A Guide To Physical Security Risk Assessments

risk assessment methodology for physical security

The decision to harden the physical security of your building can bring up many questions: What are our biggest risks? Where are we most vulnerable? What should we fix first? Physical security risk assessments can answer these questions and put building owners and operations managers on a path toward greater safety and peace-of-mind.

What Is A Security Site Assessment?

A security site assessment or physical security risk assessment is an evaluation conducted by a security professional that includes an inventory of the assets to be protected, as well as recommendations on how best to protect them. They’re appropriate for nearly any organization –from schools to corporate headquarters, to sporting arenas, manufacturing plants, and municipalities.

Why Have A Physical Security Assessment?

A security assessment identifies your problems and their respective solutions.

A security professional can conduct a physical security assessment at your building to determine:

  • Greatest threats to people and property
  • Gaps or areas you’ve overlooked
  • Priority items to tackle right away

Knowing these things will help you prioritize, budget, and implement the right security solutions.

Bill Cousins, the founder of WJ Cousins & Associates , provides a full range of security investigation, protection and litigation consulting services to individuals, corporations, law firms, and government agencies worldwide. Cousins is a seasoned security professional with nearly forty years in the business including 22 years as a United States Secret Service Agent.

He explains how eye-opening a security assessment can be for his clients:

“Things you look at every day could be a problem but you don’t even realize it. Something really obvious to me -like an unprotected door latch bolt–is an easy miss for a building owner. We walk through and show you what’s in your blind spot so it can be corrected.”

Cousins says it’s important for facility owners, who are responsible for the health and safety of everyone in their buildings, to be proactive and understand their risks:

“Owners are exposed to civil liability if something happens, like a hold up in their parking lot during which an employee is hurt or killed. Obviously, that’s a tragic situation. And if litigation ensues, that building owner will have to provide proof that they had the appropriate physical security plans, protocols and equipment in place and that they did due diligence to protect that employee.”

Foreseeability is now part of the conversation when it comes to corporate or school security and liability. In essence, foreseeability breaks down into two basic questions:

  • Would a reasonable person be able to foresee that this event was to occur?
  • What did the organization do to mitigate or prevent it?

You’ll need to be prepared to answer those questions if there’s an incident at your facility.

If there’s a lawsuit, counsel might even call in your security consultant and ask him or her to provide proof of a security assessment and your response to their recommendations. They’ll even dig into the background of your consultant to see if they’re a qualified expert in their field.

“Your expert needs to have a sizable resume and deep experience conducting these assessments and making sound recommendations,” Cousins advises, “What they recommend needs to be able to hold up in court.”

Begin reading the Ultimate Guide to Non-Profit Security Grants

Who Needs Physical Security Risk Assessments?

This is a pretty simple answer: any building, of any size, that is open to the public and houses employees or students.

“No matter what you provide as an organization, you have to protect your people. People naturally come with domestic issues. Those issues spill over into the workplace and can cause violence,” explains Cousins.

In fact, targeted violence is on the rise and any organization can be at risk.

“It’s becoming more ubiquitous. It used to be that we focused on assessments for government and financial institutions. But more corporations are reaching out to us as they have noticed a risk in both internal and external threats to their locations. This is step one in the process of increasing safety.”

Another signal that it may be time for an assessment is a move of any kind. For example, when a business moves from the suburbs to the city.

“Have a security expert take a look at the crime reports and activity patterns for the surrounding neighborhood area and then take an all-hazards approach to your safety planning. Moving is just one instance, but any time is a good time to have a security assessment.”

Choosing A Security Consultant or Firm

There are many firms out there that advertise themselves as experts, but be warned: not all security pros are legitimate. Cousins advises a ‘buyer beware approach’ and to do your homework.

Make sure you look at their:

  • Education and training
  • Associations and certifications (such as a board-certified PSP from ASIS International )
  • Experience in the industry
  • References, reputation, and reviews

It’s also a good idea to consider their area of expertise. If you’re securing a school , you’ll want to work with an expert who has an extensive portfolio of work in educational facilities, such as Safe Havens International.

And then there are special cases, as Cousins explains:

“I’ve secured all types of buildings from hotels to churches to stadiums. But when you get into the chemical industry or nuclear facilities, that’s a separate level of FEMA and NRC requirements so I’d recommend that you find a specialist to conduct those assessments.”

How Are Physical Security Risk Assessments Conducted?

Each consultant or firm will deploy a different methodology, but most security professionals take a layered or a 360-degree approach, starting at the outer perimeter of the facility. This includes, but is not limited to the surrounding neighborhood and the fence line. Then, the consultant would assess the middle perimeter layer including elements like parking areas, lighting, cameras, windows, doors and alarm systems. Finally, the inner perimeter is assessed including access control points, scanners, and inner rooms, stairwells, and hallways.

“Each phase of security should get stronger as you get inside the next layer. The goal is to have the highly-hardened areas where people are present,” says Cousins.

Your consultant should also look at crime data in the area, the presence of local law enforcement and conduct interviews with building management and key personnel:

“We ask them what they’re worried about. Sometimes people will say ‘staying late at night by myself in the building’ or ‘walking to my car in the parking structure.’ We take that all into account when making our recommendations.”

What Is The Output?

After your assessment is conducted, you’ll get an in-depth report with an executive summary that outlines observations, as well as specific recommendations for your facility. Cousins explains:

“The reports are extremely detailed. They’ll go into specifics –from the content of the employee interviews to the observations about your lighting outside. The recommendations may be as simple as replacing some locks or complex as installing bulletproof barrier systems. There’s a lot of information to consume in the report and your consultant should walk you through all of it.”

Your consultant should also have a plan for how to help you with the implementation of the recommendations.

“I typically write the recommendations and provide you with a list of people who I feel are certified experts, including locksmiths, access control experts, etc. Some clients choose to retain me to manage the projects to completion, others have their operations team do it, it’s really up to them,” says Cousins.

Finally, there may be recommendations made for employee training, such as active shooter response or workplace violence prevention , as well as future follow up from the security consultant.

Cousins concludes:

“It’s always a good idea to have the security professional follow up with you to make sure the implementation is going smoothly and that your goals are being met. There may also be a need for him/her to sit with your legal counsel, HR or facility managers to update employee protocols so that everyone can get on the same page.”

Considering Your Own Physical Security Risk Assessment

It’s always best to be proactive vs. reactive when it comes to keeping people safe.

Cousins explains, “Think of it this way, the assessment is your chance to get out ahead it, cover yourself, protect your employees and your business before something happens. It’s hard to put a price on that”

There’s also an incentive to provide peace-of-mind to the people you’re protecting :

“When people feel safe they perform better -whether they’re students at school or employees at a large corporation.”

Finally, make sure your consultant is not only qualified but keeping up on the latest security threats, vulnerabilities, and solutions.

Cousins, with close to four decades in the business, says look for pros who believe in continuous learning:

“I take what I learn on every single assessment and add it to my toolbox for the next one. I’m always learning and that gives my clients an edge.”

How To Do A Physical Security Risk Assessment

KEY TAKEAWAYS

Many companies conduct physical security risk assessments after facing a major threat. By this time, they might have already lost valuable assets or harmed their consumer trust. However, you should not wait for any security breach before reevaluating your safety procedures — this is where a physical security risk assessment comes in. 

Proper assessment is the foundation of physical security . To properly conduct a physical security assessment, you need to identify the potential risks, review your facility security, review your physical security systems, and finally, review your operating systems . Below is an in-depth look at these steps:

1. Identify Potential Risks

The first step is to identify your risks clearly. Different facilities and locations have varying levels of risks. You should scale your physical security measures accordingly. For example, a bank located in a high-crime neighborhood would naturally require more security measures than one in a safer area. Potential risks can come from:

  • The rate of crimes in the area
  • The types of crimes committed
  • The number of people that can access your facility
  • The number of entrances and exits to your facility
  • The number of personnel and monitoring systems

2. Review Your Facility Security

Take note of any vulnerabilities in your physical buildings. Start with functionality and maintenance, such as, door locks that no longer work properly, problems with windows, gates that don’t latch, etc. Basic maintenance is important in keeping your facility safe and secure. 

3. Review Your Physical Security Systems 

You might consider reviewing the blind spots of your cameras, alarm systems, etc. Risks can range from internal threats to external threats. Establish physical security measures that can tackle multiple types of threats. This is an essential part of reviewing the comprehensiveness of your physical security measures . 

4. Review Operating Procedures

Finally, evaluate the security procedures for your staff. Review emergency plans and procedures and make sure your staff is properly trained for them. By properly working with staff, you can ensure the business isn’t open to outsiders. 

An in-depth risk assessment is an important step to increase your physical security. Once you know your strength and vulnerabilities, you must take the necessary steps for securing your facility. Take a look at the rest of SIA Online to learn more about physical security. 

Related Articles

Photo of Home Improvement Techniques for 2021

Home Improvement Techniques for 2021

Photo of 4 Security Measures to Implement During Large-Scale Home Improvement Projects

4 Security Measures to Implement During Large-Scale Home Improvement Projects

Amazon basics steel security safe review: a secure bet.

Photo of Ring Recommends Users Update Their Home Security System Passwords After String of Hacking Incidents

Ring Recommends Users Update Their Home Security System Passwords After String of Hacking Incidents

Photo of How To Install Window Security Bars: What You Need To You

How To Install Window Security Bars: What You Need To You

Photo of How to Choose a Safe Neighborhood: Security Tips for Homebuyers

How to Choose a Safe Neighborhood: Security Tips for Homebuyers

Guide to Conducting a Physical Security Assessment

Worth sharing, download our free e-book.

Get Access to the Best Content on High Court Enforcement

Security Solutions | UK

Security Solutions | UK

When you choose Shergroup Security as your integrated security provider, you are choosing a company with heritage and integrity.

Quick Resources

  • Aviation Enforcement
  • Call the Bailiff TV
  • Cashflow Solutions
  • County Court Judgment
  • Debt Recovery
  • Forfeiture Work
  • Health and Wealth
  • High Court Enforcement
  • Investigation
  • Knowledge Hub
  • Marketing & Sales
  • Outsourcing
  • Property Solutions
  • Recruitment
  • Remote Working Solutions
  • Shergroup On The Sofa
  • Tribunals and ACAS
  • Uncategorized

Facilities face a range of threats, including vandalism, theft, security breaches, and even terrorism. Whether you manage hotels, offices, or retail stores, securing your building is crucial in today’s world.

While cybercrime is on the rise, it’s important not to overlook the significance of physical security . Don’t underestimate the need for protecting your business from on-site incidents and the potential risks they pose.

As a business owner, you should not wait for a major threat to take place before conducting a physical risk assessment . Instead, a risk assessment should be the foundation of your security plan . If you ignore to evaluate safety procedures in the workplace you will not lose money, but it can also bring about a massive dent in reputation, and a resulting decrease in client trust.

When you decide to improve the physical security of your building, you may have a lot of questions: What are our main threats? Where are we most at risk? What should we take care of first? Physical security risk assessments can provide answers to these issues, putting facility owners and operators on the road to improved safety and peace of mind.

What is a Security Risk Assessment?

A physical security risk assessment is an evaluation of every aspect of your security system . This evaluation is conducted by a security professional that includes an inventory of the assets to be protected, as well as recommendations on how best to protect them. This is done on a micro and macro level, providing you with the information you need to make better decisions about how to run your facility. In general, a physical security risk assessment is a procedure that involves conducting a thorough audit and assessing the results, and it applies to the complete physical security system of a structure. The physical security risk assessment is appropriate for nearly any organization from schools to corporates, banks to sporting arenas, manufacturing plants, and commercial properties.

Physical security risk assessment

Use these suggestions to make sure you’re doing everything right and keeping your place secure from harm.

1. Identify Risk

The first step is to understand your risks. The level of risk varies depending on the type of business and location. While all business is vulnerable to crime, the chance of crime varies, and you should adjust your security measures accordingly. A bank in a high-crime area, for example, will necessarily require more stringent security measures than one in a peaceful rural town. Both should take steps to prevent crime, but the high-crime area may choose to add mantrap systems or raise the visibility of its security employees as a preventative strategy.

Potential risks might address:

  • Rate of crime in the neighbourhood
  • Types of crime most commonly committed
  • Number of people with access to your facility
  • Number of entrances and exits to your facility
  • Lack of monitoring systems
  • Lack of personnel

2. Assess Threats and Vulnerability |

After considering a list of risks to your business, your next step is risk analysis and threat identification. Consider which hazards are more likely to materialise than others. A threat can be defined as a highly probable risk.

Then think about any hazards that your security solutions don’t address or only handle in a limited way. Your company’s vulnerabilities are risks that lie within this overlap – very likely but not appropriately addressed. However, just studying risks will not reveal which sections of your firm are vulnerable. Steps three through five are required to get an accurate picture of your company’s vulnerabilities: assess your site and facilities, operating procedures, and physical security systems .

3. Review Current Site and Facility Security |

Examine your physical site and facilities as the initial step in determining weaknesses. The nearby area or communities surrounding your business are included in a site evaluation. Facility inspections seek for flaws in your physical structures, such as buildings or other structures. Start with functionality and upkeep when assessing the security of your physical location. Any components of your business that haven’t been kept up to date could be a security risk . Open loops, such as doors that no longer lock properly, gates that don’t latch, or even issues with a bathroom window, increase your risk. Basic upkeep can go a long way toward ensuring the safety of a facility.

However, there may be other elements of your physical security that need to be addressed. Is it too simple to get in and out of your facility? Is it too simple for customers or unauthorised staff to gain access to restricted areas? Consider how you may strengthen safety processes in your physical area, such as installing security doors or safety entrances .

4. Review Facility Operating Procedures |

You should review the measures in place for your workers after evaluating the physical security of your location. Do you have greeters at the front doors or security staff strategically placed throughout your facility?

During normal business hours, most institutions maintain a high level of security, but night staff, such as cleaning staff, become laxer. Do you have any procedures in place to ensure that no one enters the building after hours? If you don’t, you could be allowing burglars free access to your property. Janitors, for example, may leave doors unlocked or propped open for the sake of convenience.

Last but not least, go over your emergency plans and processes. Do you have a plan in place in case of a robbery or a bomb threat? Is your staff prepared to deal with these kinds of situations?

5. Review Physical Security Systems |

The final element of your evaluation should focus on your security systems. Are they up and running? Are there any voids? Consider camera blind spots, doors to secure areas that are too easily accessible, or a shortage of security personnel.

Examine how comprehensive your systems are. Theft, terrorism, and internal dangers are all possible threats. Set up not only safety processes but also physical security measures that cover a variety of threat levels.

Who Needs Physical Security Risk Assessments?

The answer is simple: any public building that houses employees or people and is available to the public. No matter what services you provide as a company, you must safeguard your employees. People naturally bring domestic troubles with them. These difficulties can flow over into the workplace , resulting in violence.

In reality, targeted violence is on the rise, posing a threat to any group. It’s becoming increasingly common. We used to concentrate on government and financial institution assessments. However, more businesses are contacting us because they are concerned about both internal and external risks to their facilities. This is the first step toward boosting safety.

A move of any type can also be a sign that it’s time for an evaluation. When a company relocates from the suburbs to the city, for example. Have a security professional check over the crime records and activity patterns in the surrounding neighbourhood area, and then plan for all possible scenarios. Moving is one example, but a security evaluation is beneficial at any time.

How Are Physical Security Risk Assessments Conducted?

Each consultant or organisation will use a different technique, but most security experts use a layered or 360-degree approach, beginning at the facility’s perimeter. This includes, but is not limited to, the fence line and the neighbouring community. The expert would then evaluate the middle perimeter layer, which includes aspects such as parking areas, lighting, cameras , windows, doors, and security systems . Finally, the inner perimeter, which includes access control points, scanners, inner rooms, stairwells, and hallways, is evaluated.

Your consultant should also look into local crime statistics , local law enforcement presence, and conduct interviews with building management and key personnel:

Inquire as to what they are concerned about. People will sometimes say things like, “I’m staying late at night alone in the building” or “I’m strolling to my car in the parking structure.” When the security consultants make recommendations, they take all of this into account.

What Is the Output?

Following the completion of your evaluation, you will receive an in-depth report with an executive summary that includes observations and specific recommendations for your facility. Your consultant should also have a strategy in place to assist you in putting the ideas into action.

Finally, the security consultant may make recommendations for employee training, such as active shooter response or workplace violence prevention, as well as future follow-up.

It’s always a good idea to follow up with the security professional to ensure that the implementation is going well and that your objectives are being reached. They may need to meet with your legal counsel, HR, or facilities management to update employee protocols so that everyone is on the same page.

When considering your physical security risk assessment, it’s always best to be proactive vs. reactive when it comes to keeping people safe. Risk Assessment gives you a fair chance to cover the gaps in your security, protect yourself, your employees, and your business before something happens.

When the people who work for you feel safe, they perform better this is a great incentive for your peace of mind.  Finally, ensure that your consultant is not just qualified but also knowledgeable about the most recent security threats, weaknesses, and remedies and has appropriate solutions to secure you against them.

Shergroup provides trained professionals to assess the risk factors and make a diagnosis to eliminate, avoid or minimize the risk associated with your business. We can even assist you in making the most of your risk assessments after they have occurred. Contact us to get started.

You can contact us via our channels

You can reach us | By Phone | 020 3588 4240 Website | www.shergroup.com and you can chat to us from here Email | [email protected] Facebook | Check out Shergroup on this channel and message us Twitter | Check out ShergroupChat on this channel and message us LINKEDIN | Check out Shergroup’s LINKEDIN feed – and please FOLLOW us! Instagram | Check out ShergroupChatter and follow

You Might Also Like

Essential Equipment for Security Guard

The Essential Equipment Every UK Security Guard Must Have!

