Disaster prevention requires a disciplined focus on identifying and mitigating risks. An initial step is to develop a common understanding of the organization’s risk tolerance and to identify the critical operational areas and locations. What are the industry-specific economic forces, compliance guidelines and your organizations specific business resiliency goals that shape your risk profile? The recognition of risk and a systemic approach to mitigating that risk is a key aspect of your program.
Eagle Rock collaborates with your team to define the scope and customize the project to your specific needs. As the program matures we can help you setup a risk reduction program that conducts periodic assessments across a variety of locations and operational areas and help vary the scope / angle of each assessment. Eagle Rock offers the following services, listed below, to assist in establishing your company's strategies to preventing disaster.
Internal Risk Assessment
Facilities are exposed to risks man-made or natural, intentional or accidental, on a regular basis. Internal risks can be obvious or hidden and can range from a critical Single Point of Failure, to a poor management process, to the most common operator error. Identifying risks and analyzing the potential impacts in terms of cost, reputation and other factors, is a valuable if not mandatory step in establishing risk mitigation priorities and budgets. What security risks are your facilities exposed to on a regular basis? Are there controls in place to mitigate or eliminate these risks? Are the appropriate compliance processes in place? Internal risks that are not properly mitigated, can negatively impact your business process.
The Eagle Rock Solution to assessing internal risks:
Our Solution is described in the list below:
- Review floor plans of the building to identify areas where the greatest risks may be located
- Evaluate of the adequacy and functionality of various management controls
- Evaluate the adequacy of the controls and if they are in place
- Review with the Security Dept. what controls should be in place to minimize the risks
- Determine if there are any risks which currently are uncontrolled
- Prepare a report that details the overall risk assessment and recommendations for further risk mitigation initiatives
Upon completion of this facility risk assessment, a company will gain a thorough understanding of the risks and exposures to its primary production facility. Identified risks are evaluated for mitigation or eliminated, and where appropriate cost estimates are developed in support of recommendations. From the risk mitigation recommendations that are generated, critical decisions can be made to further harden the facility.
External Risk Assessments
Businesses are exposed to man-made, natural and infrastructure risks on a regular basis. The probability and impact of these risks occurring can range from low to high. Historical data can provide statistics on the frequency and severity of weather events, transportation disruptions or public utility outages. A Risk Matrix, like the one shown below, is commonly used to define the various levels of risk. If an identified risk is a high-probability occurrence at a primary facility, it may also affect a company's alternate sites.
The Eagle Rock Solution to assessing external risks:
- Identify man-made risks with a medium-to-high occurrence probability
- Identify natural risks with a medium-to-high occurrence probability
- Identify infrastructure risks with a medium-to-high occurrence probability
- Quantify the impact from the above risks
- Determine potential impacts to other production/alternate sites from an occurrence at the primary production site
- Present analysis findings, accompanied by a list of recommendations designed to reduce the risk
Upon completion of this risk/threat analysis, a company will gain a thorough understanding of the potential risks and exposures facing its primary production facility. Critical decisions can be made regarding where specific operations are located as well as decisions to further harden the facility. The information from an External Risk Assessment is typically used when organizations are evaluating acceptable geographic locations for alternate or back-up sites.
Single Points of Failure Analysis
Your business is designed like a network of highways with a network of information flowing in all directions. Data is being shared from application to application, and from site to site. An accident on your highway could result in information not being delivered, or even worse, there could be no power to drive the information. Facilities could be isolated until repairs are made or replacement resources are purchased and installed. Identifying and eliminating any single points of failure need to be primary concerns supporting your firm’s critical operations.
The Eagle Rock Solution to identifying single points of failure:
Single points of failure analysis can focus on facility infrastructure and/or IT systems and applications and involves working closely with the building support staff and the IT infrastructure staff (network, server platforms, security).
Conduct a review of the facility using industry uptime Best Practices as a framework of:
- Utility Power
- Transfer switch and generators
- UPS systems and power distribution to the cabinet
- Entry paths into the building for data network and voice
Working with your IT infrastructure team the focus will include:
- Review of Wide Area Network (WAN) and Local Area Network (LAN) designs
- Analysis of server platforms, key infrastructure systems
- Database platforms and interfaces
A single point of failure analysis will allow you to identify any potential roadblocks before they have a devastating effect. "To be forewarned is to be forearmed." In addition to identifying these troublesome points, we will recommend cost effective solutions to mitigate them and work with you to implement the one(s) that you feel are best. Let us help you to remove these corporation threatening issues before they have a negative impact.