For example, a Client with a large data center with a heavy flow of personnel traffic at all hours of the day may be served better by a security console system than a point of entry/exit one.
- Asset Identification
- Scenario-based Emergency Response Planning
- Countermeasures Assessments
- Risk Avoidance and Cost Scenarios
- One-, three- and five-year spending programs
- Standards based Vulnerability Analysis
- GSA, FEMA, DOE and other standards
- Remedial System Design
- Financial Impact Reports
- Existing Security System Assessment
Threat and Vulnerability Assessments
The purpose of performing a Threat and Vulnerability Assessment (TVA) is to identify and assess the susceptibility of a facility or operation to a wide range of threats that could result in personal injury, illness, property damage, and/or disruption of operations. A TVA evaluates the ability to either prevent these threats from occurring and/or mitigate the impact should they occur.
Before beginning any vulnerability assessment, county managers would be well advised to collaborate with their legal counsel to assure compliance with the many local, state, and federal laws and regulations that affect a county's assets, especially its employees and its customers.
The first step of the TVA is to evaluate the entity's assets. The following are examples of assets:
- People (employees, customers, visitors),
- Physical Building/Plant
- Physical Assets (computers, furniture, etc.)
- Knowledge Base
- Information Technology (IT Platform)
Perhaps the most important product of the TVA process is that it serves as a guideline for developing a facility's Security Management Plan (SMP), Emergency Response Plan (ERP) and Integrated Contingency Plan (ICP). To address these issues, we provide specific guidelines for routine security management and recommendations for advanced facility protection systems that are intended to support the overall SMP, ERP and ICP initiatives. A professional security TVA report will identify and prioritize key remedial measures and the costs associated with those measures.
The TVA is comprised of the following major elements and processes:
- Assessment of the likelihood of malevolent acts from defined threat sources
- Systematic site characterization of the site under analysis. A performance-based approach to the TVA to evaluate the risk to the client based on the effectiveness of the security systems against the specific malevolent acts
- Identification of system vulnerabilities and establishment of a prioritized plan for security upgrades, modification of operational procedures, and/or policy changes to mitigate identified risks to assets
The Threat and Vulnerability Assessment Report is a tool to help managers and their staffs identify and evaluate a wide range of vulnerabilities that could place their assets in jeopardy under extreme events such as terrorism or workplace violence, as well as less severe events such as vandalism or theft.
Threat and Vulnerability Reports attempt to identify and quantify improvements. The most effective and efficient improvement plan often is built around existing operational procedures. Once these are strengthened, the additional actions to deal with extreme events can be added.
The overall goal of the TVA is to develop recommendations that lead to a cost-effective, balanced security protection system with regard to the threats identified. It covers issues related to security from both human and natural occurrences, and is a first step in a comprehensive response-planning framework.
The TVA addresses matters of a general nature. As such, it does not attempt to cover every issue for every site or customer. It does not address matters that should otherwise be covered under good design principles and standard codes of practice, such as redundancy and reliability of unit processes, or conformance with life-safety and fire codes. It does not replace the need for independent, department-specific judgment and decision-making.
The TVA will also ensure that a municipality or school district is compliant with all FEMA, DHS and Security Act requirements.