Natural hazards have been the cause of the vast majority of Federal Disaster Declarations. Hurricanes, earthquakes, tornadoes and other natural hazards cannot be prevented. Some technological hazards such as a regional power outage cannot be prevented by an individual business. Accidents that were not prevented and intentional acts that were not deterred can result in property damage and business disruptions. For those hazards that cannot be prevented, there are still many opportunities to reduce the potential impacts on life, property, business operations and the environment. These opportunities are addressed in risk mitigation.
There are many mitigation strategies that can reduce damage from hazards. The first is site selection. Selecting a building site that is not subject to flood, storm surge, significant ground shaking from earthquakes or in proximity to hazardous facilities is a first consideration. Building construction should meet applicable building codes that include requirements for fire protection and life safety. High valued assets including data centers, expensive production equipment and hazardous processes should be carefully reviewed to determine the most appropriate protection in accordance with national standards. Computer network security should be evaluated to determine whether electronic information is secure.
Strategies to mitigate business disruption include providing uninterruptible power supplies (UPS) and an emergency standby generator for critical equipment. Development of a business continuity plan with recovery strategies is another method of risk mitigation.
You should research applicable fire prevention regulations, national standards and best practices to identify mitigation opportunities and requirements. Confer with your insurance agent, broker or underwriter to determine if they provide consultation services to assist with the development of customized protection specifications for a new or renovated facility. Highly protected facilities may be eligible for reduced insurance premiums.
Insurance is Financial Risk Mitigation
Purchasing insurance is a way to reduce the financial impact of a business interruption, loss or damage to a facility or equipment. Insurance companies provide coverage for property damage, business interruption, workers’ compensation, general liability, automobile liability and many other losses. Insurers only pay when the peril (i.e., hazard) that caused the loss is insured by a policy. Losses caused by flood, earthquake, terrorism or pollution may not be covered by standard property insurance policies. Flood insurance coverage for a facility located within a flood zone may be purchased through the National Flood Insurance Program. Earthquake, terrorism and pollution coverage may be purchased separately or as an endorsement to an existing policy. Coverage for other hazards such as mold may be provided as part of the basic property insurance but the amount of loss payable under the policy may be limited.
Business interruption coverage is available to reimburse profits during the business shutdown and certain continuing expenses. Contingent business interruption coverage is available to reimburse losses caused by a supplier failure. Endorsements to standard policies can cover extra expenses such as the additional costs for expedited delivery of replacement machinery following an insured loss.
Review your insurance policies with your agents, brokers or directly with your insurers to determine whether your insurance policies adequately cover your potential losses. Consider the following recommendations.
- Review the risk assessment and the identified hazards and potential impacts to your business.
- Use the business impact analysis as a tool to quantify potential financial impacts.
- Examine any scenario that results in impacts to multiple facilities. Evaluate whether the limits of insurance are adequate.
- Compile an inventory of properties and assets and determine whether insurable values reflect inflation costs over time.
- Review whether property insurance policies cover actual cash value or replacement cost.
- Be sure you understand deductibles, waiting periods before coverage begins, and procedures for notification of insurers when a loss occurs.
Risk Mitigation Resources
- Protect Your Property from High Winds Series: Secure Built-Up and Single-Ply Roofs; Secure Metal Siding and Metal Roofs; Remove Trees and Potential Windborne Missiles; Protect Windows and Doors with Covers - Federal Emergency Management Agency (FEMA)
- FM Global Property Loss Prevention Data Sheets - FM Global
- Standard for the Installation of Lightning Protection Systems – NFPA 780
- Structural Lightning Safety - National Lightning Safety Institute
- Equipment Start-Up, Shutdown & Maintenance, Maintenance Fact Sheets - Hartford Steam Boiler Inspection and Insurance Co.
Human-Caused Intentional Acts
- Standard for Security Services in Fire Loss Prevention – NFPA 601
- Integrating Manmade Hazards into Mitigation Planning - FEMA 386-7
- Guide for Premises Security - NFPA 730
- Standard for the Installation of Electronic Premises Security Systems – NFPA 731
- Private Security Officer Selection, Training and Licensing Guidelines - International Association of Chiefs of Police
- Workplace Violence—Issues in Response - Federal Bureau of Investigation
- Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings – FEMA 426
- Primer for Design of Commercial Buildings to Mitigate Terrorist Attacks – FEMA 427
- Site and Urban Design for Security: Guidance against Potential Terrorist Attacks – FEMA 430
- Incremental Protection for Existing Commercial Buildings from Terrorists Attack: Providing Protection to People and Buildings – FEMA 459
- Guidance for Filtration and Air-Cleaning Systems to Protect Building Environments from Airborne Chemical, Biological, or Radiological Attacks - U.S. Centers for Disease Control and Prevention
- Computer Security Resource Center - National Institute of Standards and Technology (NIST), Computer Security Division Special Publications (800 Series).
- Information Security Handbook: A Guide for Managers - NIST, SP 800-100
- Risk Management Guide for Information Technology Systems - NIST, SP 800-30
- Generally Accepted Principles and Practices for Securing Information Technology Systems - NIST, SP 800-14
- An Introduction to Computer Security: The NIST Handbook - NIST, SP 800-12
- Standard for the Protection of Information Technology Equipment – NFPA 75