What Type of Security Guards Does My Business Need?

What Type of Security Guards Does My Business Need?

The Power of Mobile Patrol

Enhancing Your Site Security: The Power of Mobile Patrol

Being a Security Guard

Who Said Being a Security Guard Was Boring?

Content Writer​

DISCLAIMER NOTICE |

The following disclaimer applies to Shergroup Limited and its platform, shergroup.com. Please read this notice carefully before accessing or using any information provided on our platform.

  • No Legal Advice | The information presented on shergroup.com, including but not limited to articles, blog posts, FAQs, and other resources, is provided for general informational purposes only. It is not intended to be, and should not be considered, legal advice. The information provided does not create a solicitor/client relationship between Shergroup Limited and the user.
  • Not a Substitute for Legal Advice | The information on shergroup.com should not be relied upon as a substitute for obtaining legal advice from a qualified professional. The application of laws and regulations can vary based on specific circumstances, and legal advice tailored to your particular situation is crucial. Therefore, we may refer you to a member of our partner firm -Shergroup Legal – on legal matters or encourage you to take your own legal advice from your preferred advisor.
  • No Guarantee of Accuracy | While we strive to provide accurate and up-to-date information, Shergroup Limited does not guarantee the accuracy, completeness, or reliability of any information on shergroup.com. The legal landscape is constantly evolving, and laws may vary across jurisdictions. Therefore, any reliance you place on the information provided is at your own risk.
  • No Liability | Shergroup Limited, including its officers, employees, agents, and affiliates, shall not be held liable for any direct, indirect, incidental, consequential, or punitive damages arising out of your access to or use of shergroup.com or any information contained therein. This includes, but is not limited to, any errors or omissions in the content, or any actions taken or not taken based on the information provided.
  • Third-Party Links | Shergroup.com may contain links to third-party websites or resources. These links are provided solely for convenience and do not imply endorsement or responsibility for the content, accuracy, or legality of such websites or resources. Shergroup Limited shall not be liable for any damages or losses incurred as a result of accessing or using any third-party websites or resources.
  • Changes to Disclaimer | Shergroup Limited reserves the right to modify or amend this disclaimer notice at any time without prior notice. Any changes will be effective immediately upon posting on shergroup.com. It is your responsibility to review this notice periodically for updates.

By accessing or using shergroup.com, you acknowledge that you have read, understood, and agreed to this disclaimer notice. If you do not agree with any part of this notice, you should refrain from accessing or using shergroup.com.

Last updated | 19 July 2023

Should you have any questions or concerns regarding this disclaimer notice, please contact us at [email protected]

  • +1 (800) 826-0777
  • VIRTUAL TOUR
  • Mass Notification
  • Threat Intelligence
  • Employee Safety Monitoring
  • Travel Risk Management
  • Emergency Preparedness
  • Remote Workforce
  • Location and Asset Protection
  • Business Continuity
  • Why AlertMedia
  • Who We Serve
  • Customer Spotlights
  • Resource Library
  • Downloads & Guides

Conduct a Physical Security Assessment in 7 Steps

Conduct a Physical Security Assessment in 7 Steps

It’s hard to prevent a threat you don’t know exists. Use this assessment to think proactively and improve the physical security at your facility.

Headline text reading Threat Assessment Template with visual of three professionals looking at laptop

What Is a Physical Security Assessment?

Why are physical security risk assessments important.

  • 7 Steps to Conduct an Assessment

When people think about physical security , they often imagine a simple process. Lock the doors, make sure smoke detectors and alarms are working, and mount cameras around entrances to the building.

Covering the basics is important, but the devil is in the details. The door to the loading dock doesn’t quite latch closed sometimes. There’s a light in the parking lot stairwell that’s been out for two weeks. You haven’t updated evacuation plans and maps after a company reorganization.

None of these issues is an immediate hazard, but they all represent potential security threats that could harm your company’s people and property. As a security professional, mitigating these risks before they materialize is one of your core objectives. But to solve a problem, you need to know it exists in the first place. That’s where a physical security assessment comes in.

“Having a good solid plan is crucial to security. And you need flexibility in the plan so you’re able to change direction on a dime, as security is very reactive. It’s also important to have the right technology and individuals trained to use it to its full potential, and you should always be looking for better tools.” — Joe Holokan, Manager of Central Region Security at Cox Enterprises

In this article, we’ll cover what a physical security risk assessment is, why it’s important, and a physical security assessment template so you can better protect your organization.

Preview the Threat Assessment Template

Download the Threat Assessment Template

Download Our Threat Assessment Template

A physical security assessment is a comprehensive audit of your organization’s physical security measures protecting your facilities, personnel, and assets. The assessment process evaluates your security systems and procedures, relative to the threats and risks you face, and recommends ways to improve physical security in the workplace . While security should be an organization-wide focus and cyberthreats are more important to address than ever, they’re outside the scope of a physical security assessment.

Unlike more limited evaluations—such as testing fire alarms or making sure cameras are working—a physical security audit is a 360-degree review. It covers everything from your building and security systems to plans and procedures to potential threats from your surrounding environment.

Some organizations have the expertise and resources to perform physical security assessments in-house, but many companies turn to security consultants who specialize in them. When possible, it’s best to both leverage your team’s knowledge and engage a specialist—an extra set of eyes can provide fresh perspectives and catch details that might otherwise slip through the cracks.

At its core, security should prevent negative outcomes, be they injuries, loss of life, property damage, or theft. A physical security audit reduces the likelihood of these outcomes by identifying potential risks.

However, improved security through risk assessment isn’t merely preventative—it provides benefits in a few other ways too.

Improve business resilience and risk management

Resource-report-2024ThreatOutlook-v1

Every company will face challenges, whether it’s severe weather, accidents, or acts of malice. An in-depth physical security assessment can identify vulnerabilities for all of these scenarios and curative measures you can take for risk mitigation . By implementing these safeguards, you can improve your business resilience and give your team the resources they need to deal with problems as they occur.

Foster a positive safety culture

One of the key tenets of a positive safety culture is providing an environment where employees believe you have their security and welfare in mind. By performing physical security assessments, addressing vulnerabilities, and communicating updated procedures, you’re displaying organizational commitment to safety and security.

Mitigate cybersecurity threats

Physical security also has a critical role in maintaining cybersecurity . A physical security assessment will help you identify and mitigate vulnerabilities that could lead to unauthorized physical access to critical information systems and data.

Your assessment should evaluate the effectiveness of any surveillance systems, security cameras, access controls, and security policies to ensure they meet any requirements and expectations. By revealing potential physical security weaknesses, you’ll be better able to implement improved safeguards that bolster your overall cybersecurity.

Maintain regulatory compliance

In some industries, physical security and vulnerability assessments aren’t just a good idea; they’re a requirement. There are a variety of regulations covering physical security—many of them related to companies storing sensitive information—but these are four of the most common:

  • International Organization for Standardization (ISO) 27001 , which is a comprehensive set of guidelines for information security
  • The Health Insurance Portability and Accountability Act (HIPAA) , a U.S. law that governs how companies can handle health data
  • Payment Card Industry Data Security Standards (PCI-DSS) , a security standard for any business that processes credit card transactions
  • Occupational Safety and Health Administration (OSHA) Hazard Identification and Assessment , which provides industry-specific guidelines for security and hazard inspections

7 Steps to a Thorough Physical Security Risk Assessment

The details and specifics will vary based on organizational and environmental factors, but the following seven areas should be part of any physical security assessment checklist.

1. Inspect your facilities and sites

The first step is to evaluate the spaces and structures you’re securing. The goal is to understand both strengths and weaknesses, keeping in mind that physical security management isn’t just about preventing crime—it’s also about protecting against accidents, natural disasters, and other potential threats.

Here are some of the most common items to consider during a building security assessment:

  • Is there appropriate lighting in both internal and external spaces?
  • What are the sightlines like around entrances and exits to the facility?
  • Have electrical systems and wiring shown any signs of degradation?
  • Are there any plumbing issues that could lead to building damage or accident hazards?
  • Do all of the doors, windows, gates, and other points of entry close and lock properly?
  • Are areas with critical assets physically partitioned from spaces with general access?
  • Is safety equipment, like fire extinguishers and smoke detectors, all in good working order?

2. Audit your physical security systems

Next, you need to assess your security systems and how they cover the physical spaces your company has. Target-hardening techniques include:

  • Access control systems, whether it’s biometric, card-based, or old-fashioned keys
  • Personnel, including supervisors, staff in your security operations center (SOC) , and security guards throughout your facility
  • Surveillance cameras, monitors, and the storage devices that contain recordings
  • Alarm systems and supporting systems that notify local law enforcement in the event of a problem

Since all of these systems work hand-in-hand, the questions you’ll ask will usually involve interactions between systems and/or resources. For example:

  • Are there any times of day when security personnel aren’t monitoring the CCTVs covering sensitive areas?
  • Are there alarms that should go off if someone bypasses access control systems, and will they notify the right people?
  • Does your surveillance camera network have any critical blind spots that would allow unauthorized access?
  • Can your SOC seamlessly leverage all of your security systems to both prevent and respond to security issues as they arise?

3. Review your operating procedures

Even the most robust security systems are useless if your organization’s procedures don’t align with your security goals. For example, a company that manufactures toxic chemicals would establish the security goal of keeping the general public away, for everyone’s safety. But if they leave external doors unsecured and don’t partition off sensitive areas, their procedures wouldn’t reflect that goal.

In this phase of the process, you’ll be assessing the effectiveness of your policies and security plans. While the focus of this exercise is physical security, the rise of converged security means you’ll also be touching on cybersecurity issues.

In this step, you’ll evaluate everything from security policies to emergency plans, such as:

  • What kind of overnight/off-hours security presence do you maintain on-site?
  • How should employees report suspicious activity or a potential security issue?
  • Which essential personnel have elevated access to the facility in the event of an emergency, and how is that controlled?
  • Do you have evacuation plans available and emergency exits clearly marked?
  • Have you trained all of your employees on using your two-way communication platform ?
  • Do you have emergency response plans for events like robberies or active shooter situations?
  • Are all of your employees aware of your plans and procedures and able to access them easily?

4. Identify physical security risks

Every business faces different risks, based on a combination of both internal and external factors. For example, a bank in the heart of New York City houses extremely valuable assets in a dense, urban environment, with a high volume of people visiting every day.

Conversely, a vacuum repair shop in South Dakota will operate in a slower-paced environment, with fewer visitors and less valuable inventory. That’s not to say the vacuum repair shop necessarily faces fewer risks, but they’re very different from the bank’s.

Specific risk factors will vary based on your company, but these are some core topics all businesses should consider:

  • Surroundings: What are the crime rates in your area, and what types of crime are most prevalent?
  • Natural disasters: Are you in a region that’s prone to specific disasters or severe weather like earthquakes, hurricanes, or snowstorms?
  • Workforce: Does your company have high turnover and thus a repeated influx of new people in positions of responsibility?
  • Visitors or customers: Are you in an industry that has a constant stream of unknown entities at your facility?
  • Inventory and assets: Do you store or possess high-value items at your facility, and how portable are they? Securing small but valuable items like gold coins is very different from large objects like expensive printing presses or machinery.
  • Supply chain: Are there vulnerabilities in your physical security that may create supply chain risks and interrupt business operations?

5. Anticipate any insider threats

Threats to your physical security don’t always come from external sources. There may be potential security breaches that come from inside your organization that you must work to prevent or mitigate as soon as possible. Your assessment should focus on pinpointing vulnerabilities that could be exploited by insiders (employees or staff members), such as areas with inadequate surveillance, overly permissive access controls, or insufficient segregation of duties. You can also consider implementing a principle of “least privilege,” where individuals only have the access necessary to perform their job functions and no more. These strategies, paired with an overall culture of security awareness among employees, can significantly reduce the risk of insider threats.

6. Assess specific threats and vulnerabilities

Once you have a handle on the risks your company faces, you can assess which threats are the most realistic. The two most important factors to consider are the likelihood of a threat materializing and its potential impact on your business. For example, a meteor striking your office would be devastating, but the event is unlikely enough to more or less ignore.

In the course of assessing threats, you’ll be looking for vulnerabilities and ways to fix them with security measures. For example, a retail establishment in an urban environment would view theft as a key threat. The occasional stolen candy bar won’t put anyone out of business, but losses add up over time. With that in mind, they’d look at retail loss-prevention strategies in the context of their business to minimize theft, such as:

  • Having a security guard at the entrance as a visible means of deterrence
  • Constantly monitored surveillance cameras
  • Keeping valuable merchandise in secured areas of the store
  • Training staff on how to deal with shoplifters and whether they should engage them
  • Lighting with motion sensors to deter loitering in the evening and overnight
  • Rollup doors or external gates to provide an extra layer of security while the business is closed

7. Review and update regularly

Just like your physical security is not static, your physical security assessment shouldn’t be a one-and-done process either. Encourage your physical security staff, stakeholders, and anyone else involved in the assessment process to conduct regular reviews to adapt to evolving threats, changes in the organizational environment, and advancements in security technology.

You can use tools such as after-action reviews or simply redo the assessment entirely. These updates should be performed on a consistent cadence, such as biannually, to ensure your security measures remain effective and aligned with your organization’s objectives.

A Proactive Approach to Improving Physical Security

Security professionals face a constantly evolving threat landscape, and it can feel daunting to try to predict what’s coming next and meet your organization’s security needs. Between weather, worldwide pandemics, bad actors, and the vagaries of life, there are a wide array of factors outside your control.

However, what you do control is your company’s preparedness to meet the unknown. By taking a proactive approach to identifying realistic threats and determining how your physical security shapes up against them, you can anticipate problems before they happen. You might not be able to see every hazard lurking, but you’ll have confident procedures to activate and trained individuals ready to act on known and unknown threats.

More Articles You May Be Interested In

Benefits of Converged Security for Business

Threat Assessment Template

Please complete the form below to receive this resource.

Check Your Inbox!

The document you requested has been sent to your provided email address.

Cookies are required to play this video.

Click the blue shield icon on the bottom left of your screen to edit your cookie preferences.

Cookie Notice

6 Steps for Better Physical Security Risk Assessment

Blue buildings with a taller blue castle in between them against a black background.

Written by: LogicGate

Updated: january 14, 2024, table of contents.

Cybersecurity incidents like ransomware attacks and data breaches are grabbing many of the risk and security headlines these days — and for good reason. But physical security risks are still a real threat for organizations everywhere.

The potential harm physical security risks could cause to your business necessitates taking a proactive approach towards managing and mitigating it all, and that starts with conducting effective physical security risk assessments. In many industries, carrying out these assessments is mandatory.

In this article, we’ll explore how to conduct physical security risk assessments, and how doing so on a regular basis can benefit your organization.

What is a physical security risk assessment?

Physical security risk assessments are comprehensive reviews of all of the security risks your organization faces across its physical footprint. That includes offices, warehouses, production facilities, retail locations, and any other brick-and-mortar asset your organization owns or operates.

Conducting physical security risk assessments makes it easier to stay on top of the various threats your organization’s physical assets face and to prioritize your mitigation efforts and incident response.

Mandatory assessments in regulated industries

Every organization can benefit from carrying out physical security risk assessments on a regular basis, but organizations operating in some specific industries must conduct them to meet regulatory requirements. 

These include health care organizations, financial institutions, and organizations considered to be critical infrastructure, such as companies that operate nuclear power facilities, the broader energy industry, transportation providers, government agencies, and telecommunications providers.

Oftentimes, one or more common risk management frameworks, such as the ISO 27001 standard or the NIST framework, or various regulations from government agencies like the Nuclear Regulatory Commission , the Department of Defense , or the Transportation Safety Administration , mandate regular physical security risk assessment.

How physical security risk assessments benefit organizations

Knowing where your organization’s physical security risks exist — especially if your operations span a country or the whole world — vastly expands your options for addressing them. Physical security risk assessments empower your risk and security teams to take proactive approaches towards securing your organization’s assets, rather than responding to threats or incidents as they emerge, often when it’s too late to make a difference.

Here are some of the benefits of conducting regular physical security risk assessments.

Enhanced asset protection and proactive threat mitigation

The biggest benefit of physical security risk assessment is the insight it provides into your physical security risk landscape. It allows you to better protect the assets, locations, and facilities your organization depends on for normal business operations.

The more physical security risk assessments you conduct, the more complete a picture of your physical security risks you’ll have. That means you’ll be able to anticipate and prevent, rather than just respond to and recover from, physical security incidents. Inevitably, you will face incidents related to physical security risk, regardless of how hard you work to prevent them. Having done the physical security risk assessment work ahead of time ensures you’ll have the plans in place to recover more quickly.

More efficient resource allocation

Effective physical security risk assessment provides the information you need to prioritize your physical security risks based on their severity and probability of occurrence, so you can allocate more resources to addressing the risks that stand to do the most damage to your organization first.

Risk quantification methods are an effective way of gauging the specific threat each risk poses to your business and translating it into financial terms. Having detailed figures of this nature makes it much easier to conduct cost/benefit analyses, rank your security risks accordingly, and make better decisions around which mitigation activities to invest in.

Improved compliance

Most organizations operate under at least some regulatory requirements from agencies that mandate managing physical security risks, whether they’re related employee safety, proper securing and storage of dangerous materials, and security at critical infrastructure or transportation facilities. Many organizations also adhere to standards frameworks like ISO 27001, SOC 2 , and NIST, and work to maintain certification under them.

Carrying out regular physical security risk assessments makes it much easier to maintain compliance with these regulations and standards and avoid lawsuits, fines, and other penalties.

