There are seven factors that the FDA used in conducting the vulnerability assessment and appropriate scale for scoring. These factors include: …show more content…
Discuss the ASIS seven step approach to risk assessment.
ASIS International is the leading organization for security professionals worldwide and is dedicated to increasing the effectiveness and productivity of security professionals by developing educational programs and materials that address broad security interests (www.asisonline.org). They have developed policies and guidelines that help in security management and one of these guidelines is the general security risk assessment guidelines that detail a seven step approach to risk assessment.
The first step is understanding the organization and identifying the people and assets at risk. The entails knowing the core business of the organization while keeping in mind all the endeavors that enable it to operate successfully. This leads to the need to know all the assets and property that might be at risk. Important assets include people i.e. employees, vendors, customers, etc. and property including tangible assets like building and money and intangible assets like intellectual property (www.asisonline.org). The second step is to specify loss risk events and vulnerabilities. This is done by looking at historical events, events at similar sites, occurrences at similar facilities etc. Vulnerability analysis can be done to determine the risk factor of an event and important sources of information include crime related events, non-criminal events and consequential events (Vellani, …show more content…
The frequency of events refers to how often a loss occurs at an event and the probability of loss risk refers to other factors that affect the risk involved e.g. prior incidences, trends, threats etc. This will determine the appropriate solution to the potential risk when management looks to make decisions (Vellani, 2007). The determination of the impact of an event is the forth step and it looks at the impact an event will have to the business in terms of financial, psychological and other costs that might occur with loss of business. These costs can be direct (financial losses) or indirect (bad publicity).
The fifth step in developing options to mitigate risks. Whilst there will be a variety of options available to address the risk faced, they all must be evaluated to see how practical, how affordable and how relevant they are to meet the needs of the organization. This is because the process to be developed should be the best suited to afford maximum benefit to the