You may have heard the term “risk assessment” before. In the security industry, it seems like everyone is performing, designing, or at least talking about risk assessments. With the amount of information out there, it’s important to understand what a risk assessment is, why it matters, and how to do one. This post is designed to serve as a guide for creating a simple risk assessment, good for a homeowner, business, or other low to medium-level threat scenarios. By the end of this article, you should have a solid foundation to be able to assess and prevent you most likely and most destructive threat scenarios.
What Is a Risk Assessment?
A risk assessment is a process used to determine threats to security and how to protect against them. Sometimes it’s simple brainstorming, but often it becomes a deliberative process that includes threat assessments, vulnerability assessments, and a number of other steps. We’ve boiled it down to four steps: Pre-Threat Assessment, Prioritizing and Planning, Contingencies, and Evaluation.
The first step in your risk assessment is to consider all likely threats. Notice I didn’t say all possible threats. Is it possible that a heist team will blow your door off its hinges with C4, ransack your house, and escape by helicopter? Sure, but it is far from likely. You have to honestly assess the factors that play into this. Do you live in a high crime area? Are you a person of interest, celebrity, or some other attractive target? Have you been the victim of a crime before? Be honest with yourself but leave no stone unturned. We spoke with security expert Tim Wenzel to learn about his approach to threat assessments. He recommends the following steps when determining your unique threats:
For most homeowners, you’ll find burglary, armed robbery, home invasion, or some other variant of these crimes. Maybe an arson or two. Regardless of what your likely threat is, spend some time brainstorming and come up with the top 3 threats that you hope to guard against. Once you’ve settled on your top 3, rank them in order of how much damage they would cause. “Damage” isn’t limited to physical damage to the property, but can include physical or emotional harm to people involved. For example: if your biggest concern is burglary while you’re out of town and your second biggest concern is a break-in while you’re sleeping, you might have your priorities mixed up as number two is almost invariably more damaging.
Prioritizing and Planning
Identify which threat is most damaging and most likely. Think of this like the overlapping section of a Venn diagram.
This will be different for every building, scenario, and person. If you are performing a risk assessment for a property you rarely use, and one that doesn’t contain much of value, burglary might cause minimal damage. If you are performing a risk assessment for your family home (where your children live) in a well to do neighborhood, burglary would be devastating. Have your priorities in order and make sure you hit on the correct threats. From here, the risk assessment will revolve around this threat and what can be done to mitigate it. Start to think about countermeasures, procedures, or other ways to stop the threat or make it less damaging.
Figuring out how to improve your security can be overwhelming and it’s worthwhile hiring a professional security consultant to guide you through the process. A security consultant who specializes in this area can make sense of your options and help you understand important dos and don’ts.
In addition to Tim, we spoke to Chris Chapeta of Bastion Projects. Chris' approach to securing a home or building revolves around two concepts: architecture and systems. Architecture refers to the layout and construction of the building as it relates to security risks. Think about the possible security risks that are built in to the structure.
Lots of physical features will play into this:
Systems refer to the operation of the property (daily life) and security devices you might employ. You should think about procedures and habit. Some things to factor in are:
These questions need to be answered so that a successful security plan can be developed. There should be hard and fast rules that all members are aware of and actively follow.
No matter what security measures you choose or which experts you consult, you need a plan B. As we’ve covered in our previous blog posts, all security measures can be defeated with enough time, the right tools, and skill. Plan B is not some magic bullet but rather evacuation. Every office building, school, and government facility has plans in place to evacuate when something goes terribly wrong. You should have one too. Know your exits and make sure you keep them unobstructed.
Remember: this whole process is an assessment. You have to assess the risk, but also assess your response to the risk. Once you decide on your security measures. Sit down with your team, family, consultant, etc. and discuss whether or not your plan will meet your needs. If not, start from scratch. A risk assessment should always be a work in progress. Improve upon your plans, your safety depends on it.