Safeguarding employees and the public

Every physical security incident at any facility you operate has the potential to cause harm or worse to your organization’s employees, or, in some industries, to the public as a whole. That could take the form of improper fire suppression or prevention practices leading to employee death or injury, or an attack on a power plant taking vital services offline for days or weeks.

Staying on top of your physical security risks means you’ll be able to spot any gaps in your physical security well before they turn into a major incident, helping you keep everyone safe. 

Preserving your organization’s brand image and reputation

Physical security risk assessment also helps protect your brand image and reputation by helping you avoid major physical security incidents. No organization enjoys becoming a high-profile headline due to a physical security incident that could have reasonably been prevented.

How to conduct physical security risk assessments

So, how do you get started with physical security risk assessment? We recommend using this repeatable six-step framework.

1. Develop a plan and define its scope

Start by figuring out exactly how extensive and far-reaching in scope your physical security risk assessment will be. Let’s say you manage corporate offices in five cities, plus a handful of production facilities across the United States. 

Are you planning on assessing physical security risk at just your most business-critical facilities, or are you going all in and examining the physical security risk at each of those locations? Each approach will require different strategies and different levels of investment.

2. Identify threats and vulnerabilities

Now, you’ll need to conduct an audit of each facility to determine which physical security risks they’re facing. Some examples:

  • How many entrances and exits does each facility have? Are they secured against unauthorized access, and are they easily accessible to employees for egress in the event of an emergency?
  • Is your facility adequately staffed to ensure operations are being conducted in a safe manner, or is this location understaffed and overworked?
  • Is your facility located in an area that’s prone to conflict, terrorism, or crime?
  • Who has access to your facility? Have your revoked access for everyone who should no longer have it?
  • Are all hazards clearly marked to ensure employee and visitor safety?
  • What environmental threats does your facility face? Is it in an area where tornadoes, flooding, or wildfire are common? Do you have emergency and evacuation plans for those events?

Threats can be identified by site visits, interviews with management and employees on site, and other forms of inspection. You could house this data in a master spreadsheet or document, but it’s a better idea to use enterprise GRC software that allows you to centralize it all in one universally-accessible repository— even better if it has the capability to automate that process.

3. Assess impact and likelihood 

Deciding where to invest limited resources to make the biggest impact on your physical security posture requires taking each of the risks you identified in the previous step and assessing how likely they are to occur and how severe the damage or loss could be as a result.

Traditionally, this has been done through qualitative methods like ordinal lists and red-yellow-and-green severity charts, but risk quantification can provide a much more detailed and accurate analysis, allowing you to tie each of your physical security risks to their true financial impact.

4. Review the current state of your physical security

With your prioritized list of physical security risks in hand, it’s time to evaluate the current state of your physical security risk management and mitigation measures. For each risk, starting with the ones that carry the highest impact, examine how you’re addressing them. For example:

  • Do former employees who left on less than amicable terms still have keys or codes to access your facility, or are you up-to-date on privilege revocation? Similarly, do all of your employees have the levels of access to parts of your facility that are appropriate for their role?
  • If your facility is in a conflict zone or area prone to terrorist attacks, are you appropriately restricting access to your facility with fences and other barriers, and are you staffing security professionals to monitor the grounds?
  • Are you monitoring environmental and weather conditions around your facilities to ensure you’re able to evacuate staff if needed and established contingency plans for continued operation?

If you find that any of these areas are lacking, take note of them and move to the next step.

5. Implement or update mitigation measures 

For the areas that you found physical security was lacking, determine the best course of action for updating your mitigation measures or implementing new ones. This could include updating your facilities' access protocols to a more modern method, such as biometrics or individual PIN access, adding security staff, improving fire suppression technology, and developing better business continuity plans, among other strategies.

6. Establish a regular cadence for reassessment

Physical security risk is constantly changing, so physical security risk assessment needs to be an ongoing process. You should establish a regular cadence for repeating the process however frequently you deem necessary for your organization’s continued security.

Each time you conduct a physical security risk assessment, be sure to clearly communicate the results to relevant stakeholders, leadership, and your board of directors.

Using GRC software to scale your physical security risk assessment program

Depending on the size of your organization and the number of physical locations you own or operate, carrying out physical security risk assessments can be a massive undertaking. Using the right governance, risk management, and compliance (GRC) software can be a big help. These systems centralize all of your physical security risk data to help you streamline audits, automate compliance, quantify risk, and share data-driven insights across your entire network of facilities.

Specifically, modern, next-generation GRC software that runs on flexible graph databases and that have user interfaces and workflows that can quickly and easily be changed as your organization grows and your physical security needs change, like LogicGate Risk Cloud Ⓡ and its Physical Security Management Application , can help you ensure your physical security meets industry-leading standards, keeping your operations humming and your workforce safe.

Schedule a demo to see how LogicGate Risk Cloud can help you scale and adapt your physical security risk management and assessment programs to meet your evolving business needs.

SOC 1®, SOC 2® and SOC 3® are registered trademarks of the American Institute of Certified Public Accountants in the United States. The AICPA Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy is copyrighted by the Association of International Certified Professional Accountants. All rights reserved.

'  data-srcset=

Related Posts

Logicgate’s 2024 deib report.

At LogicGate, our values are at the heart of everything we do. Our efforts on creating an inclusive…

One Year Reflection as LogicGate’s CISO

Nicholas Kathmann reflects on one year as LogicGate CISO

LogicGate’s a Leader in the 2024 G2 Winter Grid

Empowering Excellence: LogicGate’s Risk Cloud Triumphs in G2 Winter 2024 Grid® Reports As the curtain rises on 2024,…

risk assessment methodology for physical security

Warning message

You must log in to access any files.

\"A Risk Assessment Methodology for Physical Security\"

Year 2002 Author(s) William K. Paulus - Sandia National Laboratories Rick A. Ramirez - Sandia National Laboratories Abstract Violence, vandalism, and terrorism are prevalent in the world today. Managers and decisionmakers must have a reliable way of estimating risk to help them decide how much security is needed at their facility. A risk assessment methodology has been refined by Sandia National Laboratories to assess risk at various types of non-nuclear facilities, including US Mints, federal dams, and electrical power transmission systems. The methodology is based on the traditional risk equation: Risk = PA * (1 - PE) * C, PA = potential for attack, PE = security system effectiveness, 1 - PE = adversary success, and C = consequence of loss to the attack. The process begins with screening a facility to determine if a full assessment is needed. Characterization of the facility will include identification of the undesired events and the respective critical assets. Guidance is included for defining physical threat and for using the definition of the threat to estimate the potential for attack at a specific facility. Relative values of consequence are estimated. Methods are also included for estimating the effectiveness of the security system against the adversary attack. Finally, risk is calculated. In the event that the value of risk is deemed to be unacceptable (too high), the methodology addresses a process for identifying and evaluating security system upgrades in order to reduce risk.

A Risk Assessment Methodology for Physical Security

Primary view of object titled 'A Risk Assessment Methodology for Physical Security'.

PDF Version Also Available for Download.

Physical Description

Creation information.

BIRINGER,BETTY E. August 1, 2000.

This article is part of the collection entitled: Office of Scientific & Technical Information Technical Reports and was provided by the UNT Libraries Government Documents Department to the UNT Digital Library , a digital repository hosted by the UNT Libraries . It has been viewed 140 times. More information about this article can be viewed below.

People and organizations associated with either the creation of this article or its content.

  • BIRINGER,BETTY E.
  • United States. Department of Energy. US Department of Energy (United States)
  • Sandia National Laboratories Publisher Info: Sandia National Labs., Albuquerque, NM, and Livermore, CA (United States) Place of Publication: Albuquerque, New Mexico

Provided By

Unt libraries government documents department.

Serving as both a federal and a state depository library, the UNT Libraries Government Documents Department maintains millions of items in a variety of formats. The department is a member of the FDLP Content Partnerships Program and an Affiliated Archive of the National Archives.

Descriptive information to help identify this article. Follow the links below to find similar items on the Digital Library.

INIS; OSTI as DE00761853

Medium: P; Size: 6 pages

  • Calculation Methods
  • Physical Protection
  • Risk Assessment

STI Subject Categories

  • 98 Nuclear Disarmament, Safeguards, And Physical Protection
  • GlobEx '2000, International Energy Conference, Las Vegas, NV (US), 07/23/2000--07/28/2000

Unique identifying numbers for this article in the Digital Library or other systems.

  • Report No. : SAND2000-1995C
  • Grant Number : AC04-94AL85000
  • Office of Scientific & Technical Information Report Number : 761853
  • Archival Resource Key : ark:/67531/metadc716940

Collections

This article is part of the following collection of related materials.

Office of Scientific & Technical Information Technical Reports

Reports, articles and other documents harvested from the Office of Scientific and Technical Information.

Office of Scientific and Technical Information (OSTI) is the Department of Energy (DOE) office that collects, preserves, and disseminates DOE-sponsored research and development (R&D) results that are the outcomes of R&D projects or other funded activities at DOE labs and facilities nationwide and grantees at universities and other institutions.

What responsibilities do I have when using this article?

Digital Files

  • 8 image files available in multiple sizes
  • 1 file (.pdf)
  • Metadata API: descriptive and downloadable metadata available in other formats

Dates and time periods associated with this article.

Creation Date

  • August 1, 2000

Added to The UNT Digital Library

  • Sept. 29, 2015, 5:31 a.m.

Description Last Updated

  • Jan. 17, 2020, 7:03 p.m.

Usage Statistics

When was this article last used?

Interact With This Article

Here are some suggestions for what to do next.

Search Inside

  • or search this site for other articles

Start Reading

  • All Formats

Citations, Rights, Re-Use

  • Citing this Article
  • Responsibilities of Use
  • Licensing and Permissions
  • Linking and Embedding
  • Copies and Reproductions

International Image Interoperability Framework

IIF Logo

We support the IIIF Presentation API

Print / Share

Links for robots.

Helpful links in machine-readable formats.

Archival Resource Key (ARK)

  • ERC Record: /ark:/67531/metadc716940/?
  • Persistence Statement: /ark:/67531/metadc716940/??

International Image Interoperability Framework (IIIF)

  • IIIF Manifest: /ark:/67531/metadc716940/manifest/

Metadata Formats

  • UNTL Format: /ark:/67531/metadc716940/metadata.untl.xml
  • DC RDF: /ark:/67531/metadc716940/metadata.dc.rdf
  • DC XML: /ark:/67531/metadc716940/metadata.dc.xml
  • OAI_DC : /oai/?verb=GetRecord&metadataPrefix=oai_dc&identifier=info:ark/67531/metadc716940
  • METS : /ark:/67531/metadc716940/metadata.mets.xml
  • OpenSearch Document: /ark:/67531/metadc716940/opensearch.xml
  • Thumbnail: /ark:/67531/metadc716940/thumbnail/
  • Small Image: /ark:/67531/metadc716940/small/
  • In-text: /ark:/67531/metadc716940/urls.txt
  • Usage Stats: /stats/stats.json?ark=ark:/67531/metadc716940

BIRINGER,BETTY E. A Risk Assessment Methodology for Physical Security , article , August 1, 2000; Albuquerque, New Mexico . ( https://digital.library.unt.edu/ark:/67531/metadc716940/ : accessed March 1, 2024 ), University of North Texas Libraries, UNT Digital Library, https://digital.library.unt.edu ; crediting UNT Libraries Government Documents Department .

Understanding the RAGE-V Threat Assessment Methodology

risk assessment methodology for physical security

When tasked with ensuring physical security, the burden in the aftermath of workplace violence incidents that shatter our sense of safety weighs heavy.

Take, for instance, the harrowing mass shooting at a Walmart in Chesapeake, Virginia, in 2022. Every incident like this feels like a personal failure to protect those under your care, be they customers or colleagues. As security professionals, we may lay awake questioning: Could the warning signs have been detected? How can we prevent these kinds of tragedies?

At Resolver’s Ascend conference for security professionals , Steve Powers , a Senior Manager of Kroll’s Enterprise Security Risk Management practice, shared his invaluable perspectives on workplace violence prevention strategies. With a career spanning from the Marines to threat management expert, Powers has also contributed to structured violence risk assessment methodologies, making him an invaluable contributor to this guide.

Dive into Powers’ insights on the Risk Assessment Guideline Elements for Violence (RAGE-V), a methodology he advocates for as a game-changer in threat management. In this comprehensive guide, we’ll explore the RAGE-V threat methodology’s structured approach to identifying and mitigating potential threats in an increasingly intertwined physical and digital world.

Read on as we answer common questions about the RAGE-V threat methodology, including:

What is RAGE-V?

What risk factors does rage-v look at, what are the key steps in the rage-v threat assessment methodology, how does rage-v compare to other threat assessment methodologies, how can organizations implement rage-v for their threat management program, what training is offered for the rage-v threat assessment methodology.

RAGE-V serves as a vital tool in threat assessment, providing a standardized approach to delivering workplace violence prevention. “RAGE-V is an approach designed to assist individuals and organizations in evaluating the potential risk of future violence from known individuals,” Powers explains.

This approach has been carved out of a vast expanse of research and on-the-ground expertise, tailored to fit the real and evolving landscape of workplace violence. “RAGE-V allows you to look at the full spectrum of violence indicators, rather than a snapshot,” explains Powers. It’s a framework designed for depth and breadth, acknowledging that risk isn’t a one-size-fits-all scenario and that the context can be just as critical as the content.

Stylized "threats of violence" dashboard

Developed with precision by the Association of Threat Assessment Professionals (ATAP), RAGE-V cuts through the guesswork, replacing gut feelings with a systematic roadmap. This is crucial in our digital age, where threats can be as opaque as they are overt. As Powers notes , “It’s the difference between just knowing the facts and understanding what they could lead to.” The RAGE-V threat assessment methodology replaces gut feelings with a systematic roadmap. This is crucial in our digital age, where threats can be as opaque as they are overt. As Powers notes, “It’s the difference between just knowing the facts and understanding what they could lead to.”

“RAGE-V isn’t just about ticking boxes,” says Powers. “It’s about understanding the story behind those boxes. It’s the difference between reading a person’s history and predicting their future.” The applicability of these considerations may vary depending on the situation, context, and discipline of the individual assessor, as well as the specific circumstances and questions for evaluation.

“Historically and tragically, there were three methods of assessing whether someone might be a threat: Yes, no, and nothing,” says Powers. “The value of the RAGE-V threat assessment methodology is that it leaves you a tremendous range of assessment factors.” These include an individual’s:

  • Criminal history and civil justice history, as well as past involvement in illegal activities
  • Employment-related stressors
  • Substance abuse issues
  • Behavioral patterns indicative of potential violence, such as stalking behaviors or mental health issues
  • Reference groups, heroes, affiliations

By scrutinizing these diverse elements, Powers explains how RAGE-V’s focus on behavioral patterns and triggers distinguishes it from other threat methodologies that could indicate an individual’s progression toward violence.

Each of the six steps in the RAGE-V threat assessment methodology plays a crucial role in evaluating and mitigating potential violence risks.

  • Intake & Reporting: Critical for early identification of potential threats, the first step is gathering information through various channels, such as hotlines, emails, or direct reports. Ensuring you have a centralized, accessible incident reporting tool can make this process much smoother and keep your data clean.
  • Initial Assessment: Conduct a fast screening or incident triage to determine if immediate action is required or if the case should be added to an existing one or necessitate the creation of a new case. This step ensures a prompt response to potential threats.
  • Fact-finding: Investigate the subject’s background, including interviews with the victim/target and others, to understand behavior and context and get a more complete picture of the threat.
  • Analysis: Process various variables such as risk factors, inhibitors or stabilizers, and potential triggers to understand the potential for violence and plan interventions. Having a threat protection tool that delivers easily digestible reports of the information you’ve collected can improve the accuracy of your threat analysis.
  • Risk Categorization: Use objective instruments and informed opinions to categorize the level of risk. This step is crucial for determining the severity of the threat and the necessary response level.
  • Outcomes: Formulate an action plan and implement interventions to address the identified issues. This is where your threat assessment leads to measured and practical steps to mitigate risks.

Powers emphasizes that the RAGE-V threat assessment methodology’s standardized, data-driven approach “is essential for liability and takes out bias and personal opinions. It focuses on the process, not the individual,” helping security teams better predict potential risks of physical violence.

As many security professionals have experienced, manual processes, such as checklists and legacy threat assessment methodologies, can limit information and the effectiveness of threat investigations , especially when working cross-functionally. “In traditional settings, HR’s protective stance is understandable, yet it can limit a security investigator’s access to crucial context,” Powers explains. Security investigators might be challenged to retrieve details of the investigation or performance-related issues of the person being interviewed.

To illustrate the difference RAGE-V brings to the table, let’s consider its standout features against other methodologies:

Immediate notification

RAGE-V’s approach encourages organizations to “involve security teams right off the bat,” says Powers. “It’s about getting your hands on the pulse of the situation firsthand, not secondhand.” This direct approach could catalyze early intervention and, potentially, prevention.

In-depth interviews over checklists

Powers champions deeper engagement, “When you sit down with the person of interest, you’re not just ticking off a list — you’re understanding the human story unfolding. That’s where the power of the RAGE-V threat assessment methodology lies.” Not doing so, he adds, “trivializes the dangerousness of the situation. When tragic events happen, it’s a surprise to the security department because nobody bothered to tell them.”

Person of interest dashboard stylized

Autonomy in assessment

Unlike models like WAVR-21, where structured professional psychological judgment is paramount, RAGE-V empowers practitioners with a “flexible framework that adapts to the unique contours of each potential threat.” The RAGE-V threat assessment methodology emphasizes autonomy and consistency, says Powers, by providing a guided yet flexible framework that allows professionals, irrespective of extensive psychological backgrounds, to assess the nuances of individual cases.

