Vulnerability assessment looks inward at an organization’s own weaknesses and how these can affect the security of its staff, premises, and equipment. It is an assessment of factors that are specific to the organization and its operations rather than the environment. Some specific vulnerability factors for organisations include the following:
Location – An organization working in an area with significant threats and many security incidents will face higher risk. Similarly, working in a remote area where medical facilities and transportation systems are inadequate may make the impact of certain threats greater as timely measures to stabilize the situation after the incident cannot be assured. This too has the effect of increasing overall risk.
Exposure of staff and property – Organizations working in the same general location may face different levels of risk due to increased opportunities for contact with potential threats, e.g., due to higher staff numbers or frequent field missions to more dangerous locations.
Value of property – Organizations with more valuable property may be more likely to be selected as targets.
Impact of programs – Organizations whose programs have an impact on different groups or are seen to benefit one of the parties to a conflict may be more vulnerable than others.
Security measures – Organizations that adopt appropriate measures are usually less vulnerable than those that do not.
Compliance – Even if an organization adopts appropriate security measures, vulnerability is still dependent upon the staff’s consistent compliance with the measures set in place, as a manager it is advised to enforce the measures and ensure members of the organisation are compliant.
Staff interpersonal skills – Poor personal behaviour and communication skills can affect your vulnerability by increasing the chance of personal interactions turning into conflict or even developing into security incidents. Good interpersonal skills help staff members to avoid incidents and mitigate the impact if they occur.
Image – Vulnerability can also be dependent on the image of your organization. For example, an office of an organization that has an image of wealth, and little tolerance for community conflict, may be a more likely target for theft than other offices.
These vulnerability factors and some of the methods used to evaluate them are described in more detail in module 6 – Vulnerability Assessment.