Vulnerability & Threat Assessments

The ASIS International General Risk Assessment Guidelines provide a seven-step methodology by which security risks at specific locations can be identified and communicated along with appropriate solutions.  To access the guidelines please click here.

The Federal Emergency Management Agency (FEMA) has developed an excellent resource manual series titled "Insurance, Finance, and Regulation Primer for Terrorism Risk Management in Buildings" that also provides vulnerability assessment information.

According to FEMA, a terrorism vulnerability assessment evaluates any weaknesses that can be exploited by a terrorist. It evaluates the vulnerability of facilities across a broad range of identified threats/hazards and provides a basis for determining physical and operational mitigation measures for their protection. It applies both to new building programming and design and to existing building management and renovation over the service life of a structure.

The useful product of a vulnerability assessment is the assignment of a vulnerability rating of all appropriate aspects of building operations and systems to the defined threats for the particular facility. As with protection priority and threat ratings, vulnerability can be cast as high, medium or low.


  • High Vulnerability: One or more significant weaknesses have been identified that make the facility highly susceptible to a terrorist or hazard.
  • Medium Vulnerability: A weakness has been identified that makes the facility somewhat susceptible to a terrorist or hazard.
  • Low Vulnerability: A minor weakness has been identified that slightly increases the susceptibility of the facility to a terrorist or hazard.