User-friendly for all levels

With RAGE-V, “It doesn’t matter if you’re a rookie or a veteran in security — it’s designed for you to take the reins,” says Powers. This democratization of threat assessments levels the playing field, ensuring all relevant team members can contribute meaningfully to risk evaluation.

Powers summarizes the difference: “It’s about shifting from a siloed to a collaborative approach. RAGE-V doesn’t just change how we assess — it changes how we come together to protect our people.”

Read: The Essential Guide to Threat Assessments in Corporate Security

Rolling out the RAGE-V threat assessment methodology within your organization’s threat management program is a strategic process that hinges on thorough understanding, training, and integration. Here’s a roadmap to navigate this implementation:

  • Build Foundational Knowledge : Start with a thorough understanding of the RAGE-V threat assessment methodology, its components, stages, and the risk factors it assesses to get to the Why of threat assessments. As Powers emphasizes, “It’s not just about knowing what to do; it’s understanding why you’re doing it.”
  • Provide Comprehensive Training: Powers underscores the importance of a structured and informed implementation for seamless integration of RAGE-V into existing threat management programs, including tailored training for those involved in the assessment process.
  • Leverage Technology: An end-to-end case management system that aligns with RAGE-V principles can centralize documentation, monitor risk factor changes, and support continuous evaluation. Powers advocates for leveraging technology in addition to human expertise to enhance threat assessment.
  • Embrace Continuous Learning: Keep your security team updated with regular training sessions on evolving methodologies and potential RAGE-V updates.
  • Foster Collaboration: Information sharing is essential for the successful implementation of the RAGE-V threat assessment methodology. Organizations should prioritize policy adjustments so that security teams can ethically make use of the information gathered in potential persons of interest investigations from departments like HR or Legal.
  • Align with Organizational Strategy: Incorporate RAGE-V into your organization’s broader security strategy to ensure a unified approach to threat management. Powers underscores that alignment and coherence in strategy are key to effective security management.

Threat assessment consistency stylized

One of the key strengths of the RAGE-V threat methodology lies in its ability to enable teams to conduct complete, high-quality threat assessments independently. With comprehensive training, practitioners gain the necessary knowledge and confidence to become self-sufficient experts in threat assessment. This self-sufficiency enhances the organization’s security posture and fosters a proactive and efficient approach to risk management.

Organizational Threat Management training equips corporate security teams with essential knowledge and skills to effectively handle potential threats. Led by Resolver’s parent company, Kroll, experienced threat management experts cover a wide range of key areas, including:

  • Defining what constitutes a threat to an organization
  • Early detection of potential violence indicators
  • How to identify behaviors, communications, and types of targeting that may pose threats.

Additionally, the program focuses on best practices in threat reporting, investigation, and assessment, including RAGE-V. Participants learn about the nuances of threat actor behavior, including escalation and targeting, and how factors such as mental health and substance abuse can influence threats.

How Resolver connects with RAGE-V for threat assessment consistency

By empowering security practitioners with common terminology and a systematic approach to enhance workplace safety confidently and with less bias, we can ultimately prevent incidents and deliver safer environments. Resolver facilitates seamless integration between RAGE-V, human expertise, and technology for best-in-class threat investigations. Consolidating security risk data in one location, Resolver’s Threat Protection Software eliminates the need to navigate multiple systems, allowing teams to conduct threat assessments and investigations quickly and efficiently.

Alongside Resolver’s affiliation with Kroll’s Security Risk discipline, teams will benefit from expert training in threat management strategies and tools, including the RAGE-V threat assessment methodology. We support organizations in independently completing high-quality threat assessments, empowering teams with the knowledge and confidence to become self-sufficient practitioners. In addition to the human layer, our software helps you streamline internal processes and enhance threat prevention and mitigation strategies. Resolver’s platform allows teams to consolidate security risk data, conduct threat assessments, and manage investigations in one centralized location. The platform’s built-in workflows facilitate task automation, reminders, and seamless team collaboration for efficient, proactive security operations.

To discover the value of Resolver’s Threat Protection solution, including how it integrates with the RAGE-V threat assessment methodology, tune into our webinar replay of “ Fortifying Your Defense: A Comprehensive Approach to Workplace Violence Prevention ,” or request a custom demo today.

Discover Resolver's Software

Incident management software.

Protect your organization and prove your security team’s value with Resolver’s Incident Management application. Improve data capture, increase operational efficiency, and generate actionable insights, so you can stop chasing incidents and start getting ahead of them.

Enterprise Risk Management Software

Provide your organization’s board and senior leaders a top-down, strategic perspective of risks on the horizon. Manage risk holistically and proactively to increase the likelihood your business will achieve its core objectives.

Regulatory Compliance

Save time by monitoring all regulatory compliance activities, providing insights into key risk areas, and then focusing resources on addressing regulatory concerns.

Request a Demo

  • I'd like to learn more about
  • Enterprise Risk Management
  • Incident Management
  • IT Compliance
  • Investigations Management
  • Security Operations Management
  • Security Audit
  • Loss Prevention
  • Brand Protection
  • Internal Audit
  • Internal Control (SOX)
  • Third Party Risk Management
  • Threat Assessment

I agree to receive promotional email messages from Resolver Inc about its products and services. I understand I can unsubscribe at any time. By submitting this form you agree to Resolver's Terms Of Service and Privacy Policy.

risk assessment methodology for physical security

We value your privacy

Privacy overview.

Vulnerability Assessment vs. Penetration Testing: 8 Differences

Understanding the difference between vulnerability assessments (VAs) and penetration testing (PT) is essential for effective cybersecurity. VAs are automated scans identifying potential weaknesses, while PT simulates real-world attacks to uncover exploitable vulnerabilities. This is a deep dive into their key differences, helping you choose the right security testing method for your organization. Read on to learn more.

Vulnerability Assessment vs. Penetration Testing: 8 Differences

  • The digital landscape poses constant security threats to organizations. Two crucial methods help combat these threats: vulnerability assessments (VAs) and penetration testing (PT).
  • While both aim to identify security weaknesses, they differ significantly in their approach, scope, and outcomes.
  • This article delves into the world of VAs and PT, equipping you with the knowledge to make informed decisions for your organization’s cybersecurity.

Table of Contents

What is vulnerability assessment (va).

  • What Is Penetration Testing?
  • Vulnerability Assessment vs Penetration Testing: 8 Differences

Penetration testing and vulnerability scanning are often confused for the same service. The problem is that business owners purchase one when they really need the other. While both techniques aim to identify cybersecurity weaknesses, they significantly differ in approach, scope, and outcomes.

Understanding the nuances between vulnerability assessments (VAs) and penetration testing (PT) is crucial for any organization seeking a robust cyber defense strategy. This article dives into the intricacies of these methods, revealing their unique strengths and limitations. We will examine their characteristics, analyze their key differences, and offer guidance on choosing the right approach, or a combination of both, to safeguard your organization’s critical data effectively.

A vulnerability assessment (VA) is a systematic process of identifying, classifying, and prioritizing potential weaknesses in an organization’s IT infrastructure. This infrastructure encompasses various elements like systems, networks, applications, and devices. VAs use automated vulnerability scanning tools to compare these elements against known vulnerabilities listed in databases that security researchers maintain. It’s essentially a comprehensive security checkup performed by specialized software.

Here are some key aspects of VAs:

  • VAs primarily rely on automated vulnerability scanning tools. These tools scan systems, networks, applications, and devices against databases of known vulnerabilities maintained by security researchers.
  • VAs aim to cover many assets within an organization’s IT infrastructure. This can include servers, workstations, databases, network devices, and applications.
  • VAs are non-invasive, meaning they do not attempt to exploit vulnerabilities actively. They simply identify their presence and severity.
  • Due to automation, VAs can be conducted regularly, even weekly or monthly. This allows for continuous monitoring of the security landscape and early detection of emerging vulnerabilities.
  • VAs typically offer a high-level overview of potential vulnerabilities. They identify the type of vulnerability, its severity score, and potentially affected systems. However, they often lack detailed information about the specific exploitability of each vulnerability.

Vulnerability Assessment Process

Vulnerability Assessment Process

Source: ManageEngine Opens a new window

How it works

VAs follow a structured approach, typically involving these key phases:

  • Planning and scoping : Defining the scope of the assessment and outlining which systems, networks, and data will be scanned. This aligns with the organization’s goals, such as identifying high-risk vulnerabilities or meeting specific compliance requirements.
  • Vulnerability scanning : Using automated vulnerability scanning tools to compare the gathered information against databases of known vulnerabilities. These tools scan for misconfigurations, outdated software versions, or specific security weaknesses in the target systems.
  • Vulnerability analysis and reporting : Analyzing the scan results, filtering out false positives, and assessing the exploitability of vulnerabilities whenever possible. A vulnerability report is then generated, detailing the identified vulnerabilities, their severity, potential impact on the organization, and recommended remediation actions.
  • Prioritization and remediation : Based on the severity and potential impact, vulnerabilities are prioritized for remediation. The security team or IT department implements actions to address these vulnerabilities, such as patching software, updating configurations, or implementing additional security controls.

Types of VAs

There are several types of vulnerability assessments, each focusing on different aspects of an organization’s IT infrastructure:

  • Host assessment : This assessment identifies vulnerabilities in individual systems, such as servers, workstations, and laptops. These critical systems can be vulnerable to attacks if they are not adequately tested or if they are not generated from a tested machine image.
  • Network and wireless assessment : This assessment evaluates the policies and practices to prevent unauthorized access to private or public networks and network-accessible resources. It assesses the security of both wired and wireless networks.
  • Database assessment : This assessment identifies vulnerabilities and misconfigurations in databases or big data systems. It can also identify rogue databases and insecure development and testing environments and classify sensitive data across an organization’s infrastructure.
  • Application scans : This assessment uses automated scans or static/dynamic source code analysis to identify security vulnerabilities in web applications. These vulnerabilities can allow attackers to gain unauthorized access to sensitive data or disrupt the application’s functionality.

Choosing the right type of VA depends on your needs and priorities. The recommendation is to conduct a combination of different types of VAs to gain a comprehensive understanding of your organization’s security.

What is Penetration Testing (PT)?

Penetration testing (PT), also known as “pen testing” or “ethical hacking,” simulates real-world cyberattacks to uncover vulnerabilities that malicious actors could exploit. This is different from VAs, which passively scan for weaknesses. PT actively attempts to break into an organization’s systems, networks, or applications, just like a malicious actor would, to understand their security status and identify exploitable vulnerabilities.

Key aspects of PT:

  • Skilled professionals conduct PT, follow predefined rules of engagement, and obtain explicit permission from the organization before testing begins.
  • Unlike VAs, which scan a broad range of assets, PT targets specific systems, applications, or network segments based on agreed-upon risks and priorities.
  • PT goes beyond identifying vulnerabilities to attempting to exploit them and understanding the potential impact and remediation efforts required. This provides a more realistic picture of the possible consequences of a successful attack.

Penetration Testing Stages Source: SecureTriad

Penetration Testing Stages

Source: SecureTriad Opens a new window

  • Planning and scoping : Similar to VAs, PT defines the scope, including the targets to be tested, authorization levels, and testing methodologies.
  • Information gathering : Testers gather information about the target systems, network architecture, and security controls through various techniques, like open-source intelligence (OSINT) or internal documentation review.
  • Vulnerability identification and exploitation : Testers identify potential weaknesses using tools and techniques that attackers commonly employ. They then attempt to exploit these vulnerabilities to gain unauthorized access to systems and data or escalate privileges within the network.
  • Reporting and remediation : Testers document their findings, outlining the identified vulnerabilities, their exploitability, potential impact, and recommended remediation actions. The organization then prioritizes and addresses these vulnerabilities to strengthen its security posture.

Types of PT:

  • External PTs: Simulates attacks from an external perspective, focusing on vulnerabilities exposed to the public internet.
  • Internal PT: Simulates attacks originating from within the network, mimicking the actions of a malicious insider with authorized access.
  • Black-box PT: Testers have limited knowledge about the target system, replicating the information-gathering process of an external attacker.
  • White-box PT: Testers fully know the target system’s configuration and controls, allowing for a more targeted and efficient testing approach.
  • Gray-box PT: Testers have partial knowledge of the target system, providing a balance between the two extremes.

Choosing the right type of PT depends on the organization’s needs, risk profile, and resources.

While both VA and PT play crucial roles in an organization’s cybersecurity strategy, they differ significantly in their approach, scope, and outcomes. Understanding these key differences is essential when deciding which method to employ or whether a combination of both suits your specific needs.

  • VA: VAs typically have a broad scope, encompassing many assets within an organization’s IT infrastructure. This includes servers, workstations, databases, network devices, web applications, and even mobile devices. The objective is to provide a comprehensive overview of potential weaknesses across the IT landscape. However, due to the automated nature and broad coverage, VAs might lack depth in specific areas, requiring further investigation or analysis.
  • PT: PT, also known as “pen testing” or “ethical hacking,” involves manual testing by skilled professionals, often referred to as “ethical hackers.” These professionals know extensively about attacker tactics, techniques, and tools (TTPs). With prior authorization and adhering to a defined scope and rules of engagement, they actively attempt to exploit identified vulnerabilities, mimicking the actions of real-world attackers. This approach provides a more in-depth analysis by identifying potential weaknesses, assessing their exploitability, and understanding how vulnerable an element is to actual attacks.
  • VA: VAs typically have a broad scope, encompassing a wide range of assets within an organization’s IT infrastructure. This includes servers, workstations, databases, network devices, web applications, and even mobile devices. The objective is to provide a comprehensive overview of potential weaknesses across the IT landscape. However, due to the automated nature and broad coverage, VAs might lack depth in specific areas, requiring further investigation or analysis.
  • PT: PT, in contrast, has a focused scope, targeting specific systems, applications, or network segments based on agreed-upon risks and priorities. This approach allows for a more detailed and thorough analysis of these targeted areas. Organizations typically prioritize high-risk assets, such as critical systems, sensitive data repositories, and public-facing applications, for PT. This targeted focus enables a deeper understanding of the specific vulnerabilities and potential impact on the chosen systems.
  • Intrusiveness:
  • VA: VAs are non-intrusive. This means they do not attempt to exploit identified vulnerabilities or disrupt system operations in any way. Scanning primarily involves analyzing configurations and software versions without actively attempting to gain unauthorized access. This minimizes any potential risk of causing harm to the systems being assessed.
  • PT: By its very nature, PT is in-depth and potentially disruptive. Ethical hackers actively attempt to exploit vulnerabilities, which may involve trying to gain unauthorized access to systems or data. While these activities are conducted within a controlled environment and predefined scope, they may require temporarily taking systems offline or impacting regular operations. It’s crucial to note that ethical hackers always conduct PT with proper authorization and safeguards to minimize any potential disruption or risk.
  • VA: VAs deliver a high-level overview of potential vulnerabilities. The reports typically list identified vulnerabilities, categorize them based on their severity (e.g., critical, high, medium, low), and may also indicate potentially affected systems. However, they often lack detailed information about the specific exploitability of each vulnerability. VAs may also generate false positives — instances where the scanner flags a vulnerability that might not actually exist, requiring further manual verification and analysis.
  • PT: PT offers detailed insights beyond simply identifying vulnerabilities. It assesses the exploitability of identified vulnerabilities, providing a clearer picture of the potential consequences of a successful attack. This includes understanding the potential impact on data confidentiality, integrity, and availability. PT reports also identify weaknesses in security controls and incident response capabilities, allowing organizations to identify areas for improvement.
  • Frequency and cost:
  • VA: Due to their automated nature and lower cost, VAs can be conducted frequently, even weekly or monthly. This allows organizations to continuously monitor their security posture and detect emerging vulnerabilities early. However, regular VAs are crucial as the threat landscape constantly evolves and new vulnerabilities are discovered regularly.
  • PT: PT is conducted periodically, typically due to the time and effort involved in planning, execution, and reporting. This process requires skilled professionals and a dedicated testing environment, making them more expensive than VAs. The frequency of PT depends on an organization’s risk tolerance, budget, and the criticality of its assets.
  • Skills and expertise required:
  • VA: While specialized knowledge is beneficial, VAs typically require IT professionals with a basic understanding of vulnerability scanners and the interpretation of their results. These professionals can configure and utilize the scanning tools, analyze the generated reports, and prioritize identified vulnerabilities based on their severity.
  • PT: PT requires highly skilled cybersecurity professionals , often called “ethical hackers.” These individuals possess an in-depth understanding of attacker techniques, tools, and exploitability of vulnerabilities. They can identify potential weaknesses and actively exploit them within the defined scope and rules of engagement. Ethical hackers also possess strong analytical and communication skills to effectively document their findings and recommendations.
  • Reporting and actionable insights:
  • VA: VA reports typically list identified vulnerabilities categorized by severity and may include information about the affected systems. However, they may require further analysis and expertise to effectively prioritize and remediate the vulnerabilities. Additional investigation may be necessary to determine the true exploitability of each vulnerability and its potential impact.
  • PT: PT reports offer detailed information on identified vulnerabilities, including their exploitability and potential impact on data confidentiality, integrity, and availability. Additionally, they outline the steps taken to exploit the vulnerabilities, providing valuable insights into the weaknesses of security controls. These reports also offer actionable recommendations for remediation, prioritizing critical vulnerabilities based on their exploitability and potential impact. This comprehensive information allows organizations to make informed decisions and implement effective mitigation strategies.
  • Suitability for different scenarios:
  • VA: VAs are well-suited for regularly assessing an organization’s overall security, identifying potential weaknesses, and ensuring compliance with security regulations. Their frequent execution allows for continuous monitoring and early detection of emerging vulnerabilities, reducing the window of opportunity for attackers.
  • PT: PT is ideal for in-depth assessments of specific systems, applications, or network segments. It simulates real-world attacks, helping organizations understand their security posture’s effectiveness against real threats. This in-depth analysis provides valuable insights into potential attack vectors and allows organizations to test the effectiveness of their security controls in preventing breaches and mitigating damage.

