It's Risky Not to Know Your Risk!

Know Your Risk

Enterprise risk comes in many shapes and forms. Spanning a spectrum of threats and hazards, risks to a business organization can present by way of threatened or forecasted impact, short- and long-term business impact or disruption, and can present with life safety hazards to your workforce, contractors, and customers. Understanding risk is the very beginning of a process to mitigate threats and hazards and to develop an enterprise incident response and crisis management program.

Risk Assessment

Understanding risk begins with an understanding of your situation. Said simply, what does your business do by way of services and products provided and offered? Add to that a very basic understanding of natural hazard threats local to your facilities (flood, wildfire, extremes of weather), human caused threats (security threats and breaches), and technological threats (cyber security incidents and non-malicious IT and OT system disruptions).

Mitigate

Develop a risk mitigation strategy that includes near-term projects to harden facilities and technology, and risk controls that compensate for known risks in the near term. The list of measures that can be taken can be extensive and will be based on your risks and actions needed to control or eliminate them.

Incident Response

A response to a security or emergency incident begins with an understanding of the situation. These assessments come with different names. The fire services term for this is a Size-up, EMS calls it a “10 second survey”, and Emergency Management leans on the term Situational Awareness. For our purposes let’s merge the concepts and say that a 10 second survey should be done to make a quick life safety assessment – who is in harms way? What can be done to eliminate the threat to human life? Then conduct a full Size-up to determine additional life safety implications, emotional and physical needs to the workforce, damage or destruction to infrastructure such as office facilities and manufacturing plants, and lastly, business impact. The entirety of this information then becomes Situational Awareness which can be used to brief the c-suite and board, and to define crisis management strategies and tactics.

A Crisis Management Team (CMT) is seated to lead the enterprise through a crisis whether it’s a severe weather event or security incident. A Crisis Manager is designated by the c-suite to organize the response, lead the CMT, interface with emergency response agencies, and tackle issues such as workforce displacement, initiation of manual or alternate business processes, and setting goals and objectives for short- and long-term recovery.

Core to a CMT is a Crisis Communications Element. Crisis communications defines communications and messaging objectives, and interfaces with the c-suite to support messaging and interaction with the press, the workforce, and customers,

Do Not Hesitate to Reach Out

Critical Path Solutions has brought together a team that has lived and served through America’s darkest hours. Our team is seasoned by direct experience and decades of complex incident management. Let us help you before an incident occurs. We support risk assessments and incident management planning, risk communications, and can support your organization during the response and recovery to critical events impacting your people and you business. ??

Find us at consultcps.com ?