Security Risk Assessments (SRA)

Security Risk Assessments (SRA)

Security Risk Assessments, or SRAs, are based on a threat assessment, an on-site (or desk-top) vulnerability assessment, identifying security strengths and weaknesses, and a consequence assessment of the outcome or impact of a threat materialising. The results of the three assessments are used to quantify and assess the risk. SRAs can be conducted to assess the risks of an asset, element and/or an organisation e.g. a ship, facility, compound etc.

The SRA will typically include a list of recommendations; highlighting weaknesses, strength and what should be improved in order to minimise the risk of an incident occurring. The SRA is a document used for decision-making, planning purposes and risk management. It assists the organisation to obtain an improved understanding of the risk and/or how to mitigate it.

The SRA may include following types of assets or elements, but not limited to:

• Port Security Risk Assessment (PSRA), identifying threats and risks in a specific port and the nearby city, including the vulnerability of the port. It assesses both the port itself, access to the port, and any conditions such as access control, surveillance on/off shore, fencing, emergency services available and even cyber security, that may affect port call security.

• Critical Infrastructure Security Risk Assessment (CISRA), identifying threats, vulnerabilities and risks of a critical infrastructure assets or various types of sites e.g. amusement parks, factories, public buildings etc.

• Offshore Security Risk Assessment (OSSRA), identifying threats, vulnerabilities and risks of a specific offshore facilities e.g. oil rigs, FPSO (Floating Production Storage and Offloading) or similar.

• Field Security Risk Assessment (FSRA) is for the offshore Oil & Gas operations. The assessment is intelligence-led and includes assessments of the physical and social geography of the operation and can be used to determine the risk that will influence decisions related to operational, financial, time frames and general feasibility. May also include assistance on field security planning or supervision/audits of existing field security arrangements including services provided by external security contractors.

• Regional Risk Assessment (RRA) is a semi-quantitative threat assessment model & report (e.g. Indian Ocean, West Africa or South East Asia) and is a risk assessment for an entire fleet or part thereof, consisting of multiple vessel types trading on multiple routes through a specific region.