Choosing the right approach:

The choice between VA and PT depends on several factors specific to each organization, including their:

  • Security maturity level : Organizations with more mature security might prioritize regular VAs to maintain a baseline security level while conducting periodic PT on critical systems and applications. Organizations with limited resources might leverage VAs as the primary method while conducting PT in high-risk areas.
  • Risk tolerance : Organizations with a higher risk tolerance might prioritize VAs for broader coverage, while those with a lower risk tolerance might opt for more frequent PT.
  • Budget : PT is typically more expensive than VAs due to the skilled labor and time involved. Therefore, budget constraints might influence the choice of approach.
  • Specific areas of concern : Organizations might choose to conduct PT on specific systems or applications based on their criticality, sensitivity of data stored, or potential attack vectors.

Both vulnerability assessment and penetration testing play complementary roles in an organization’s cybersecurity strategy. VAs offer a cost-effective and frequent method for identifying potential weaknesses and maintaining a baseline level of security. PT provides in-depth analysis and actionable insights by simulating real-world attacks and assessing the exploitability of vulnerabilities. By understanding the key differences between VAs and PT, organizations can strategically choose the right approach, or even employ a combination of both, to effectively identify, analyze, and address vulnerabilities, ultimately strengthening their security posture and reducing the risk of cyberattacks.

By using both VAs and PT within a comprehensive security program, organizations can proactively identify and address security weaknesses, preventing attackers from exploiting these vulnerabilities and safeguarding their valuable information assets.

Did you find this article on vulnerability assessment vs. penetration testing helpful? Let the conversation continue on LinkedIn Opens a new window , X Opens a new window , or Facebook Opens a new window . We value your feedback!

Image source: Shutterstock

MORE ON VULNERABILITY

  • What Is a Security Vulnerability? Definition, Types, and Best Practices for Prevention
  • What Is Vulnerability Management? Definition, Lifecycle, Policy, and Best Practices
  • What Is Single Sign-On (SSO)? Definition, Process, and Best Practices
  • What Is Hardware Security? Definition, Threats, and Best Practices
  • What is Risk Management? Definition, Process, Tools, and Uses

Share This Article:

IT Specialist

Take me to Community

Recommended Reads

SubdoMailing Exposé: Massive Domain Hijacking Campaign Used for Ad Fraud, Malvertising, Phishing Emails

SubdoMailing Exposé: Massive Domain Hijacking Campaign Used for Ad Fraud, Malvertising, Phishing Emails

U.S. Pharmacies Face Nationwide Cyberattack

U.S. Pharmacies Face Nationwide Cyberattack

What Is a DISA Security Technical Implementation Guide (STIG)? Definition, Application, and Compliance Levels

What Is a DISA Security Technical Implementation Guide (STIG)? Definition, Application, and Compliance Levels

The Cyber Battlefield in Manufacturing: Strategies for Resilience

The Cyber Battlefield in Manufacturing: Strategies for Resilience

Deepfakes Are About to Become a Lot Worse, OpenAI’s Sora Demonstrates

Deepfakes Are About to Become a Lot Worse, OpenAI’s Sora Demonstrates

Vulnerable to Vigilant: SMBs Ramp Up Cybersecurity Efforts

Vulnerable to Vigilant: SMBs Ramp Up Cybersecurity Efforts

Physical vulnerability curve construction and quantitative risk assessment of a typhoon-triggered debris flow via numerical simulation: A case study of Zhejiang Province, SE China

  • Original Paper
  • Published: 26 February 2024

Cite this article

  • Tengfei Wang 1 , 2 ,
  • Kunlong Yin 1 ,
  • Yuanyao Li 3 ,
  • Lixia Chen 4 ,
  • Changgui Xiao 5 ,
  • Haomeng Zhu 5 &
  • Cees van Westen 2  

71 Accesses

Explore all metrics

Typhoons are recurring meteorological phenomena in the southeastern coastal area of China, frequently triggering debris flows and other forms of slope failures that result in significant economic damage and loss of life in densely populated and economically active regions. Accurate prediction of typhoon-triggered debris flows and identification of high-risk zones are imperative for effective risk management. Surprisingly, little attention has been devoted to the construction of physical vulnerability curves in typhoon-affected areas, as a basis for risk assessment. To address this deficiency, this paper presents a quantitative method for developing physical vulnerability curves for buildings by modeling debris flow intensity and building damage characteristics. In this study, we selected the Wangzhuangwu watershed, in Zhejiang Province of China, which was impacted by a debris flow induced by Typhoon Lekima on August 10, 2019. We conducted detailed field surveys after interpreting remote sensing imagery to analyze the geological features and the mechanism of the debris flow and constructed a comprehensive database of building damage characteristics. To model the 2019 debris flow initiation, entrainment, and deposition processes, we applied the Soil Conservation Service-Curve Number (SCS-CN) approach and a two-dimensional debris flow model (FLO-2D). The reconstructed debris flow depth and extent were validated using observed debris flow data. We generated physical vulnerability curves for different types of building structures, taking into account both the degree of building damage and the modeled debris flow intensity, including flow depth and impact pressure. Based on calibrated rheological parameters, we modeled the potential intensity of future debris flows while considering various recurrence frequencies of triggering rainfall events. Subsequently, we calculated the vulnerability index and economic risk associated with buildings for different frequencies of debris flow events, employing diverse vulnerability functions that factored in uncertainty in both intensity indicators and building structures. We observed that the vulnerability function utilizing impact pressure as the intensity indicator tends to be more conservative than the one employing flow depth as a parameter. This comprehensive approach efficiently generated physical vulnerability curves and a debris flow risk map, providing valuable insights for effective disaster prevention in areas prone to debris flows.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price includes VAT (Russian Federation)

Instant access to the full article PDF.

Rent this article via DeepDyve

Institutional subscriptions

risk assessment methodology for physical security

Data availability

The data used to support the findings of this study are available from the corresponding author upon request.

Antunes B, Correia F, Gomes P (2011) Context capture in software development. 3rd Artificial Intelligence Techniques in Software Engineering Workshop. Larnaca, Cyprus. https://doi.org/10.48550/arXiv.1101.4101

Barbolini M, Cappabianca F, Sailer R (2004) Empirical estimate of vulnerability relations for use in snow avalanche risk assessment. Risk Anal IV

Google Scholar  

Belli G, Walter F, McArdell B et al (2022) Infrasonic and seismic analysis of debris-flow events at Illgraben (Switzerland): relating signal features to flow parameters and to the seismo-acoustic source mechanism. J Geophys Res Earth Surf 127:e2021JF006576. https://doi.org/10.1029/2021JF006576

Article   ADS   Google Scholar  

Bout B, Lombardo L, van Westen CJ, Jetten VG (2018) Integration of two-phase solid fluid equations in a catchment model for flashfloods, debris flows and shallow slope failures. Environ Model Softw 105:1–16. https://doi.org/10.1016/j.envsoft.2018.03.017

Article   Google Scholar  

Chang M, Tang C, Van Asch ThWJ, Cai F (2017) Hazard assessment of debris flows in the Wenchuan earthquake-stricken area, South West China. Landslides 14:1783–1792. https://doi.org/10.1007/s10346-017-0824-9

Chang M, Liu Y, Zhou C, Che H (2020) Hazard assessment of a catastrophic mine waste debris flow of Hou Gully, Shimian. China Eng Geol 275:105733. https://doi.org/10.1016/j.enggeo.2020.105733

Chen HX, Zhang LM, Chang DS, Zhang S (2012) Mechanisms and runout characteristics of the rainfall-triggered debris flow in Xiaojiagou in Sichuan Province, China. Nat Hazards 62:1037–1057. https://doi.org/10.1007/s11069-012-0133-5

Chen HX, Zhang S, Peng M, Zhang LM (2016) A physically-based multi-hazard risk assessment platform for regional rainfall-induced slope failures and debris flows. Eng Geol 203:15–29. https://doi.org/10.1016/j.enggeo.2015.12.009

Article   CAS   Google Scholar  

Chen H-X, Li J, Feng S-J et al (2019) Simulation of interactions between debris flow and check dams on three-dimensional terrain. Eng Geol 251:48–62. https://doi.org/10.1016/j.enggeo.2019.02.001

Chen M, Tang C, Zhang X et al (2021) Quantitative assessment of physical fragility of buildings to the debris flow on 20 August 2019 in the Cutou gully, Wenchuan, southwestern China. Eng Geol 293:106319. https://doi.org/10.1016/j.enggeo.2021.106319

Christen M, Kowalski J, Bartelt P (2010) RAMMS: numerical simulation of dense snow avalanches in three-dimensional terrain. Cold Reg Sci Technol 63:1–14. https://doi.org/10.1016/j.coldregions.2010.04.005

Ciurean RL, Hussin H, van Westen CJ et al (2017) Multi-scale debris flow vulnerability assessment and direct loss estimation of buildings in the Eastern Italian Alps. Nat Hazards 85:929–957. https://doi.org/10.1007/s11069-016-2612-6

Corominas J, van Westen C, Frattini P et al (2013) Recommendations for the quantitative analysis of landslide risk. Bull Eng Geol Environ. https://doi.org/10.1007/s10064-013-0538-8

Cui P, Hu K, Zhuang J et al (2011) Prediction of debris-flow danger area by combining hydrological and inundation simulation methods. J Mt Sci 8:1–9. https://doi.org/10.1007/s11629-011-2040-8

Eidsvig UMK, Papathoma-Köhle M, Du J et al (2014) Quantification of model uncertainty in debris flow vulnerability assessment. Eng Geol 181:15–26. https://doi.org/10.1016/j.enggeo.2014.08.006

Fangqiang W, Yu Z, Kaiheng H, Kechang G (2006) Model and method of debris flow risk zoning based on momentum analysis. Wuhan Univ J Nat Sci 11:835–839. https://doi.org/10.1007/BF02830173

Fell R, Corominas J, Bonnard C et al (2008) Guidelines for landslide susceptibility, hazard and risk zoning for land-use planning. Eng Geol 102:99–111. https://doi.org/10.1016/j.enggeo.2008.03.014

Figueroa-García JE, Franco-Ramos O, Bodoque JM et al (2021) Long-term lahar reconstruction in Jamapa Gorge, Pico de Orizaba (Mexico) based on botanical evidence and numerical modelling. Landslides 18:3381–3392. https://doi.org/10.1007/s10346-021-01716-3

Fuchs S, Heiss K, Hübl J (2007) Towards an empirical vulnerability function for use in debris flow risk assessment. Nat Hazards Earth Syst Sci 7:495–506. https://doi.org/10.5194/nhess-7-495-2007

Guo ZZ, Chen LX, Gui L et al (2020) Landslide displacement prediction based on variational mode decomposition and WA-GWO-BP model. Landslides 17:567–583. https://doi.org/10.1007/s10346-019-01314-4

Guo Z, Torra O, Hürlimann M et al (2022) FSLAM: a QGIS plugin for fast regional susceptibility assessment of rainfall-induced landslides. Environ Model Softw 150:105354. https://doi.org/10.1016/j.envsoft.2022.105354

He K, Liu B, Hu X et al (2022) Rapid characterization of landslide-debris flow chains of geologic hazards using multi-method investigation: case study of the Tiejiangwan LDC. Rock Mech Rock Eng 55:5183–5208. https://doi.org/10.1007/s00603-022-02905-9

Horton AJ, Hales TC, Ouyang C, Fan X (2019) Identifying post-earthquake debris flow hazard using Massflow. Eng Geol 258:105134. https://doi.org/10.1016/j.enggeo.2019.05.011

Hu KH, Ding MT (2012) Hazard mapping for debris flows based on numerical simulation and momentum index. Int Conf Proc Mt Environ Dev, 2nd edn. pp 27–34

Hürlimann M, Guo Z, Puig-Polo C, Medina V (2022) Impacts of future climate and land cover changes on landslide susceptibility: regional scale modelling in the Val d’Aran region (Pyrenees, Spain). Landslides 19:99–118. https://doi.org/10.1007/s10346-021-01775-6

Jaiswal P, van Westen CJ (2013) Use of quantitative landslide hazard and risk information for local disaster risk reduction along a transportation corridor: a case study from Nilgiri district, India. Nat Hazards 65:887–913. https://doi.org/10.1007/s11069-012-0404-1

Jakob M, Stein D, Ulmi M (2012) Vulnerability of buildings to debris flow impact. Nat Hazards 60:241–261. https://doi.org/10.1007/s11069-011-0007-2

Jishun R (1991) On the geotectonics of Southern China. Acta Geol Sin - Engl Ed 4:111–130. https://doi.org/10.1111/j.1755-6724.1991.mp4002001.x

Kang H, Kim Y (2016) The physical vulnerability of different types of building structure to debris flow events. Nat Hazards 80:1475–1493. https://doi.org/10.1007/s11069-015-2032-z

Kim M-I, Kwak J-H, Kim B-S (2018) Assessment of dynamic impact force of debris flow in mountain torrent based on characteristics of debris flow. Environ Earth Sci 77:538. https://doi.org/10.1007/s12665-018-7707-9

Laouacheria F, Mansouri R (2015) Comparison of WBNM and HEC-HMS for runoff hydrograph prediction in a small urban catchment. Water Resour Manag 29(8):1–17

Li Z, Nadim F, Huang H et al (2010) Quantitative vulnerability estimation for scenario-based landslide hazards. Landslides 7:125–134. https://doi.org/10.1007/s10346-009-0190-3

Liang X, Segoni S, Yin K et al (2022) Characteristics of landslides and debris flows triggered by extreme rainfall in Daoshi Town during the 2019 Typhoon Lekima, Zhejiang Province, China. Landslides 19:1735–1749. https://doi.org/10.1007/s10346-022-01889-5

Liu X, Lei J (2003) A method for assessing regional debris flow risk: an application in Zhaotong of Yunnan province (SW China). Geomorphology 52:181–191. https://doi.org/10.1016/S0169-555X(02)00242-8

Liu X, Xie Z et al (2020) Analysis of rainstorm caused by super typhoon “Lekima” in Zhejiang Province of 2019. J Meteorol Sci 40(1):89–96. (in Chinese)

Luna BQ, Remaître A, van Asch ThWJ et al (2012) Analysis of debris flow behavior with a one dimensional run-out model incorporating entrainment. Eng Geol 128:63–75. https://doi.org/10.1016/j.enggeo.2011.04.007

Matti B, Dahlke HE, Lyon SW (2016) On the variability of cold region flooding. J Hydrol 534:669–679. https://doi.org/10.1016/j.jhydrol.2016.01.055

Mcardell BW (2016) Field measurements of forces in debris flows at the Illgraben: implications for channel-bed erosion. Int J Eros Control Eng 9:194–198. https://doi.org/10.13101/ijece.9.194

Mergili M, Fischer J-T, Krenn J, Pudasaini SP (2017a) r.avaflow v1, an advanced open-source computational framework for the propagation and interaction of two-phase mass flows. Geosci Model Dev 10:553–569. https://doi.org/10.5194/gmd-10-553-2017

Article   ADS   CAS   Google Scholar  

Mergili M, Fischer J-T, Pudasaini SP (2017b) Process chain modelling with r.avaflow: lessons learned for multi-hazard analysis. In: Mikos M, Tiwari B, Yin Y, Sassa K (eds) Advancing culture of living with landslides. Springer International Publishing, Cham, pp 565–572

Nie J, Zhang X, Xu C et al (2021) The impact of super typhoon Lekima on the house collapse rate and quantification of the interactive impacts of natural and socioeconomic factors. Geomat Nat Hazards Risk 12:1386–1401. https://doi.org/10.1080/19475705.2021.1927860

O’Brien JS, Julien PY, Fullerton WT (1993) Two-dimensional water flood and mudflow simulation. J Hydraul Eng 119:244–261. https://doi.org/10.1061/(ASCE)0733-9429(1993)119:2(244)

Ouyang C, Wang Z, An H et al (2019) An example of a hazard and risk assessment for debris flows—a case study of Niwan Gully, Wudu. China Eng Geol 263:105351. https://doi.org/10.1016/j.enggeo.2019.105351

Papathoma-Köhle M, Keiler M, Totschnig R, Glade T (2012) Improvement of vulnerability curves using data from extreme events: debris flow event in South Tyrol. Nat Hazards 64:2083–2105. https://doi.org/10.1007/s11069-012-0105-9

Peduto D, Ferlisi S, Nicodemo G et al (2017) Empirical fragility and vulnerability curves for buildings exposed to slow-moving landslides at medium and large scales. Landslides 14:1993–2007. https://doi.org/10.1007/s10346-017-0826-7

Quan Luna B, Blahut J, van Westen CJ et al (2011) The application of numerical debris flow modelling for the generation of physical vulnerability curves. Nat Hazards Earth Syst Sci 11:2047–2060. https://doi.org/10.5194/nhess-11-2047-2011

Quan Luna B, Blahut J, Camera C et al (2013) Physically based dynamic run-out modelling for quantitative debris flow risk assessment: a case study in Tresenda. Environ Earth Sci, Northern Italy. https://doi.org/10.1007/s12665-013-2986-7

Book   Google Scholar  

Scheidl C, Rickenmann D (2009) Empirical prediction of debris-flow mobility and deposition on fans. Earth Surf Process Landf n/a-n/a. https://doi.org/10.1002/esp.1897

Tang C, Liu X, Zhu J (1993) The evaluation and application of risk degree for debris flow inundation on alluvial fans. J Nat Disasters 2:79–84

