CAN-ASC-5.1 Standard on Emergency Measures: Public Review Draft – 7. Hazard identification, risk assessment, prevention, and mitigation

7.1 Hazards

Hazards to be evaluated should include, but not limited to, the following:

  1. geological;
    1. earthquake;
    2. landslide, mudslide, subsidence;
    3. tsunami; and
    4. volcano
  2. meteorological;
    1. drought;
    2. extreme temperatures (hot, cold);
    3. famine;
    4. flood, flash flood, seiche, tidal surge;
    5. geomagnetic storms;
    6. lightning;
    7. snow, ice, hail, sleet, avalanche;
    8. wildland fire; and
    9. windstorm;
  3. biological;
    1. food-borne illnesses; and
    2. infections/communicable/pandemic diseases
  4. accidental human-caused:
    1. building/structure collapse;
    2. entrapment;
    3. explosion/fire;
    4. fuel/resource shortage;
    5. chemical sources;
    6. hazard material spill or release;
    7. equipment failure;
    8. nuclear reactor incident;
    9. radiological incident;
    10. transportation incident;
    11. unavailability of essential employee(s);
    12. water control structure failure; and
    13. misinformation
  5. intentional human-caused:
    1. incendiary fire;
    2. bomb threat;
    3. demonstrations/civil disturbance /riot/insurrection;
    4. discrimination/harassment;
    5. disinformation (rumours/false allegations, or accusations);
    6. kidnapping/hostage/extortion;
    7. geopolitical risks including acts of war, change in government, and political instability;
    8. missing person;
    9. cyber security incidents;
    10. product defect or contamination;
    11. robbery/theft (including identity theft) /fraud;
    12. strike or labour dispute;
    13. suspicious package;
    14. terrorism;
    15. vandalism/sabotage;
    16. workplace/school/university/public spaces violence; and
    17. supply chain constraint or failure
  6. technological:
    1. hardware, software, and network connectivity interruption, disruption, or failure; and
    2. utility interruption, disruption, or failure
  7. economic/financial:
    1. foreign currency exchange rate change;
    2. economic recession;
    3. boycott; and
    4. theft/fraud/malfeasance/impropriety/scandal involving currency, monetary instruments, goods, and intellectual property
  8. strategic:
    1. loss of senior executives; and
    2. failed acquisition/strategic initiative; and
  9. humanitarian issues.

7.2 Risk assessment

Organizations shall conduct a risk assessment.

The organization shall identify hazards and monitor those hazards and the likelihood and severity of their occurrence over time.

The vulnerability of people, property, operations, the environment, the organization, and the supply chain operations shall be identified, evaluated, and monitored.

The organization shall conduct an analysis of the impact of the hazards identified on the following:

  1. health and safety of persons in the affected area;
  2. health and safety of personnel responding to the incident;
  3. security of information;
  4. continuity of information;
  5. continuity of government;
  6. property, facilities, assets, and critical infrastructure;
  7. delivery of the organization’s services;
  8. supply chain;
  9. environment;
  10. economic and financial considerations;
  11. legislated, regulatory, and contractual obligations;
  12. brand, image, and reputation;
  13. work and labour arrangements;
  14. equitable access to all of the above inclusive of those outlined in 5.3.

7.3 Hazard mitigation

The organization shall develop a strategy to help to prevent an incident that threatens life, property, information, and the environment.

The mitigation strategy shall be based on the result of hazard identification and risk assessment, an analysis of the impacts, program constraints, operational experience, and cost-benefit analysis.

The mitigation strategy shall include interim and long-term actions to
reduce vulnerabilities.

7.4 Hazard prevention

The organization shall develop a strategy to prevent an incident that threatens life, property, operations, information, and the environment.

The prevention strategy shall be kept current using information collection and intelligence techniques.

The prevention strategy shall be based on the results of hazard identification and risk assessment, an analysis of impacts, program constraints, operational experience, and a cost-benefit analysis.