hazard identification

This page provides a resource kit which will help business continuity planners with their risk and hazard assessment processes and their business impact analysis. For those working with the NFPA 1600 business continuity standard it will help ensure compliance with the requirement that:

“The entity shall identify hazards, the likelihood of their occurrence, and the vulnerability of people, property, the environment, and the entity itself to those hazards” (Ref 3-3 of The Standard on Emergency/Disaster Management and Business Continuity Programs – NFPA 1600); and

“A continuity of operations plan shall identify the critical and time-sensitive applications, processes, and functions to be recovered and continued, as well as the personnel and procedures necessary to do so, such as business impact analysis, and business continuity management” (Ref 3-6 of The Standard on Emergency/Disaster Management and Business Continuity Programs – NFPA 1600).
Our introduction to the Business Impact Analysis process is outlined below using the following steps:
1. Develop an entity profile.

2. Identify and profile hazards.

3. Establish risk assessment criteria.

4. Create and apply impact scenarios.

5. Compare and prioritise risks.

As shown in our “identify potential sources of risk” pdf, a broad range of risk sources should be considered. For illustrative purposes we use “natural hazards” because they are:

(a) global and thereby provide “a common language”;

(b) shared and thereby involve interdependencies and vulnerabilities; and

(c) to a degree, non political and thereby minimize isssues of sensitivity and confidentiality.
Step 1: Map your context, your critical business functions & the processes they rely on.

Consider critical functions, processes, products and services – and significantly, premise the resources they depend on.

Ensure a sound foundation – click here for a presentation on self assessment (pdf)

An excerpt from our Hazard ID & Business Impact Guidelines (pdf)

The Universal Process Classification Framework below, from the American Productivity & Quality Center

is a useful context tool – for mapping the critical functions and processes (for business continuity).


Universal Process Classification Framework

Lessons from recent shortcomings in Continuity Of Operations Plans (COOP) have brought home the need to focus on ranking functions – grouped and filtered on the basis of those needed first, if not immediately, through to those which are discretionary.


Step 2: Identify your risks and profile your hazards – in order to inform quality scenario analysis.
Layering highlights relationships


Risk is a function of hazard, exposure and vulnerability.

Click on the “Hazard Information and Awareness” banner (above) to explore examples of “hazard and vulnerability layering”.
(Note, these are illustrative examples from the USA of the value of Geographic Information Systems – EPCB’s Business Impact Assessment Toolkit methodology does not rely on Geographic Information Systems technology.)

Step 3: Establish risk assessment criteria.

What criteria determine your focus?

How and by whom will they be selected?

Will you embrace enough of the necessary considerations to be able to demonstrate due care / due diligence?


Step 4: Create and apply impact scenarios.

Generate and model scenarios by identifying what, why, where, when and how events could effect the entity (business).

Ensure a sound foundation for your risk assessment – click here for a presentation on scenario analysis (pdf)

Scenario modelling (of interactions between hazards, vulnerabilities and exposures)

is a crucial step which informs sound risk ranking and planning considerations.


EXAMPLE: click here to download ALOHA, the free plume dispersion model – and generate your own scenarios.


Step 5: Compare and prioritize risks.

Comparing the estimated levels of risk against your assessment criteria.

– this enables judgments to be made about your management priorities.

NB The examples used to demonstrate the Summary Risk Assessment Register (xls) are about Occupational Health and Safety; Extreme Events;and Terrorism (Selected because they are “general” and “shared”).

Click here for a free Summary Risk Assessment Register (xls).


Click here for a free Summary Risk Assessment Register (Word – Rich Text Format).

Featured Resource








Hazard Identification & Business Impact Assessment Toolkit
A 32 page Word.doc guide, an Excel Workbook, & a PowerPoint Presentation.



All prices in US Dollars