Mitigating Risks With the All-Hazards Approach To Emergency Preparedness

When discussing emergency preparedness on their website, ready.gov, the Department of Homeland Security notes that, “The planning process should take an all-hazards approach. There are many different threats or hazards. The probability that a specific hazard will impact your business is hard to determine. That’s why it’s important to consider many different threats and hazards and the likelihood they will occur.” An all-hazards approach to emergency preparedness is designed to address a full range of threats, risks, and the overarching impact it may have on an organization.

It also is important to recognize that one disaster can simultaneously cause different negative events, creating a cascading effect. For example, a hurricane brings in a surge that causes flooding. That’s bad, but the flood may trigger an organization’s evacuation and relocation of staff. Now that your building is flooded, and has no electrical power or onsite staff, how do you maintain connectivity to your customers or clients? The all-hazards approach covers components of preparedness that often go overlooked.

For example, cybersecurity sometimes fails to make the final contingency plan. Thus, vulnerabilities can occur during a disastrous event which may cause the cybersecurity wall to crumble. Without a plan to mitigate cyber-risk, organizations risk losing a lot more than emails. They can risk losing valuable information that can jeopardize their reputation and bottom line.

All-hazards planning is a sound and proven concept, but it doesn’t mean that organizations must plan for every possible hazard. What it does mean is that organizations must plan for every possible hazard. What it does mean is that organizations should consider all possible hazards as part of a risk analysis. Using a risk-based approach to planning, coupled with functional and prioritized contingency planning, makes the best possible use of limited resources during an emergency.

Risk assessment is a process for identifying potential hazards, risk exposures, and the probability of occurrence. However, most organizations have not conducted a comprehensive risk assessment, in part because of a lack of resources and time devoted to this important function. By doing a Threat, Hazard, Identification and Risk Assessment (THIRA), you can identify the range of hazard and risk exposures that have impacted, or may impact, the area and the organization itself.

The THIRA process allows individual business, faith-based organizations, not-for-groups, schools and academia, and all levels of government, to understand risks and determine the capabilities needed to achieve preparedness. Specifically, the THIRA process includes:

• Identification of threats and hazards of concern.
• Description of threats and hazards, showing how they may affect the organization.
• Establishment of preparedness goals to define success.
• Estimation of resources required to achieve the preparedness goals using community assets and shared resources.

Additionally, the THIRA process ultimately helps organizations answer the following questions:

• What do we need to plan for?
• What shareable resources are required to be prepared?
• What actions could be employed to avoid, divert, lessen, or eliminate a threat or hazard?

With today’s complex and tech-driven world, the interdependencies of our infrastructure and systems create vulnerabilities that differ from the past. Therefore, it is imperative for businesses and public sector organizations to assess inherent risks while taking a comprehensive approach to preparing for emergencies and disasters. Implementing an All-Hazards planning approach to assess potential risks is a necessity to mitigate impacts to business operations and to ensure the safety of your workforce.

For more information, please contact:

Frank Banda, Managing Partner – Government and Public Sector Advisory