Joe Tulga, director of safety and emergency management at The Christ Hospital Health Network, says emergency preparedness starts by conducting a risk assessment to identify potential disaster events and determine the impact to the organization and define appropriate preparedness measures.
The components of a comprehensive risk assessment should begin with a hazard vulnerability analysis (HVA), he says.
“This analysis starts with a list of all the natural events that can occur,” Tulga says. “For each disaster event you determine the probability of the event, the impact to safety and business operations should the event occur, and the preparedness level to mitigate and respond to the event. The HVA can be used to prioritize emergency planning efforts and funding needs for resources and assets.”
Another key step to take is to conduct a business impact analysis (BIA), which identifies and quantifies impacts to business operations resulting from disruptions and interruptions. The BIA is used to develop continuity, response, and recovery strategies and plans.
“Also, a resource and asset assessment is key as this assessment determines what resources and assets are needed for response, continuity, and recovery operations,” Tulga says. “This includes human resources, facilities, equipment, materials, and supplies. Creating partnerships and establishing mutual aid and assistance agreements is a very effective preplanning practice. Ensuring that the 24-hour emergency contact telephone numbers are up to date is also critical to this process.”
Gao adds that a comprehensive facility risk assessment requires a systematic approach to identifying, analyzing and evaluating potential risks that could lead to power supply loss and cascading impacts for safety, operations and business continuity.
As he explains, the process should include hazard identification, focusing on extreme weather, grid instability, internal system failures and proximity to vulnerable infrastructure. This also evaluates both the likelihood of outages and their operational impact.
“Spatial risk mapping can help to visualize hazard exposure of assets with a multi-hazard lens,” Gao says.
Next is the vulnerability assessment. Executives should develop an inventory of essential building systems, critical assets, and key personnel to evaluate the facility’s susceptibility to identified hazards and estimate the potential consequences of an event –ranging from operational disruptions to life safety risks.
“Based on this understanding, facilities can prioritize resilience investment and develop targeted resilient strategies such as infrastructure hardening, utility redundancy and emergency action plans,” Gao says. “To remain effective in the face of evolving risks, risk assessments and emergency action plans must not be treated as static, one-time tasks. They should be continuously updated and regularly tested, supported by a robust feedback loop that incorporates lessons learned from drills, real events, and after-action reviews.”
Risk assessments should be completed annually, or after major events that affect the building.
“Another consideration should be if the area surrounding the building has been modified in any significant way that would potentially affect your building, including changes to neighboring properties or roadways, or other infrastructure changes,” Paone adds.
The best practice for conducting comprehensive risk assessments is to execute the process as a team. As Tulga points out, the team should be multidisciplinary to include management, front-line employees, and those employees who are subject matter experts in safety, facility infrastructure, information technology, and communication systems.
“The team can also invite local public safety partners – fire, police, and emergency management –to participate in the exercise,” Tulga says. “The team can use a discussion-based exercise to conduct the risk assessment. The exercise would start with identifying a disaster event, a review of the event, the impact on safety and business operations, and identify those emergency procedures and resources would be needed to respond, maintain continuity and recover from the event.”
John Petzold, managing director, forensics; national practice leader – insurance claims and recovery at BDO, says effective plans require input from engineering, IT, HR, legal, and finance departments to ensure all operational and regulatory angles are covered.
“Once vulnerabilities are identified, they should be prioritized based on their likelihood and the potential operational and financial consequences. To validate and refine emergency response procedures, organizations should conduct tabletop exercises, continuity drills, and scenario planning,” Petzold says. “Most importantly, preparedness plans must be viewed as dynamic tools. They should be reviewed and updated regularly in response to changes in the facility, emerging risks, or shifts in business operations.”
At a minimum, Petzold says risk assessments should be conducted annually. However, they should also be revisited any time there is a significant change in the facility’s structure, operations, regulatory requirements, or insurance coverage. Natural disasters or close calls, such as near-miss events, also warrant immediate reevaluation of the current risk posture.
“Because risk is inherently dynamic, assessments should be seen not as one-time exercises, but as ongoing processes that evolve alongside the organization’s needs and the changing threat landscape,” Petzold says.
There are industry-specific tools available for risk assessment, but Petzold says several advanced technologies can make a significant difference when it comes to risk assessment and preparedness.
“For example, GIS mapping tools are useful for visualizing environmental risks such as flood zones or wind exposure. Building information modeling platforms allow for a detailed visualization of asset interdependencies and enables the simulation of system failures,” Petzold says. “Real-time monitoring through sensor networks and IoT devices provides valuable data on environmental conditions, including temperature, humidity, and energy consumption. Risk modeling software can layer historical data with predictive analytics and climate models to forecast potential losses and inform mitigation strategies. Additionally, cloud-based emergency management platforms and mobile apps streamline crisis coordination, internal communication, and documentation, ensuring that teams are aligned and actions are traceable during an event.”
Gao points out that passive design strategies are other important tools to enhance building resilience as grid disruptions become more common, and buildings move toward full electrification. These strategies reduce dependence on mechanical systems by optimizing building orientation, leveraging thermal mass, enhancing insulation, and utilizing natural ventilation to maintain habitable conditions during outages.
“A well-insulated envelope, operable windows, and optimized daylighting can extend safe indoor conditions during energy supply interruptions, reducing the urgency of immediate backup power and supporting continuity of operations,” Gao says. “In addition, by reducing the overall energy demand, these passive features help reduce the size and cost of backup power systems, thereby supporting continuity of operations more efficiently and economically. Also, resilient investment requires a forward-thinking approach that recognizes the limitations of current building codes, which are based on historical weather data and only address minimum life safety standards.”
These codes often fall short in accounting for today’s intensifying climate risks and extreme events.
“By going beyond code minimums, resilience design targets project-specific outcomes – such as full operational continuity or rapid recovery during disruptions,” Gao says. “This proactive strategy protects long-term asset value, reduces downtime, and enhances business continuity, offering greater reliability in an increasingly uncertain risk environment.”
Maura Keller is a freelance writer based in Plymouth, Minnesota.
Risk Assessment: What Facility Managers Must Consider
Steps for Facility Managers to Take When Setting up a Risk Assessment Plan
