Our soon-to-be-available app uses an approach that recognises we all have different contexts.
– we might share some of the same exposures to extreme events
– we might share some of the same things we care about
Yet there is a need to consider how your hazards interface with your vulnerabilities.
– your hazards of relevance and significance
– your asset criticality, vulnerabilities, and impact
– your thresholds for acceptable risk
… and based on these considerations, tailor your action plans to meet your needs.
The default context of the app is set for “business” – where the focus is on the “care-abouts”supporting prioritised activities (the set of necessary activities required to deliver a product or service).
Where risk is viewed as a function of the interface between significant hazards relevant to the business context and the vulnerability of critical resources/assets.
How does the app work?
1. Identify hazards relevant to your context and attribute a score to their significance.
Examples shown above are from the “Standard on Continuity, Emergency, and Crisis Management”, NFPA 1600
2. Identify the things you care about (“care-abouts”) and score their criticality and vulnerability against significant hazards. (The impact slider is used when disasters occur)
For each of the identified processes or prioritized activities required for your entity to achieve its objectives, identify the “care-abouts” that support the processes or critical activities by focusing on the following:
(3) Infrastructure (including premises)
(4) Technology (including plant and equipment)
(5) Information (digital and analog)
(6) Supply chain (supplies and suppliers)
How vulnerable is this resource in the current circumstances?
Vulnerability is a function of many things.
It is about the characteristics and features of the resource, and the dependencies and interdependencies associated with it, which make it more resilient, or more adaptable, or more fragile.
Vulnerability may be summarized as “a measure of the extent to which a community, structure, service or geographical area is likely to be damaged or disrupted, on account of its nature or location, by the impact of a particular event.” [SOURCE: Glossary of Environment Statistics, Studies in Methods, Series F, No. 67, The Organisation for Economic Co-operation and Development]
For people, this may be about factors such as their health and their behavior.
For premises, it may be about such things as the integrity of the structure and location (exposure to hazards).
For processes, it may be about factors such as their fitness for purposes and backup.
For providers, from utilities (“lifelines” – such as energy, water, waste, communications) to supplies related more directly to your products and services, it may be about factors such as the provider’s size, capability, resilience, and replaceability.
For profile, it may be about the nature and perception of the prioritized activity, associated stakeholders, and how well relationships associated with the activity are managed.
Note: Vulnerability encompasses a variety of concepts and elements including sensitivity or susceptibility to harm and lack of capacity to cope and adapt. [SOURCE: ISO 14090:2019 Adaptation to climate change] Adaptive capacity is the “ability of systems, institutions, humans, and other organisms to adjust to potential damage, to take advantage of opportunities, or to respond to consequences”.
In a nutshell, it is about the resource’s “propensity or predisposition to be adversely affected”. [SOURCE: ISO 14091 Adaptation to climate change – Guidelines on vulnerability, impacts and risk assessment]
Evaluating vulnerabilities should give consideration to:
(2) Single-source and sole-source suppliers
(3) Single points of failure
(4) Potential qualitative and quantitative impacts from a disruption to the resources in NFPA 1600/1660 (people, property, operational capabilities including technology, the environment, and the entity itself)
3. Develop and implement action plans awhere required.
Communication and collaboration are fundamental to successful management. Especially the management of risk. Therefore reports generated are based on being able to select from combinations of any – or all – of the data fields outlined above and can be generated as PDF documents – to be shared and communicated as required.