It is likely that on September 11th, 2001 most organizations did not have a recovery plan strategy or specific procedures regarding large commercial aircraft crashing into their facilities. Similarly, many organizations today did not likely have a plan for the hazard potential of a worldwide COVID-19 pandemic which has shut down the economies and disrupted supply chains of nearly every country on the globe. This has never happened like this before. Who knows what the next unknown hazard will look like?
Many experts recommend that organizations adopt an “all-hazards” planning approach. This involves performing a detailed risk assessment of all potential hazards that can possibly affect the organization, and then develop mitigations, planning strategies, and perform testing exercises based on these prioritized hazards . These potential hazards are defined by certain categories, such as Natural Disasters, Human-caused Events, or Technical Disruptions. For each potential hazard, one should determine the rating for each based on the following risk factors:
- Probability of Occurrence (Likelihood the threat will materialize)
- Loss Impact (Direct impact due to the loss of the function)
- Consequence (Downstream losses as a result of the realized threat)
- Exposure (the passive, inherent factors contributing to vulnerability)
- Level of Control (the active, controllable variables to offset vulnerability, e.g. – the Fire Suppression system)
In order to be complete in this assessment, it is also important to understand and consider the other side of the all-hazards planning approach, which is to identify and address all the “asset-types” for the organization that can be impacted by these potential hazards. What are the key assets to the organization, and how can the potential hazards affect these different asset types? In many cases, organizational assets can include: Facilities, Personnel, IT/Infrastructure, and Data/Records. So now, as an example you can develop planning strategies to account for all the “loss of facility” scenarios, whether the cause is fire, flooding, tornado, earthquake, train derailment, or other.
Another often missed element is regarding the asset of Image/Reputation where certain hazards can affect and impact the organizational Brand value in the marketplace. Consider that a single Asset can have one or many identified threats, and likewise multiple asset types can be affected by a single common threat.
In summary, a comprehensive Enterprise Risk Management strategy will identify all the potential Hazards that can affect the organization, then rank and prioritize these for the different Asset Types that are identified for the organization, and finally employ mitigation strategies, effective planning approaches and testing/exercising to bring the organization into even greater resilience.
For more detailed information about how to better prepare your organization with an All Hazards Risk Assessment, effective BC/DR Planning tools, or to schedule a tabletop exercise with our Certified Business Continuity Professionals, please contact us via:
- The contact form using the link at the top of this page
- Email at PSISales@ParadigmSI.com
- For more information, call us at 800-558-9568 ext. 300
- To speak with a Sales Representative about Business Continuity Planning Consulting or Business Continuity Software, please call:814-330-2560
ref: https://www.ready.gov/planning