Tang C, Zhu J, Li WL, Liang JT (2009) Rainfall-triggered debris flows following the Wenchuan earthquake. Bull Eng Geol Environ 68:187–194. https://doi.org/10.1007/s10064-009-0201-6

Tang C, Zhu J, Ding J et al (2011) Catastrophic debris flows triggered by a 14 August 2010 rainfall at the epicenter of the Wenchuan earthquake. Landslides 8:485–497. https://doi.org/10.1007/s10346-011-0269-5

Tang Y, Guo Z, Wu L et al (2022) Assessing debris flow risk at a catchment scale for an economic decision based on the LiDAR DEM and numerical simulation. Front Earth Sci 10:821735. https://doi.org/10.3389/feart.2022.821735

USACE-HEC (2010) Hydrologic modeling system, HEC-HMS v3.5. User's manual, US Army Corps of Engineers, hydrologic engineering center. August 2010. https://www.hec.usace.army.mil/software/hechms/documentation/HEC-HMS_Users_Manual_3.5.pdf

van Asch ThWJ, Tang C, Alkema D et al (2014) An integrated model to assess critical rainfall thresholds for run-out distances of debris flows. Nat Hazards 70:299–311. https://doi.org/10.1007/s11069-013-0810-z

Wang T, Dahal A, Fang Z et al (2023) From spatio-temporal landslide susceptibility to landslide risk forecast[J]. Geosci Front 2023:101765. https://doi.org/10.1016/j.gsf.2023.101765

Wei F, Hu K, Lopez JL, Cui P (2003) Method and its application of the momentum model for debris flow risk zoning. Chin Sci Bull 48:594–598. https://doi.org/10.1360/03tb9126

Wei Z, Xu Y-P, Sun H et al (2018) Predicting the occurrence of channelized debris flow by an integrated cascading model: a case study of a small debris flow-prone catchment in Zhejiang Province, China. Geomorphology 308:78–90. https://doi.org/10.1016/j.geomorph.2018.01.027

Wei L, Hu K, Liu J (2021) Quantitative analysis of the debris flow societal risk to people inside buildings at different times: a case study of Luomo Village, Sichuan. Southwest China Front Earth Sci 8:627070. https://doi.org/10.3389/feart.2020.627070

Wu YP, Chen LX, Cheng C et al (2014) GIS-based landslide hazard predicting system and its real-time test during a typhoon, Zhejiang Province, Southeast China. Eng Geol 175:9–21. https://doi.org/10.1016/j.enggeo.2014.03.005

Yu B, Ma Y, Wu Y (2013) Case study of a giant debris flow in the Wenjia Gully, Sichuan Province, China. Nat Hazards 65:835–849. https://doi.org/10.1007/s11069-012-0395-y

Zanchetta G, Sulpizio R, Pareschi MT et al (2004) Characteristics of May 5–6, 1998 volcaniclastic debris flows in the Sarno area (Campania, Southern Italy): relationships to structural damage and hazard zonation. J Volcanol Geotherm Res 133:377–393. https://doi.org/10.1016/S0377-0273(03)00409-8

Zhang P, Ma J, Shu H et al (2015) Simulating debris flow deposition using a two-dimensional finite model and Soil Conservation Service-Curve Number approach for Hanlin gully of southern Gansu (China). Environ Earth Sci 73:6417–6426. https://doi.org/10.1007/s12665-014-3865-6

Zhang S, Zhang L, Li X, Xu Q (2018) Physical vulnerability models for assessing building damage by debris flows. Eng Geol 247:145–158. https://doi.org/10.1016/j.enggeo.2018.10.017

Zhang X, Chen G, Cai L et al (2021) Impact assessments of typhoon lekima on forest damages in subtropical china using machine learning methods and Landsat 8 OLI imagery. Sustainability 13:4893. https://doi.org/10.3390/su13094893

Zhao H, Duan X, Raga GB, Klotzbach PJ (2018) Changes in characteristics of rapidly intensifying western North Pacific tropical cyclones related to climate regime shifts. J Clim 31:8163–8179. https://doi.org/10.1175/JCLI-D-18-0029.1

Zhou C, Chen P, Yang S et al (2022) The impact of Typhoon Lekima (2019) on East China: a postevent survey in Wenzhou City and Taizhou City. Front Earth Sci 16:109–120. https://doi.org/10.1007/s11707-020-0856-7

Zou Q, Cui P, Zeng C et al (2016) Dynamic process-based risk assessment of debris flow on a local scale. Phys Geogr 37:132–152. https://doi.org/10.1080/02723646.2016.1169477

Download references

Acknowledgements

The first author wishes to thank the China Scholarship Council (CSC) for funding his research period at University of Twente.

This research was supported by the National Natural Science Foundation of China (No.41877525) and the Key Research and Development Program of Hubei Province (NO.2021BID009).

Author information

Authors and affiliations.

Faculty of Engineering, China University of Geosciences, Wuhan, 430074, China

Tengfei Wang & Kunlong Yin

Faculty of Geo-Information Science and Earth Observation, University of Twente, Enschede, the Netherlands

Tengfei Wang & Cees van Westen

Institute of Geological Survey, China University of Geosciences, Wuhan, 430074, China

Institute of Geophysics and Geomatics, China University of Geosciences, Wuhan, 430074, China

Institute of Geology of Zhejiang Province, Hangzhou, 310007, China

Changgui Xiao & Haomeng Zhu

You can also search for this author in PubMed   Google Scholar

Contributions

Conceptualization: TW and YL. Methodology: TW and KY. Software: TW. Investigation: TW and YL. Data curation: CX, LC, and HZ. Writing—original draft preparation: TW. Writing—review and editing: KY, YL, and CW. Visualization: TW. Supervision: KY and CW. Funding acquisition: LC and KY. Revision: TW and CW. All authors have read and agreed to the published version of the manuscript.

Corresponding author

Correspondence to Yuanyao Li .

Ethics declarations

Competing interests.

The authors declare no competing interests.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Wang, T., Yin, K., Li, Y. et al. Physical vulnerability curve construction and quantitative risk assessment of a typhoon-triggered debris flow via numerical simulation: A case study of Zhejiang Province, SE China. Landslides (2024). https://doi.org/10.1007/s10346-024-02218-8

Download citation

Received : 11 May 2023

Accepted : 02 February 2024

Published : 26 February 2024

DOI : https://doi.org/10.1007/s10346-024-02218-8

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

  • Typhoon-induced debris flow
  • Physical vulnerability curve
  • Numerical simulation
  • Quantitative risk assessment
  • Find a journal
  • Publish with us
  • Track your research

Log in using your username and password

  • Search More Search for this keyword Advanced search
  • Latest content
  • Current issue
  • For authors
  • New editors
  • BMJ Journals More You are viewing from: Google Indexer

You are here

  • Online First
  • ‘You can change your life through sports’—physical activity interventions to improve the health and well-being of adults experiencing homelessness: a mixed-methods systematic review
  • Article Text
  • Article info
  • Citation Tools
  • Rapid Responses
  • Article metrics

Download PDF

  • http://orcid.org/0000-0003-0248-4160 Jo Dawes 1 ,
  • Raphael Rogans-Watson 2 ,
  • Julie Broderick 3
  • 1 Department of Epidemiology & Public Health , UCL , London , UK
  • 2 Elderly Medicine , University Hospitals Sussex NHS Foundation Trust , Worthing , UK
  • 3 Discipline of Physiotherapy, School of Medicine , Trinity College Dublin , Dublin , Ireland
  • Correspondence to Jo Dawes, Department of Epidemiology & Public Health, UCL, London, London, UK; joanna.dawes{at}ucl.ac.uk

Objectives Systematically synthesise evidence of physical activity interventions for people experiencing homelessness (PEH).

Design Mixed-methods systematic review.

Data sources EMBASE, Web of Science, CINAHL, PubMed (MEDLINE), PsycINFO, SPORTDiscus and Cochrane Library, searched from inception to October 2022.

Eligibility criteria PICO framework: population (quantitative/qualitative studies of PEH from high-income countries); intervention (physical activity); comparison (with/without comparator) and outcome (any health/well-being-related outcome). The risk of bias was assessed using Joanna Briggs Institute critical appraisal tools.

Results 3615 records were screened, generating 18 reports (17 studies, 11 qualitative and 6 quantitative (1 randomised controlled trial, 4 quasi-experimental, 1 analytical cross-sectional)) from the UK, USA, Denmark and Australia, including 554 participants (516 PEH, 38 staff). Interventions included soccer (n=7), group exercise (indoor (n=3), outdoor (n=5)) and individual activities (n=2). The risk of bias assessment found study quality to vary; with 6 being high, 6 moderate, 4 low and 1 very low. A mixed-methods synthesis identified physical and mental health benefits. Qualitative evidence highlighted benefits carried into wider life, the challenges of participating and the positive impact of physical activity on addiction. Qualitative and quantitative evidence was aligned demonstrating the mental health benefits of outdoor exercise and increased physical activity from indoor group exercise. Quantitative evidence also suggests improved musculoskeletal health, cardiovascular fitness, postural balance and blood lipid markers (p<0.05).

Conclusion Qualitative evidence suggests that physical activity interventions for PEH can benefit health and well-being with positive translation to wider life. There was limited positive quantitative evidence, although most was inconclusive. Although the evidence suggests a potential recommendation for physical activity interventions for PEH, results may not be transferable outside high-income countries. Further research is required to determine the effectiveness and optimal programme design.

  • Physical activity
  • Physical fitness
  • Public health

Data availability statement

Data are available upon reasonable request.

This is an open access article distributed in accordance with the Creative Commons Attribution Non Commercial (CC BY-NC 4.0) license, which permits others to distribute, remix, adapt, build upon this work non-commercially, and license their derivative works on different terms, provided the original work is properly cited, appropriate credit is given, any changes made indicated, and the use is non-commercial. See:  http://creativecommons.org/licenses/by-nc/4.0/ .

https://doi.org/10.1136/bjsports-2023-107562

Statistics from Altmetric.com

Request permissions.

If you wish to reuse any or all of this article please use the link below which will take you to the Copyright Clearance Center’s RightsLink service. You will be able to get a quick price and instant permission to reuse the content in many different ways.

WHAT IS ALREADY KNOWN ON THIS TOPIC

People experiencing homelessness suffer a higher burden of physical and mental health conditions than housed populations.

Limited studies suggest that regular physical activity may address many health conditions prevalent among people experiencing homelessness, although the evidence has not been systematically reviewed.

WHAT THIS STUDY ADDS

A variety of physical activity interventions have been designed and provided to engage people experiencing homelessness, including soccer, outdoor and indoor group activities, and individual activities.

The synthesis of qualitative and quantitative evidence suggests that physical activity can benefit the mental and physical health of people experiencing homelessness with positive translation of benefits to wider life.

HOW THIS STUDY MIGHT AFFECT RESEARCH, PRACTICE OR POLICY

Group physical activity interventions seemed to be the most benefitical to people experiencing homelessness, perhaps due to its facilitation of social support and connection.

Qualitative data highlighted the pressure some participants felt in competetive tournament settings. Organisers should recognise this and consider support to ameliorate impacts of pressure experienced.

Consideration should be given to the intensity level of physical activity interventions for this population. Given the high prevalence and poor health of many people experiencing homelessness, lower threshhold activities are likely to be more inclusive for the population.

Introduction

Homelessness is an extreme form of social exclusion 1 2 related to poverty in high-income countries. 3 People experiencing homelessness (PEH) are defined as those who are ‘roofless’ (eg, no fixed abode) and ‘houseless’ (eg, living in hostel, shelter, temporary accommodation) in accordance with the European Federation of National Organisations Working with the Homeless. 4 Prior to the COVID-19 pandemic, homelessness in the UK had increased annually since 2010 5 with estimates of all categories of homelessness in England standing at 280 000 people, 6 of which 4266 were estimated to be sleeping on the streets. 7 The Organisation for Economic Co-operation and Development (OECD) estimates that almost 2 million people are experiencing homelessness in 35 OECD countries. 8

PEH have poorer health than the general population, 9 10 often characterised by a tri-morbidity of mental health diagnoses, chronic physical health conditions and addiction. 9 Poor health is thought to be both precipitated and exacerbated by poor living conditions, lack of resources, social exclusion, stigmatisation and difficulty accessing suitable health services. 11

Physical activity is beneficial for people with disabilities and chronic health conditions, both from a physical health and a social perspective. Guidance suggests that the type and amount of physical activity should be determined by a person’s abilities and the severity of their condition or disability, which may change over time. 12 PEH live with a high burden of physical deficits, 13 falls and frailty, 14 respiratory disease, cardiac problems, stroke and diabetes, 15 which could be positively influenced by physical activity. A recent scoping review found that among PEH, overall levels of physical activity appeared to be low, though the authors recognised that across studies reviewed, physical activity levels varied. 16 Low levels of physical activity could be due to limited opportunities or barriers to accessing physical activity, rather than through choice. Consequently, PEH may miss out on health gains and a reduced risk of harm that physical activity affords people with these conditions. It is important that this population has opportunities for physical activity to stabilise or reverse physical declines associated with homelessness. Given the multiple barriers PEH face accessing services, it may be important that physical activity interventions are specifically tailored to their needs to optimise reach and participation. This perspective is consistent with public engagement activities with PEH and staff who care for them, which took place prior to the commencement of this research. This research poses two research questions: what is the range of physical activity interventions provided to PEH? And, what is the evidence supporting the effectiveness of these interventions?

This review aims to summarise the available evidence for physical activity interventions intended to improve health outcomes of adults experiencing homelessness, focusing on physical activity interventions and their effectiveness in improving health outcomes.

A preliminary scoping review revealed that published literature in the field of physical activity for PEH comprised both quantitative and qualitative research. Therefore, a mixed-methods systematic review was adopted. This allowed for the findings of effectiveness (quantitative evidence) and participant experiences (qualitative evidence) to be brought together, to facilitate a broader understanding of whether and how interventions worked. 17 18 This systematic review was conducted following the Preferred Reporting Items for Systematic Reviews and Meta-analyses (PRISMA) 2020 guidelines 19 and checklist, 20 and the protocol was registered a priori in PROSPERO database (reference number: CRD42020216716).

Identification

Defining search terms.

Initial search terms were generated by reviewers (JFD, RR-W and JB), who between them, have extensive clinical and research expertise and experience in the health of PEH, physical activity and systematic review methodology. The search terms were refined and tailored for a preliminary search of MEDLINE, and used to test the proof of concept and search strategy. The search syntax ( online supplemental file 1 ) was designed by a professional librarian in collaboration with two reviewers (JFD and RR-W).

Supplemental material

Search terms were refined, adapted and run in MEDLINE, EMBASE, Web of Science, CINAHL, PsycINFO, SPORTDiscus and the Cochrane Library. The searches were conducted on 17 February 2021, including literature from the previous 30 years (1991–2021) and restricted to English language only. The searches were re-run using the original search terms by a specialist librarian at Trinity College Dublin on 19 October 2022 to identify any new reports published between 21 October 2021 and 19 October 2022. All previous databases were searched, except SPORTDiscus, as it was unavailable in the institution’s library databases. Duplicates were removed at this stage. The reference lists of relevant systematic reviews and all included studies were hand-searched for reports to be added for screening. Corresponding authors of records that comprised an abstract only were contacted, where possible, to request full-text reports. Additionally, an expert reviewer suggested a study unidentified by searches, but met the inclusion criteria, so it was put forward for screening.

Title and abstract screening

On completion of the identification process, all report titles and abstracts were uploaded to the online systematic reviewing management system, Covidence. Two pairs of reviewers (JFD/RR-W and JFD/JB) independently performed (a) title and abstract screening and (b) full-text screening, judged against predetermined protocol criteria. In the event of disagreement, the third reviewer (JB or RR-W) was consulted for an additional opinion.

The PICO framework was used to identify inclusion criteria. For inclusion, all the following criteria were to be met:

Studies that included adults who were homeless under the European Typology of Homelessness and housing Exclusion (ETHOS) criteria for homelessness, 4 that is rooflessness, houselessness, living in insecure housing or living in inadequate housing. Age >18 years.

Intervention

Studies that included any physical activity intervention delivered as a stand-alone intervention or part of multimodal intervention, in any setting. Studies undertaken in high-income countries 21 were included, where there is assumed consistency in health and social care infrastructure as well as in family and community support systems, which impact how homelessness is perceived and managed. 22

This mixed-methods review included quantitative studies reporting any measures demonstrating health outcomes, including but not limited to primary measures such as cardiovascular fitness and strength, and qualitative findings describing participant perceptions linking physical activity intervention to health and/or well-being outcomes.

The presence of a comparison group was not required as an inclusion criterion.

Study types

This review considered quantitative, qualitative and mixed-methods studies.

Risk of bias assessment

In recognition of the diverse study designs included in this review, the Joanna Briggs Institute (JBI) critical appraisal tool portfolio was a key resource for judging quality and risk of bias. 23 24 These tools provide a criterion-based checklist for determining presence (yes), absence (no), a lack of clarity (unclear) or a lack of applicability (not applicable) of quality in studies across a variety of methods. 25 To determine the dependability and credibility of qualitative reports, their ConQual ratings were calculated. 26 Although Munn et al discourage cut-off values in determining the quality level in quantitative studies, for clarity and consistency of this mixed-methods review, a pragmatic decision was made to select cut-offs of <25% (very low), <50% (low), <75% (moderate) and >75% (high). Munn et al state that if cut-offs are preferred, these thresholds are best decided by the reviewers themselves. 25 A summary of the quality assessment of all reports is given in online supplemental file 2 .

