Getting a risk/threat/vulnerability assessment

Getting a risk/threat/vulnerability assessment

A comprehensive risk/threat/vulnerability assessment should be a document that identifies threats, vulnerabilities and possible consequences of an attack on your site or people, and using those findings, makes recommendations (e.g., physical security upgrades, policies and procedures and/or training) to enhance your security measures through deterrence, detection, delay, denial and damage limitation.

The Securing Communities Against Hate Crimes Grant Program instructs that “applicants with a current or previously conducted (within three years) risk/security/threat assessment completed by a police department, private company or university should base their Risk Evaluation Tool submission on the information, analyses and findings contained in the risk/security/threat assessment(s).”


Getting a survey

The reviewers will consider any appropriate survey. However, it is likely that current surveys, performed by credentialed and independent professionals and specific to the organization and building , will be considered of greatest value. Each organization is advised to consult any experts it believes necessary. If you want to conduct your own risk assessment and/or better prioritize your prospective purchases, check out the Vulnerability, risk and safety assessments and planning section found on the JCRC-NY Security Resources webpage.

Many police departments will conduct a risk assessment at no cost. While any of “previously conducted risk assessments” is accepted as sufficient for grant purposes, not all risk assessments address the specific threats related to terrorism. In fact, a crime prevention survey basically looks at a single threat: crime (although the vulnerabilities identified in a crime prevention survey often overlap some of the vulnerabilities associated with terrorism) . Applicants who do not secure sophisticated surveys will have to supplement their existing survey to include the various terrorist threats.

Some suggestions for outside assessments:

    1. The NYPD Crime Prevention Section will schedule a crime prevention survey on a first-come, first-served basis. Contact them at or (212) 614-6741. Your local precinct (the name and phone number of the precinct crime prevention officer is usually listed on the precinct webpage here) also has crime prevention officers. NYPD Crime Prevention Officers usually provide building owners with an annotated checklist that satisfies the requirements for grant submissions.
    2. Nassau County organizations can request a survey from the Nassau County Police Department, Community Affairs, at (516) 573-7360.
    3. Contact information for many of the police and sheriff departments in Weschester County are available here.
    4. There are security professionals who provide excellent assessments and others with less competence. You and your constituencies will be best served when an independent expert with recognized certifications (e.g., CPP or PSP) looks at all of your operations and works with you to prioritize your assets, vulnerabilities and needs. A quality assessment should be like a road map: it should help you develop the best policies and procedures to protect all of your constituents; it should identify the security hardware that can help support your policies and procedures (i.e., not just what they sell); and finally, it should prioritize your needs so that you first purchase the equipment that will do the most good. It is also important to focus first on resources (human and technological) which are already in place and on maximizing their performance.  See our Security Vendors for more guidance.
    5. The Nonprofit Security Grant Program will accept self-assessments, see the JCRC-NY Security Resources webpage for templates.
    6. Recently, some security vendors have advertised offering free security assessments:
      • We strongly suggest that you verify the credentials of any vendor. Some vendors have significant training and/or broadly recognized credentials. Be cautious about turning to vendors trained to install specific products (or a range of products). They may not be capable of addressing the entire range of your security needs.
      • Determine whether your vendor has a built-in conflict of interest. We have seen vulnerability assessments from some vendors that simply recommend the products that they sell. Make sure that the person conducting your assessment is competent to recommend the full range of options available on the AEL (authorized equipment list).
      • Remember. New York State requires successful applicants to ask for multiple bids. You cannot promise any vendor that you will buy the equipment from them should your application be successful.

Relying on an existing survey

While your Investment Justification must be based on a previously conducted assessment, there is no requirement about the age of the assessment. If you have a vulnerability assessment from a previous year you should review it to check whether it still reflects an accurate, up-to-date description of your facilities and operations. Current conditions which can be detailed on a cover sheet that is included with the assessment that is uploaded with your application package.

Be sure to note any change in risk (threat, vulnerability or possible consequences), steps already taken to mitigate or eliminate vulnerabilities or new conditions. For example, if you installed equipment, conducted trainings or changed security policies/procedures, those changes should be noted on your cover sheet update.