How Can Scenario-Based Assessments Help With Compliance?

Compliance tools are designed to help organizations identify and mitigate risk, yet “compliance” is a word many organizations dread; companies struggle to keep themselves up to date with current and changing regulations. If a small or mid-sized business doesn’t have a staffer devoted to compliance, they may find themselves slipping behind.

There’s a real risk to slipping behind on compliance. If your organization falls out of compliance, you could be subject to fines or other sanctions.

But what if there were a way to treat compliance like any other risk? Like an arson threat, for example, or a weather hazard, like a tornado? That’s why Circadian Risk introduced our new feature, Compliance-based Scenario Assessments.

Learn more: How can I prove compliance?

What is a scenario-based assessment?

A scenario-based assessment is a risk assessment that’s directed toward a specific threat, concern, or hazard. Instead of assessing the vulnerability of an entire organization on a general level, scenario-based assessments evaluate the risk of one specific scenario happening.

So, for example, you might assess the risk of a tornado occurring at a specific site. If the site is in an area where tornadoes are common, you’d look at the ways a tornado could impact the risk of the site, including your assets and your people. Can you detect a tornado as early as possible? What safety measures are in place to ensure your people are safe? What is your response plan if a tornado hits your site? When you’ve conducted a scenario based threat or hazard assessment, your organization is as prepared as possible for that specific scenario.

Scenario-based assessments are conducted for every foreseeable risk, from active shooters to shrinkage.

So what does that have to do with compliance?

Learn more: 7 things to know about scenario-based assessments

How do compliance-based scenarios work?

As I mentioned above, falling out of compliance is a risk. Like any risk, it can be examined and calculated with scenario-based assessments. What is the probability that we are audited and a compliance item is deficient and identified? What is the impact to the organization if you don’t meet compliance requirements?

Let's take the healthcare industry as an example. A healthcare organization might be concerned about falling out of compliance with Joint Commission standards. The probability of noncompliance can be determined by looking at historical data — which buildings have had issues previously? The severity is the penalty for noncompliance: revoked Joint Commission accreditation, which would have an effect on a healthcare facility’s reputation and ability to do business.

Of course, like many highly regulated industries, organizations in the healthcare field need to meet several sets of regulatory standards, some with overlapping requirements. Using our tool, an organization can take multiple sets of compliance standards and compile them into one question set so organizations don’t have to answer one question several times.

With our compliance score, you can see at a glance what your sites’ overall compliance score is, and then prioritize deficiencies. You can triage your deficiencies by criticality and priority, to develop the best possible Corrective Action Plan and Strategies™.

How can we help?

Compliance doesn’t have to be difficult; Circadian Risk can customize question sets to help you stay compliant with any set of standards, no matter where you work or what you do.

Do you need help with accreditation and compliance? Schedule your personalized demo today.

About the Author

Daniel Young

Founder & Chief Innovation Officer

Daniel has been a security and risk advisor for more than 10 years, and is passionate about helping companies to better understand their risks to undesirable events on a daily basis. Dan previously served as the Regional Bioterrorism Coordinator for District 1 in Michigan, where he was instrumental in preparing communities for catastrophic incidents. He has also acted as the Private Security Liaison for the City of Lansing’s Critical Infrastructure Team, which identified and documented deficiencies in the city’s critical infrastructure.

He is a Co-Founder of the CSO Risk Council, a think tank of seasoned security professionals and thought leaders with extensive experience in managing the physical security and risks of large enterprises consisting of multiple sites and whose mission is to create a better process to develop and share innovative solutions and pertinent information with organizations to improve safety and security risk by providing a forum to discuss best practices and recommendations for specific risk scenarios and to network with other enterprise security professionals.