Protocol deviation

This review was registered on PROSPERO, registration number: CRD42020216716. Found at https://www.crd.york.ac.uk/prospero/display_record.php?RecordID=216716 . In the PROSPERO protocol, we stated we would use Cochrane and Downs and Black risk of bias tools. However, once the diversity of the final studies was identified, the review team recognised that JBI risk of bias tools were more suited to the studies within our review.

Data extraction

The following data were extracted to an excel spreadsheet: study design, inclusion criteria, participants (description, number, accommodation, age, education, employment, ethnicity, race, biological sex, mental health and physical health), intervention (setting, frequency, intensity, time, type, group or individual, presence of other non-physical activity intervention components), quantitative outcome measures and qualitative themes.

Initially, JFD carried out and collated data extraction from five reports. This was reviewed by RR-W and JB to ensure accuracy and consistency. Once all three team members agreed on the data extraction process, the remaining reports were divided among the team for completion of data extraction. Data from each report were checked for accuracy by another member of the research team. Any inconsistencies in interpretation or reporting were discussed, and consensus was reached.

Strategy for mixed-methods data synthesis

The synthesis followed the JBI methodology for mixed-methods systematic reviews, 27 whereby established convergent, segregated, results-based mixed-methods frameworks for systematic reviewing were employed. 28 29 First, qualitative and quantitative data were meaningfully categorised by JFD and JB, respectively. Each reviewer conducted their analysis separately, independently and concurrently. JFD adopted a reflexive thematic analysis approach to synthesise the qualitative data, by extracting all qualitative results into an excel spreadsheet and following the six processes of thematic analysis, namely: familiarisation; coding; generating initial themes; reviewing and developing themes; refining, defining and naming themes; and writing up. 30 Details of themes are outlined in online supplemental file 3 . Due to the heterogeneity of quantitative studies, it was not possible for JB to carry out a meta-analysis. So narrative synthesis was used. Quantitative findings were then ‘qualitized’ to transform them into a qualitative, descriptive format. Next, quantitative and qualitative evidence were linked and organised to produce an overall ‘configured analysis’ 27 and reported as a series of tables and combined narrative synthesis.

Equality and diversity statement

Our author and librarian team consisted of three women and two men. The author team included early and mid-career researchers and clinicians across two disciplines (medicine and physiotherapy) from two countries (UK and Ireland). This research explores physical activity interventions for PEH, an under-served, often marginalised and excluded population who experience extreme socioeconomic disadvantage. This population is known to have complex and chronic health needs and is an often-overlooked group in physical activity research.

Study selection

13 737 records were identified through searches. After the removal of duplicates (n=10 122), 3615 records were screened by title and abstract, with 3496 records excluded at this stage. 119 reports were sought for full-text review, 4 could not be found, so 115 full-text reports were reviewed. Of these, 97 records were excluded at this stage (exclusions based on: 1 duplicate, 9 population, 59 intervention, 8 non-English language, 19 insufficient data, 1 protocol only). Finally, 18 reports were included for quality checking. Two reports described different aspects of a single study. Therefore, data were extracted from 18 reports describing 17 studies. The full identification, screening and inclusion process are outlined in a PRISMA diagram ( figure 1 ).

  • Download figure
  • Open in new tab
  • Download powerpoint

PRISMA flow diagram. PRISMA, Preferred Reporting Items for Systematic Reviews and Meta-analyses.

Quality assessment

The majority of the 11 qualitative studies were high quality, with 8 reporting at least 7 out of 10 quality criteria on the JBI checklist for qualitative studies ( online supplemental file 2 ). One study was of very low quality, 31 with only the statement of researcher positionality being clear, and all other criteria either unreported or unclear. Of the quantitative studies, the one randomised controlled trial (RCT) 32 was assessed as moderate quality due to methodological limitations, for example, lack of clarity regarding blinding of assessor and whether treatment groups were concealed. The analytical cross-sectional study was of moderate quality, and in general, quasi-experimental studies were of high quality.

Description of studies

Eighteen reports, describing 17 studies, were included ( table 1 ). Of these studies, 7 were from the USA, 5 from the UK, 3 from Denmark and 2 from Australia. The variety of designs across these studies comprised 11 qualitative and 6 quantitative reports (4 quasi-experimental, 1 RCT and 1 analytical cross-sectional). The interventions addressed varied, including soccer (n=7); group outdoor exercise (n=5); group indoor multimodal exercise (n=3) and individual multimodal interventions (n=2) ( online supplemental file 4 ).

  • View inline

Summary of included studies

Study populations

Online supplemental file 5 provides detail of each study population included in this systematic review. Across the 17 studies, 516 PEH were participants. Some studies included women only (n=5), men only (n=5) or mixed cohorts (n=7). Three qualitative studies reported staff/coaches’ perspectives (n=38). The age range of participants who were homeless was 16–65 years. It was specified in the review protocol that only studies with participants >18 years would be included. However, for pragmatic reasons, several studies 33–37 were included despite containing participants from the age of 16 years. In these studies, proportions of participants <18 years were not specified, although one study 38 stated that the ‘majority’ of participants were between the ages of 20 and 24 years. Descriptions of study participants’ experiences of homelessness varied but were mainly focused on: street homeless, living in hostel/shelter, transitional/social service accommodation or ‘homeless at time of intervention’. Studies that focused on Street Soccer and the Homeless World Cup invited participation from PEH and other socially excluded groups, for example, people attending unemployment offices or drug rehabilitation services. Although these studies did not define proportions of participants experiencing homelessness, for pragmatic reasons they were included, as the intervention had been specifically designed for PEH. Only one study specified exclusion criteria, 32 which were based on reading ability and length of time staying in the shelter. In two studies, several participants were eligible but chose not to participate, 39 40 the reasons for which was not specified. The number of study drop-outs was described in three reports/two studies, 32 36 37 but the reasons for drop-out were not specified.

Physical activity interventions and their components

Online supplemental file 4 provides a description of all included interventions. The studies included seven soccer interventions (tournament focused (n=2), group training focused (n=3) and combining group training and tournament participation (n=2)); five group outdoor exercise (adventure training (n=3), running (n=1) and gardening (n=1)); three group indoor multimodal exercise (aerobic-based circuits (n=2) and dance (n=1)) and two individual multimodal interventions (pedometer with step goals and earn-a-bike scheme). Online supplemental file 4 also provides programming variables, including: setting; frequency; intensity; time; type and the presence of other non-physical activity components of multimodal interventions.

Seven studies investigated the impact of soccer for PEH. These studies (eight reports) explored soccer group training (n=4), 39 41–43 tournament participation (n=2) 33 40 and interventions of training for and participating in tournaments (n=2). 44 45 The studies involving tournaments were focused around national or international tournaments such as the Homeless World Cup or Street Soccer USA Cup. 33 40 44 45

Group outdoor exercise

Five studies provided evidence of the value of group outdoor exercise. These included group outdoor adventure (n=3), 34 35 46  women’s running groups (n=1) 38 and women’s gardening groups (n=1). 47 These studies described multimodal interventions, including outdoor adventure interventions which contained multiple activities (eg, archery, rock climbing, hiking), and all studies reported additional support, such as the provision of education, debriefing, opportunities for reflection, childcare, food or clothing.

Group indoor multimodal exercise

All group indoor multimodal exercise studies (n=3) were instructor-led interventions provided to small groups in settings such as leisure centres 36 or shelter recreation rooms. 31 All studies were multimodal as they combined different types of activity, for example, stretching, cardiovascular exercise, dance, aerobic circuits, strength-based exercise to music and meditation.

Individual multimodal interventions

Two studies reported interventions for individuals. 32 48 One involved participants wearing a pedometer and working towards a step goal. This was provided along with an educational newsletter and fruit/vegetable snacks. 32 The other study described cycle training to learn road safety and cycle maintenance, alongside earning a bicycle for individual use. 48

Intervention and outcomes

Findings are described across four tables ( tables 2–5 ). Table 2 shows all synthesised findings relating to mental health and table 3 shows all synthesised findings relating to physical health where the configured analysis identified qualitative and quantitative evidence supporting matched themes. Table 4 shows evidence that was identified in either quantitative or qualitative reports alone. For example, findings, where only quantitative data existed, were related to bone health and blood markers. Whereas qualitative evidence only was identified relating to other important aspects of physical activity, not specifically or directly health-related, such as the benefits carried into wider life, challenges of participation and addiction.

Summary of synthesised findings relating to mental health benefits of physical activity participation

Summary of synthesised findings relating to physical health benefits of physical activity participation

Outcomes where quantitative only or qualitative only findings exist, no mixed-methods synthesis

Summary of available evidence for physical activity interventions categorised by intervention type, findings and evidence quality

The impact of physical activity interventions on the mental health of PEH

There were several domains within mental health where both quantitative and qualitative evidence was synthesised, suggesting physical activity was beneficial (summarised in table 2 ). These included enhanced confidence, empowerment and self-esteem; resilience, coping and hope; independence, self-regulation and personal development; stress and anxiety; and mood and state of mind.

Enhanced confidence, empowerment and self-esteem

There was high quality qualitative evidence that group running, soccer and indoor group exercise, and moderate quality qualitative evidence that group outdoor adventure and earn-a-bike enhanced confidence, empowerment and self-esteem. However, the only quantitative study to assess outcomes in this domain used the Hope scale (agency subscale), finding no significant differences between groups. One soccer player suggested:

… Football gave me confidence and took away feelings of depression as it made me more social. 44

Resilience, coping and hope

There was high quality qualitative evidence that group running, and group outdoor adventure enhanced resilience, coping and hope. However, the only quantitative study to measure relevant outcomes using the Hope Scale (pathway domain) found no significant difference between intervention and control groups. A member of staff involved in delivering group outdoor adventure described changes in a participant’s ability to cope:

… when we went to Coniston, not even 10 min, we was there she wanted to come home, but she didn’t and she learned how to cope… she really enjoyed herself. 35

Independence, self-regulation and personal development

Qualitative evidence suggested that group running, and soccer (both high quality) and group outdoor adventure and earn-a-bike (both moderate quality) enhanced independence, self-regulation and personal development. This was supported by moderate quality quantitative evidence that outdoor adventure improved life functioning. An outdoor adventure participant describes how it impacted them:

when I leave here, I face any challenges… in my life, then I know that I will be able to do them because I’ve become a stronger person from coming here. 35

Stress and anxiety

There was high quality qualitative evidence that group running, indoor group exercise and outdoor adventure and moderate quality qualitative evidence that soccer and earn-a-bike had a positive effect on stress and anxiety. The studies that used quantitative measures to assess stress/anxiety in soccer (moderate quality) and indoor group exercise (low quality) did not conclusively support the qualitative evidence. A participant at a gym-based programme said:

I… didn’t have the confidence to go outside, I felt a lot of like anxiety and this, the gym and stuff helps me with my anxiety really well. 36

Mood and state of mind

There was high quality qualitative evidence that soccer, group running and indoor group exercise and moderate quality qualitative evidence that earn-a-bike enhanced mood and state of mind. This was supported by moderate quality quantitative evidence that group outdoor adventure improved well-being.

The impact of physical activity interventions on the physical health of PEH

Changes were shown in the following physical health domains: body shape and weight loss; fitness levels; physical skills development and physical activity levels. The synthesised findings are summarised in table 3 . Quantitative findings not corroborated by qualitative findings are summarised in table 4 .

Body shape and weight loss

Synthesised findings showed that indoor group exercise and group running (both high quality qualitative evidence) were perceived as improving body shape and facilitating weight loss, while soccer was shown to significantly decrease weight-bearing fat mass and total fat mass (high quality quantitative evidence).

I took my measurements when I started street fit, and I took my measurements now, and I’m a lot more buff. 36

Fitness levels

Synthesised findings for fitness levels showed that group running, group indoor training and earn-a-bike (all high-quality qualitative evidence) significantly improved fitness and endurance levels, a finding backed up by a high-quality quantitative study of soccer. A person who cycled with earn-a-bike described trying to increase fitness:

… after riding, you know, for an hour, two hours, and sometimes I’ll ride for four hours. You know, I really want to make sure that my body is fit. 48

Physical skill development

While moderate quality qualitative evidence for group outdoor adventure was suggestive of positive changes in physical skills development, the quantitative research exploring this domain through measuring postural balance showed no significant difference between intervention and control groups. However, when comparing pre to post values in the intervention group, postural balance improved by 39% (p=0.004) in the right leg and 45% (p=0.006) in the left leg.

Physical activity levels

Synthesised findings showed that group indoor exercise and running groups (both high quality qualitative evidence) and earn-a-bike (moderate qualitative evidence) positively influenced physical activity levels. This was supported by a moderate quality quantitative pedometer and set a step count study. A woman from a running group described how since joining the group she now runs on her own:

I feel so much more body confident … I can actually run for the whole session without nearly dying. I also go out for runs on my own and I definitely think I’ve got faster. 38

Bone health and cholesterol

A high quality study measured markers of bone health 41 and cholesterol levels 39 in PEH who played soccer. Although not all bone markers improved, increases in osteocalcin from pre-intervention to post-intervention were reported and this change was significantly different between controls and intervention groups. With regards to cholesterol markers (low-density lipoprotein-lipid (LDL)/high-density lipoprotein (HDL)) cholesterol was lowered and LDL:HDL ratios increased in the intervention group after 12 weeks of soccer—findings which were significantly different (p=0.05) from the control group.

Other considerations relevant to physical activity interventions for PEH

There were some findings relevant which described the impact of physical activity for PEH described in qualitative literature only. Themes include addiction, self-medication and medication; benefits carried into wider life and challenges to participation in physical activity when homeless (outlined in table 4 ).

Addiction, self-medication and medication

Across several qualitative studies of soccer (high quality) and earn-a-bike (moderate quality), physical activity positively influencing addiction was described. One person who played football stated:

I’m drinking less and do not think I need alcohol as much now… It’s great to feel this way and football is a focus for us. 44

Benefits of physical activity participation carried into wider life

Most of the qualitative studies, including soccer, running groups, earn-a-bike, outdoor adventure, gardening and dance, described benefits to wider life. Subthemes included: development of life and interpersonal skills, improved social connectedness and relationships with others, practical and functional benefits, and physical activity as a catalyst for positive healthy life change. A participant who undertook leisure centre-based group indoor training said:

I’ve noticed a massive improvement in my fitness, and it’s definitely keeping me motivated to live a healthy lifestyle, because you don’t put in all that hard work and then want to ruin it, you know what I mean? 36

… and similarly, how a participant of soccer described life change:

We can go back there and show that homelessness isn’t permanent and that you can change your life through sports. 33

Challenges to participation in physical activity when homeless

Qualitative evidence demonstrated the importance of acknowledging specific challenges related to physical activity PEH faced, which impacted uptake and dropout rates across a variety of interventions. Those who participated in soccer tournaments described heavy defeats impacting on self-worth. 44 Women who participated in running groups described lack of funds for transport or the unpredictability of homelessness as a barrier to attending. 38 There was also worry about loss of donated kit (eg, running clothes) 38 and equipment (eg, bicycle) 48 through theft and staff who led dance groups reported inconsistent attendance among shelter-dwellers. 31

An overall summary of available evidence for physical activity interventions categorised by intervention type, findings and evidence quality is provided in table 5 .

This review identified evidence for diverse physical activity interventions for PEH. The mixed-methods methodology enabled a meaningfully configured synthesis of the breadth of available evidence. This review demonstrated positive impacts of physical activity for PEH in relation to mental and physical health outcomes with translation of benefits to wider life.

Physical activity interventions were heterogeneous, grouped into broad categories of soccer, group outdoor exercise, group indoor multimodal exercise and individualised multimodal interventions. In terms of specific sports, soccer predominated (7/17). This is unsurprising considering its global resonance. 37 The mental health benefits of physical activity participation identified in our review align with research carried out in non-homeless populations, for example, the psychological state of ‘flow’ (where a person feels simultaneously cognitively efficient, motivated and happy) has been found to be increased by soccer training and running. 49 However, the majority (4/7) of soccer interventions included in our review included tournament participation. While benefits to tournament participation exist, negative experiences of pressure and fear of letting down teammates were qualitatively reported. Organisers of soccer tournaments for PEH should consider support to ameliorate impacts of possible pressure experienced, which could negatively impact mental health or self-management of addiction. Moreover, our review highlights that comparing the nuances of benefits and challenges of tournament participation and training warrants further research.

Group exercise appeared to be most beneficial for PEH. It is likely that group activities facilitated social support, which is especially pertinent for PEH whose social networks are often fragmented. 50 Configured qualitative and quantitative findings highlighted most evidence for mental health benefits in group outdoor exercise. Specifically, these benefits related to an improvement in mood and state of mind and increased independence, focus, personal development and ability to foster relationships. This may be related to emerging evidence for optimised benefits of outdoor exercise. 51 Corroboration of qualitative and quantitative evidence indicated that PEH who participated in physical activity interventions increased their physical activity levels. There is inherent difficulty comparing types of interventions for levels of benefit, as interventions and outcome measures were heterogeneous. Many physical activity interventions included additional intervention components such as counselling, food or sports kit. Consequently, it is not known if these additional components, enhanced or diluted the effect of physical activity. Moreover, descriptions of physical activity programme variables such as dosage were often lacking, limiting judgment of interventions.

Programme intensity deserves consideration. Soccer, which predominated, is a vigorous intensity sport (10 metabolic equivalent of task (METs) for competitive soccer and 7 METs for casual soccer) 52 so it is likely this high entry level may be exclusionary for some PEH. It should also be considered that some participants may be content to participate on the field while exerting minimal energy, so a diversity in intensity levels is also possible. Given the high prevalence and early manifestation of non-communicable diseases and poor general physical health in many PEH, 53 specifically focused lower threshold physical activity interventions should be also considered. Some low threshold programmes were identified such as gardening and dance. People designing physical activity interventions for PEH should consider a range of abilities and likely poor physical condition, perhaps offering a choice of low threshold activity, as well as higher intensity options, depending on ability and interest.

