A recent discussion on LinkedIn's Business Continuity Management & Risk group with an abbreviated title of I'm looking for a good sample of scenarios brought a number of interesting responses.
One that caught my eye came from Konstantin Smirnov, an IT Risk Consultant in Russia and the CIS.
Proving it pays to engage practitioners with a broad background, Smirnov suggested that "Any industrial food processing facility nearby - it will have tons and tons of liquid ammonia for freezers. Or water processing facility - chlorine, could be tons and tons of it. If we go for industrial hazards - there could be a long list."
Another responder, Herman-Peter Steens of Antwerp Area, Belgium, suggested a related scenario, but with a twist. "A train hits another train with dangerous chemicals (e.g. liquid agriculture fertilizers compounds) and this in a railway station nearby one of your buildings. The alarm is set off at the railway station, but a cloud of toxic gas closes in on your facility. People have to run out of the building, some get intoxicated, they are of finance and you have to give in your financial data to the Fed’s soon, and one of the intoxicated dies; is it your CFO or isn’t it him? To continue in your exercise."
What would be really interesting is if the finance people, including the CFO, are exercise participants. It's always fun to watch a "dead" executive sit on the sidelines while his, or her, staff makes the decisions. Of course in "real life," we know that the CFO has a designated alternate, someone who can take over, seamlessly, if the CFO is unavailable.
My question to Steens is: Why would people "run out of the building"? They should remain safely inside and the building should be sealed against the toxic gases. Depending on the railroad's safety record, perhaps the building should be designed or retrofitted to so that it can easily and quickly sealed closed.
Jack Whittaker of Bristol, UK, suggested that "There is a cold water tank in the roof-space of your office building. One weekend, it starts to leak. Three stories below, your server room is unattended until Monday morning..."
The bottom line for all of the above is that the threat's point of origin is beyond the control of the organization impacted.
All organizations have threats - risks - beyond the control of the organization's risk management personnel.
What we, as risk management practitioners, can do is to carefully look at the facility's neighbors - perhaps even several miles out - and recommend implementation of means to mitigate the threats posed by the neighbors. In this case, include "neighboring" water ways and woodlands.
If a resource, for example, IT, cannot be protected from all possible threats - and nothing can be protected from all possible threats - then the process must be available at an alternate site sufficiently distant to avoid shared power and weather problems. (And if IT service is disrupted, the profit centers need to know how to survive, at least for a short time, without the service.)
In retrospect, there really are two "bottom lines" to this post. Beside the one already cited, the second is that we - practitioners - need to participate (not just "lurk") on the sundry forums, groups, and lists that obviously, or sometimes not so obviously, relate to what we do.