Risk assessment protects your operations when mission-critical buildings go offline.
Mission-critical facilities are the buildings that contain activities, devices, services or systems that if disrupted would have a devastating impact on a business, a community or on national security. Major data centers, Chicago’s O’Hare airport, Department of Defense facilities, your local fire department, or the buildings where Federal Exchange servers reside – all of these are examples of mission-critical architecture.
But of course, mission-critical facilities do fail. From natural disasters to terrorism to an explosion at an electrical substation, there are many threats that can cause a mission-critical building to go down. And while it is theoretically possible to protect a facility 100% against all threats, it is simply too costly for most organizations to provide that level of protection.
That is where risk assessment for mission-critical facilities comes into play. By performing a comprehensive assessment of the risks to your mission-critical building – and the costs of losing it temporarily – you can better prepare for the possibility of failure and protect your organization in the event a disaster occurs.
There are five steps involved in risk assessment of mission-critical architecture:
1. Defining and assessing risk.
Before you can plan for risk, you must have a clear understanding of the universe of potential threats, the possible damage that each could do, and the probability that any one particular threat will actually materialize. While natural disasters, terrorism and cyber-attacks are the threats that capture the headlines, the far more common threat to mission-critical facilities is failure of power or infrastructure. A mission-critical call center, for example, can not operate without the electricity it needs to power the phones and the cooling systems to keep servers from overheating. Defining and assessing risk will allow you to prioritize resources to combat threats effectively, weighing the potential cost of the threat against the cost of the protective measures to mitigate it.
2. Planning and auditing back-up systems.
When a threat materializes – the power goes out or the building floods – back-up systems enable you to quickly resume or continue operations. The critical question: how long can you afford for your mission-critical facility to be offline? The faster you need to recover, the more it will cost.
If you’re running the control tower at an airport and can only spare a few seconds of downtime, you are going to need robust and expensive built-in back-up systems with plenty of redundancy. On other hand, if you are a travel agency and your workforce can move down the street to the local coffee shop and work from their mobile devices, being down for a period of time might not create extraordinary disruption to your business – your back-up system may be as simple as going to the hardware store to rent a generator until the power is back online.
3. Defining emergency procedures.
Along with back-up systems for your equipment, you’ll need a plan for your people – operating protocols in the event of an emergency. These procedures not only involve how to evacuate people from buildings, but the role that each person should have in stabilizing the situation or setting back-up procedures in motion. This may be as simple as assigning a team to shut down 5 out of 6 air-conditioning units during a brownout, or as complex as creating a lock-down plan for every office on every floor of a 30-story office building in the event of an armed criminal attack against the workplace.
4. Evaluating workplace safety.
More often than not, it is human error that causes catastrophe. The classic example is the janitor sweeping the server room at night who accidentally hits a power switch with a broom handle and shuts down an entire facility, electrocuting himself in the process. This is a threat that could easily be avoided with proper workplace safety protocols and a plan for continual evaluating of compliance.
5. Conducting systems reliability and maintainability analyses.
Analyzing the reliability, availability and maintainability (RAM) of your back-up and safety systems is the final step in a risk assessment of mission-critical facilities. These analyses determine what it will take to ensure that you can respond to a threat as you have planned. From the availability of the diesel fuel that your back-up generators will need to the fan belts for your air conditioning systems and the spare parts for your back-up systems, RAM analyses cover all the secondary details that a mission-critical response will require and provide methodologies for evaluating the reliability of your systems.
In subsequent blogs, we’ll take a look at the other elements of a plan for protecting mission-critical facilities, including condition assessments of your existing facilities, site planning and programming, engineering and construction services and on-call disaster response.
CCA’s professionals are experienced in threat assessment and can help you plan and perform risk assessments of your facilities. Contact us for more information on how we can help.