Qualitative studies dominated the evidence base, justifying the methodological decision of a mixed-methods review. The quality of evidence of most qualitative studies was judged to be high, with perspectives of staff enhancing credibility to the understanding of intervention impact. Significant changes were reported for the outcomes of weightbearing fat mass and overall fat mass in one soccer study, 41 although changes in muscle mass were not reported. Cardiovascular fitness and endurance also improved significantly in soccer studies. 39 42 While these findings were in small, uncontrolled studies, the implication of even minor changes to outcomes such as cardiovascular fitness and endurance may be of importance to PEH, as this group is significantly more likely than housed people to be hospitalised due to acute trauma. 54 Although not specifically explored in this population, it is likely that higher baseline fitness and strength levels may aid recovery post-hospitalisation, so multifaceted programmes addressing cardiovascular endurance and strength may be most beneficial for this population. A limitation of the evidence identified was that only one quantitative study was an RCT. While RCTs are considered the highest evidence level, this review attests to the usefulness of other study designs in this novel and emerging topic. It is acknowledged that RCTs may be especially difficult to undertake due to possible implementation barriers and complexities within this cohort. We propose that to build the evidence base, forms of controlled trials should be conducted where possible, with a view to including more randomised trials in the future. A further limitation was that feasibility outcomes such as adherence and retention rates were not well described, though challenges to participation were described in several qualitative studies. Feasibility analysis, including assessment of adherence and retention, should be included in future studies. Outcome measures employed were not consistent, for example, cardiovascular fitness was measured in three different ways: the Yo-Yo endurance test, cycle ergometry and maximal treadmill testing. The evidence base is limited in terms of the most suitable outcome measures 55 to use in physical activity interventions for PEH. Future studies should explore the most suitable outcome measures with a view to improving consistency in their use to enable future evidence syntheses.

Strengths of this review were its mixed-methods design and the global spread of identified research including studies from the UK and Europe, North America and Australia. However, only high-income countries were included, as low-income and middle-income settings were considered to have different structural influences on homelessness. So a limitation of this systematic review is that the translation of findings to other settings is not known. With regards to descriptions of exclusion criteria, included studies appeared to be pragmatic with minimal reporting of these. For example, no studies listed addiction status or gender diversity as pre-specified barriers to inclusion. Notably, most studies described the outcomes of ‘real world’ established programmes for PEH. In these cases, study eligibility criteria were dependent on those who engaged with the specific programme in the first instance, the eligibility criteria for which were not described, and were most likely self-selection. Only a small number of drop-outs were reported and there was minimal detail about their characteristics. We recognise that a level of stability in addiction and overall socioeconomic status is required to enable engagement in any type of physical activity intervention. Consequently, conclusions drawn from our review may not be applicable to the full diversity of PEH.

A final strength was that the review team capitalised on expertise in inclusion health, physical activity interventions and evidence synthesis with input from expert medical librarians. Studies were quality assessed using a consistent ‘family’ of critical analysis tools from JBI.

This mixed-methods systematic review demonstrates the value in exploring literature across a wide variety of methodological domains to gain insights into the existence and impact of a variety of physical activity interventions for PEH. To confidently inform policy, more research in this topic is required, however, from a practice and research perspective, our results provide initial justification for the inclusion of this typically under-represented group in targeted physical activity interventions with benefits to multiple aspects of physical and mental health, and positive translation into wider life demonstrated. Future research should include larger-scale high quality quantitative research to provide more robust evidence regarding objective impact.

Ethics statements

Patient consent for publication.

Not applicable.

Ethics approval

Acknowledgments.

The authors would like to thank Jacqui Smith, clinical librarian at UCL for sharing her extensive knowledge and supporting the team with their protocol design, searching strategy and carrying out the searches. Thanks also to and David Mockler, librarian, Trinity College Dublin, Dr Cliona Ni Cheallaigh and Professor Andrew Hayward for their advice and support of this work.

  • Marmott M ,
  • Wilkinson RG
  • Van Straaten B ,
  • Rodenburg G ,
  • Van der Laan J , et al
  • Fitzpatrick S ,
  • Bramley G ,
  • Ministry of Housing CLG
  • Geddes JR ,
  • Arnold EM ,
  • Strenth CR ,
  • Hedrick LP , et al
  • Armstrong M ,
  • Shulman C ,
  • Hudson B , et al
  • Piercy KL ,
  • Troiano RP ,
  • Ballard RM , et al
  • Kiernan S ,
  • Ní Cheallaigh C ,
  • Murphy N , et al
  • Rogans-Watson R ,
  • Lewer D , et al
  • Aldridge RW ,
  • Menezes D , et al
  • Mockler D ,
  • Ní Cheallaigh C , et al
  • Lizarondo L ,
  • Carrier J , et al
  • Bressan V ,
  • Bagnasco A ,
  • Aleo G , et al
  • McKenzie JE ,
  • Bossuyt PM , et al
  • Mathew CM ,
  • Mendonca O , et al
  • Vardell E ,
  • Barker TH ,
  • Moola S , et al
  • Porritt K ,
  • Lockwood C , et al
  • Lizarondo LSC ,
  • Carrier J ,
  • Godfrey C , et al
  • Bujold M , et al
  • Sandelowski M ,
  • Knestaur M ,
  • Devine MA ,
  • Kendzor DE ,
  • Allicock M ,
  • Businelle MS , et al
  • Peachey J ,
  • Borland J , et al
  • Norton CL ,
  • Pelletier A , et al
  • Quinton ML ,
  • Holland MJG , et al
  • Laird Y , et al
  • Collins J ,
  • Maughan RJ ,
  • Gleeson M , et al
  • Sanders C ,
  • Randers MB ,
  • Petersen J ,
  • Andersen LJ , et al
  • Marschall J ,
  • Nielsen T-T , et al
  • Hornstrup T , et al
  • Petersen J , et al
  • Strybosch V
  • Thompson JL ,
  • Goldstein A
  • Strahler K ,
  • Krustrup P , et al
  • Tucker JS ,
  • Golinelli D , et al
  • Binsted G , et al
  • Ainsworth BE ,
  • Haskell WL ,
  • Herrmann SD , et al
  • Hwang SW , et al
  • Silver CM ,
  • Thomas AC ,
  • Reddy S , et al
  • Broderick J ,
  • Bates ME , et al

Supplementary materials

Supplementary data.

This web only file has been produced by the BMJ Publishing Group from an electronic file supplied by the author(s) and has not been edited for content.

  • Data supplement 1
  • Data supplement 2
  • Data supplement 3
  • Data supplement 4
  • Data supplement 5

Twitter @DawesJo

Contributors JFD, RR-W and JB all contributed to the planning, conduct and reporting of the work described in the manuscript. JFD is responsible for the overall content as guarantor. JFD and RR-W designed and contributed to the initial registration of the research and the identification of literature at the search stage. JFD, RR-W and JB all contributed to the screening, data extraction and reporting. All authors contributed to the writing up, review, editing and finalising of the manuscript.

Funding JFD was funded by a pre-doctoral fellowship from the National Institute for Health and Care Research (NIHR) School for Public Health Research (SPHR), Grant Reference Number PD-SPH-2015. The views expressed are those of the author(s) and not necessarily those of the NIHR or the Department of Health and Social Care.

Competing interests None declared.

Provenance and peer review Not commissioned; externally peer reviewed.

Supplemental material This content has been supplied by the author(s). It has not been vetted by BMJ Publishing Group Limited (BMJ) and may not have been peer-reviewed. Any opinions or recommendations discussed are solely those of the author(s) and are not endorsed by BMJ. BMJ disclaims all liability and responsibility arising from any reliance placed on the content. Where the content includes any translated material, BMJ does not warrant the accuracy and reliability of the translations (including but not limited to local regulations, clinical guidelines, terminology, drug names and drug dosages), and is not responsible for any error and/or omissions arising from translation and adaptation or otherwise.

Read the full text or download the PDF:

IMAGES

  1. An 8-Step Risk Assessment for Your Facility's Security

    risk assessment methodology for physical security

  2. FREE 12+ Sample Security Risk Assessment Templates in PDF

    risk assessment methodology for physical security

  3. Conducting a Successful Security Risk Assessment

    risk assessment methodology for physical security

  4. Risk Assessment Report

    risk assessment methodology for physical security

  5. A Risk Assessment Methodology for Physical Security

    risk assessment methodology for physical security

  6. A Complete Guide to the Risk Assessment Process

    risk assessment methodology for physical security

VIDEO

  1. Risk Assessment

  2. CONDUCT COMPETENCY ASSESSMENT-TRAINERS METHODOLOGY

  3. How to Perform Risk Assessment and Develop Risk Based Audit Plans?

  4. Route Risk Assessment

  5. 5 July 2023

  6. risk assessment and internal control lecture 2

COMMENTS

  1. PDF Best Practices for Planning and Managing Physical Security Resources

    physical security policies using risk management practices that compare physical security across facilities and measure the performance of physical security programs. As outlined in the Government Accountability Office Reports GAO-13-222 and GAO-15-444, effective program management and performance measurement, including the use of management

  2. A Guide To Physical Security Risk Assessments

    A security site assessment or physical security risk assessment is an evaluation conducted by a security professional that includes an inventory of the assets to be protected, as well as recommendations on how best to protect them. ... Each consultant or firm will deploy a different methodology, but most security professionals take a layered or ...

  3. How to Conduct a Physical Security Risk Assessment

    6 Document and communicate the results. The sixth and final step is to document and communicate the results of your assessment. Documenting the results means creating a written report that ...

  4. Threat Risk Assessment (TRA) for Physical Security

    1. A change to the threat. This could be an increase or decrease in likelihood, change to attack methodology or technology application, or the emergence of an entirely new threat; 2. A change to an asset in terms of physical construction, or in purpose; and. 3.

  5. PDF Risk Assessment Methodologies

    Risk assessment involves the evaluation of risks taking into consideration the potential direct and indirect consequences of an incident, known vulnerabilities to various potential threats or hazards, and general or specific threat/hazard information. This resource document introduces various methodologies that can be utilized by communities to ...

  6. How To Do A Physical Security Risk Assessment

    To properly conduct a physical security assessment, you need to identify the potential risks, review your facility security, review your physical security systems, and finally, review your operating systems. Below is an in-depth look at these steps: 1. Identify Potential Risks. The first step is to identify your risks clearly.

  7. Risk Assessment

    As the preeminent organization dedicated to advancing the practice of risk management, RIMS, the risk management society™, is a global not-for-profit organization representing more than 3,500 industrial, service, nonprofit, charitable and government entities throughout the world. Founded in 1950, RIMS brings networking, professional ...

  8. Guide to Conducting a Physical Security Assessment

    A physical security risk assessment is an evaluation of every aspect of your security system. This evaluation is conducted by a security professional that includes an inventory of the assets to be protected, as well as recommendations on how best to protect them. This is done on a micro and macro level, providing you with the information you ...

  9. PDF A Risk Assessment Methodology for Physical Security §£p J c

    Finally, risk is calculated. In the event that the value of risk is deemed to be unacceptable (too high), the methodology addresses a process for identifying and evaluating security system upgrades in order to reduce risk. Risk assessment Security effectiveness Physical security Consequence Vulnerability analysis Likelihood of attack

  10. Physical Security Assessment in 5 Steps [+ Template]

    Five Steps to a Thorough Physical Security Risk Assessment. The details and specifics will vary based on organizational and environmental factors, but the following five areas should be part of any physical security assessment checklist. 1. Inspect your facilities and sites. The first step is to evaluate the spaces and structures you're securing.

  11. (PDF) The Security Risk Assessment Methodology

    The Security Risk Assessment Methodology. December 2012; Procedia Engineering 43:600-609 ... There is an increasing demand for physical security risk assessments in which the span of assessment ...

  12. PDF Physical Security Systems Assessment Guide, Dec 2016

    Physical Security Systems Assessment Guide is a comprehensive document that provides guidance on how to evaluate the effectiveness of physical protection systems at DOE facilities. It covers topics such as threat assessment, performance testing, vulnerability analysis, and risk management. The guide also includes examples of using tools and items that are available at specific sites to conduct ...

  13. PDF Final Evaluation Report

    This final evaluation report details the results from our evaluation of the U.S. Office of Personnel Management's (OPM) physical security risk assessment process. This evaluation was conducted by the OPM Office of the Inspector General (OIG), as authorized by the Inspector General Act of 1978, as amended. OPM employees and contractor ...

  14. PDF The Security Risk Assessment Methodology

    The Security Risk Assessment Methodology Chunlin Liua,*, Chong-Kuan Tanb, Yea-Saen Fangb, Tat-Seng Lokc ... There is an increasing demand for physical security risk assessments in which the span of assessment usually encompasses threats from terrorism. This paper presents a brief description of the approach taken by the author's organization ...

  15. 6 Steps for Better Physical Security Risk Assessment

    1. Develop a plan and define its scope. Start by figuring out exactly how extensive and far-reaching in scope your physical security risk assessment will be. Let's say you manage corporate offices in five cities, plus a handful of production facilities across the United States.

  16. Security Risk Assessment & Security Controls

    Traditionally, risk assessments are performed with the use of pen and paper that is susceptible to deterioration and loss. It takes a lot of time to hand over assessment reports, which increases the chances of exposing the organization to security risks. SafetyCulture (formerly iAuditor) is a mobile inspection app that can help security ...

  17. Representing Uncertainty in Physical Security Risk Assessment

    The importance of (physical) security is increasingly acknowledged by society and the scientific community. In light of increasing terrorist threat levels, numerous security assessments of critical infrastructures are conducted in practice and researchers propose new approaches continuously. While practical security risk assessments (SRA) use mostly qualitative methods, most of the lately ...

  18. \"A Risk Assessment Methodology for Physical Security\"

    The methodology is based on the traditional risk equation: Risk = PA * (1 - PE) * C, PA = potential for attack, PE = security system effectiveness, 1 - PE = adversary success, and C = consequence of loss to the attack. The process begins with screening a facility to determine if a full assessment is needed.

  19. A Risk Assessment Methodology ( RAM ) for Physical Security

    TLDR. The deficiencies of the existing methods in correlating cyber attacks with physical consequences are discussed, and a research plan is outlined to correct those deficiencies and result in a fully supported methodology to quantify the economic consequences of events that begin with cyber effects, cascade into other physical infrastructure ...

  20. Risk Assessment Methodology for Protecting Our Critical Physical

    Greatly enhanced physical security systems will be required to protect these national assets from new and emerging threats. Sandia National Laboratories has been the lead laboratory for the Department of Energy (DOE) in developing and deploying physical security systems for the past twenty-five years. ... {Risk Assessment Methodology for ...

  21. A Risk Assessment Methodology for Physical Security

    Calculation Methods; Physical Protection; Risk Assessment; Security; STI Subject Categories 98 Nuclear Disarmament, Safeguards, And Physical Protection ; Source. GlobEx '2000, International Energy Conference, Las Vegas, NV (US), 07/23/2000--07/28/2000 ... A Risk Assessment Methodology for Physical Security, article, August 1, 2000; Albuquerque ...

  22. A Risk Assessment Methodology for Physical Security

    Cyber/Physical Assessment Methodology (CPAM) : an integrated cyber/physical security risk assessment methodology. Conference Phelan, James ; Darby, John Security Risk Assessment Methodologies and Chemical Facility Security.

  23. Understanding the RAGE-V Threat Assessment Methodology

    Discover the potential of the RAGE-V threat assessment methodology to revolutionize threat management in security. ... When tasked with ensuring physical security, the burden in the aftermath of workplace violence incidents that shatter our sense of safety weighs heavy. ... a Senior Manager of Kroll's Enterprise Security Risk Management ...

  24. Model-based risk assessment for cyber physical systems security

    We summarize the key contributions of the paper as follows: (1) the introduction of hybrid system automaton as a powerful tool for cyber security risk assessment, and countermeasure & mitigation design. Development of an integrated safety-security model-based co-design approach for CPS. The approach integrates physical and cyber models for ...

  25. How Crisis Intervention Informs Proactive Security in Schools

    Physical security protocols were initiated, and a full threat assessment was conducted to determine what the student's end goal was. Police confiscated the firearm and arrested the student. School security officials and threat assessment teams should follow up on any allegation, no matter how minor the issue seems.

  26. Weighing Student Development in K-12 Behavioral Threat Assessment

    Those measures can include deploying personnel or changing up access control, but effective threat assessment and intervention also involves management strategies outside traditional security, including bringing in mental health, conflict resolution, or anger management resources, which is where non-security professionals are invaluable.

  27. Vulnerability Assessment vs. Penetration Testing: 8 Differences

    Vulnerability Assessment Process. Source: ManageEngine Opens a new window How it works. VAs follow a structured approach, typically involving these key phases: Planning and scoping: Defining the scope of the assessment and outlining which systems, networks, and data will be scanned.This aligns with the organization's goals, such as identifying high-risk vulnerabilities or meeting specific ...

  28. Physical vulnerability curve construction and quantitative risk

    Surprisingly, little attention has been devoted to the construction of physical vulnerability curves in typhoon-affected areas, as a basis for risk assessment. To address this deficiency, this paper presents a quantitative method for developing physical vulnerability curves for buildings by modeling debris flow intensity and building damage ...

  29. 'You can change your life through sports'—physical activity

    The risk of bias assessment found study quality to vary; with 6 being high, 6 moderate, 4 low and 1 very low. A mixed-methods synthesis identified physical and mental health benefits. Qualitative evidence highlighted benefits carried into wider life, the challenges of participating and the positive impact of physical activity on addiction.