identify hazards, monitor those hazards,the likelihood of their occurrence, and the vulnerability of people, property, the environment, and the entity itself to those hazards.
5.3.2 Hazards to be evaluated shall include the following:
(1) Natural hazards (geological, meteorological, and biological)
(2) Human-caused events (accidental and intentional)
(3) Technological-caused events
5.3.3 The entity shall conduct an impact analysis to determine potential detrimental impacts of the hazards on the following:
(1) Health and safety of persons in the affected area at the time of the incident
(injury and death)
(2) Health and safety of personnel responding to the incident
(3) Continuity of operations
(4) Property, facilities, and infrastructure
(5) Delivery of services
(6) The environment
(7) Economic and financial condition
(8) Regulatory and contractual obligations
(9) Reputation of or confidence in the entity
(10) Regional, national, and international considerations."
(Ref NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs, 2007 Edition)
For demonstration purposes on this webpage, we focus on "natural hazards" because they are:
(a) global and thereby provide "a common language";
(b) shared and thereby invoke interdependencies; &
(c) to a degree, non political and thereby minimize issues of sensitivity and confidentiality.
Click here to download a "potential sources of risk" framework (104 KB pdf), which illustrates that a broad range of risk sources should be considered.
Risk Assessment Methods.
Click here for an outline of EPCB's approach to Security Risk Assessment and Information Security (pdf)
Click here for a straightforward, easy to use, Hazard Vulnerability Assessment Tool (52 KB xls).
Scenario modelling (of interactions between hazards, vulnerabilities and exposures) is a crucial step which informs sound risk ranking and planning considerations. Results from recent analyses and performance reviews recognize that “comprehensive planning, including using the results of disaster simulations, can help organizations better prepare for potential disasters and thereby mitigate their effects”. (Ref: GAO-07-114 SBA Disaster Preparedness, Feb 2007, p. 3-4)
Generate and model scenarios by identifying what, why, where, when and how events could effect the entity (business).
Premise predicaments - and tease out issues for prevention, preparedness, response and recovery.
Click here to download a presentation on context mapping and risk assessment (pdf 1.13 MB pdf)
Scenarios provide an excellent platform to engage stakeholders, assess risks and exercise key management competencies.
EPCB use quality planning processes (such as those outlined in the table below) to ensure tailored outcomes are achieved.
EPCB's quality controlled approach to developing and delivering scenario based exercises (pdf).
Self-Assessment / Validation
Click here to download a "Risk Assessment" self-assessment tool (82 KB xls).
Click here for information on EPCB's Complete Continuity Toolkit (Software).
Click here to go directly to the secure purchase page.
| |
|
Description |
1. |
|
EPCB Consulting Services (costs and conditions)
Our professional services are developed with you to ensure they are tailored to meet your needs.
We provide research, advice, plans, and the facilitation of reviews, exercises, and training.
Our approach and service range is displayed throughout this website. |
The guidelines, tools and templates in our pages will both support your planning processes and strengthen your preparedness outcomes. Using familiar software (Microsoft Word, Excel and PowerPoint), we focus on quality processes within a risk management framework. The approaches we provide serve as best practice models - they should not just be used as "templates for duplication" with a few global word changes. You should evaluate the significance of any specific requirements particular to your context (legal, political, cultural, commercial etc) - then tailor your approach and documentation accordingly.
|