Conducting a security vulnerability assessment

Because of various tragic events over the past two years, camps are taking a closer look at their overall security. While there are several ways to review program security, it is good to start with assessing a program’s vulnerabilities. The National Fire Prevention Association (NFPA) has developed a systematic assessment process that you might find helpful.

According to NFPA 730, Guide for Premises Security, a security vulnerability assessment should include, but not be limited to, the following steps:

Step 1:

Formation of a team – Form a team of personnel from pertinent organizational areas and other stakeholders.

Step 2:

Organization/facility characterization – Characterize the organization and the facilities to be protected.

Step 3:

Threat assessment – Classify threats using an assessment process that includes but is not limited to the following:
  • A classification of critical assets
  • Identification of potential targets
  • Consequence analysis (i.e. effect of loss, including any potential off-site consequence)
  • Definition of potential threats (i.e. identify potential adversaries and what is known about them)

Step 4:

Threat vulnerability analysis – Conduct a threat vulnerability analysis identifying actual and potential threat scenarios and estimate a relative security risk level.
Have a safety or risk management question, concern,
or idea for our next newsletter?

Step 5:

Specific security countermeasures – Define countermeasures using information from the previous four steps, including characterization, threat, and vulnerability analysis.

Step 6:

Risk reduction – Reassess the relative security risk levels developed in Step 4, taking into account countermeasures defined in Step 5, and implement additional security risk reduction measures (security countermeasures) where appropriate.

Step 7:

Documentation and tracking – Document findings and recommendations and track the implementation of accepted recommendations.

You can obtain a copy of this guide through the NFPA (

This document is intended for general information purposes only, and should not be construed as advice or opinions on any specific facts or circumstances. The content of this document is made available on an “as is” basis, without warranty of any kind. This document can’t be assumed to contain every acceptable safety and compliance procedures or that additional procedures might not be appropriate under the circumstances. Markel does not guarantee that this information is or can be relied on for compliance with any law or regulation, assurance against preventable losses, or freedom from legal liability. This publication is not intended to be legal, underwriting, or any other type of professional advice. Persons requiring advice should consult an independent adviser. Markel does not guarantee any particular outcome and makes no commitment to update any information herein, or remove any items that are no longer accurate or complete. Furthermore, Markel does not assume any liability to any person or organization for loss or damage caused by or resulting from any reliance placed on that content.

Markel® is a registered trademark of Markel Group Inc.

© 2023 Markel Service, Incorporated. All rights reserved.
Was this helpful?