|
Insignificant |
Negligible |
Moderate |
Extensive |
Significant |
|
|
|
|
|
|
Employees |
Minor Skills Impact |
Minor impact of capability |
Unavailability of core skill which affects business services |
Loss of critical skills or personnel |
Protracted loss of critical skills or people |
Company Stakeholders |
Little to no impact. Correspondence will be circulated for informational purposes only. |
Noteworthy mentioning and meetings to discuss |
Potential loss of confidence / stakeholder action |
Stakeholder action requiring restructuring of business leadership |
Stakeholder action requiring dissolution of business |
Public |
No one affected from the public |
Public nuisance |
Public complaints and potential litigation |
Public harmed and lawsuits eminent |
Public significantly harmed or displaced / class action lawsuit |
Health and Safety |
Minor injury requiring first Aid |
Injury requiring treatment by a medical practitioner |
Major injury / hospitalization |
Single death and/or multiple major injuries |
Multiple deaths |
|
|
|
|
|
|
Environmental |
Minor cleanup by local staff with little to no environmental impact |
Minor clean up by local employees and outside cleanup specialists. Internal review required |
Major environmental impact requiring assistance from state, local and private agencies. State regulatory oversight of cleanup and probable financial penalties. |
Major environmental impact requiring assistance from federal, state, local and/or private agencies. EPA investigation with potential criminal impacts and financial penalties. |
Major environmental impact requiring assistance from international, federal, state, local and private agencies. EPA oversight and financial penalties. Complete halt to all operations pending criminal and civil investigation. |
|
|
|
|
|
|
Intellectual Property |
Compromise of edge systems, but no breach of information |
Compromise of publicly available information |
Minor compromise of information sensitive to internal interests or operations |
Compromise of information highly sensitive to internal interests or operations |
Compromise of information highly sensitive to internal interests or operations and external clients |
Computer Systems |
Minor system outage lasting < 10 Seconds |
System outage lasting <1 Minute |
System outage lasting > 10 minutes |
System outage lasting > 1 Hour |
System outage lasting > 12 Hours |
|
|
|
|
|
|
Property |
Minor damage or vandalism |
Minor damage or loss of < 5% of total assets |
Damage or loss of < 10% of total assets |
Extensive damage or loss of < 50% of total assets |
Destruction or complete loss of > 50% of assets |
|
|
|
|
|
|
Reputation |
Local, quickly forgotten event. Internal review required |
Short term local media concern. Executive or internal committee scrutiny and internal audit required to prevent escalation or repeat of events. Minor impact on local activities |
Persistent national concern. Scrutiny required by executives and outside review agency. Damage to brand. |
Persistent national, public, political and media scrutiny. Long term negative brand impact. Major operations severely restricted. |
International concern, governmental inquiry or sustained adverse national/international media. Brand irreparably damaged and organization critically affected. |
|
|
|
|
|
|
Financial |
1% of project or annual budget |
2-5% of project or annual budget |
5-10% of project or annual budget |
> 10% of project or annual budget |
> 50% of project or annual budget |
|
|
|
|
|
|
Operations |
Minimal impact on non-core business operations. The impact can be dealt with by routine operations |
Some impact on business operations with deadlines that may be missed. Quality should no be impacted, but will be dealt with at an
operational level. |
Operational impact on the business resulting in reduced performance, missed deadlines, affects on KPIs and delivery dates. Company is not in jeopardy of failing, but could be at subject to significant review and loss of market share. |
Breakdown od KPIs resulting in reduced performance. Probable loss of project and potential for business failure due to revenue loss, client dissatisfaction, service delays. |
Critical failures preventing core activities from being performed. The impact threatens the survival of the project or the organization itself. |
|
|
|
|
|
|
Score |
1 |
2 |
3 |
4 |
5 |
|
|
|
|
|
|