RISK TAXONOMY

RISK TAXONOMY

The RANE Risk Taxonomy improves assessment and management of risk.RANE’s proprietary taxonomy classifies experts and content into over 250 individual risk topics, all falling into six major categories.

RANE NETWORK | SAFETY + SECURITY

 

SAFETY + SECURITY

Personal and Executive Protection Workplaces, Schools and Events Infrastructure and Critical Industry Terrorism and Emerging Threats Supply Chain and Product Integrity Natural Disasters and Climate Change

> View All

RANE NETWORK | CYBER + INFORMATION

 

CYBER + INFORMATION

Data Protection Forensics Privacy and Identity Digital Currency and Payments Breaches and Remediation

> View All

RANE NETWORK | LEGAL + REGULATORY

 

LEGAL + REGULATORY

Fraud, Corruption and Illicit Activities Transactional and Regulatory Litigation and Investigations Monitorships

> View All

RANE NETWORK | GOVERNANCE, RISK + COMPLIANCE

 

DILIGENCE, BUSINESS + GEOPOLITICAL INTEL

Due Diligence Investigative Resources Background and Employment Screenings Vendor Screenings Geo-Political Risk Business Intelligence Resources Economic/Market Risk

> View All

RANE NETWORK | GOVERNANCE, RISK + COMPLIANCE

 

GOVERNANCE, RISK + COMPLIANCE

Policies and Procedures Internal and External Audits Surveillance and Monitoring Third-Party and Dashboard Solutions Compliance Testing Human Capital Management Reputation Management

> View All

RANE NETWORK | MEDICAL + PSYCHOLOGICAL

 

MEDICAL + PSYCHOLOGICAL

Substance Abuse and Addiction Mental Illness Medical/Legal Suicide and Acts of Violence Pandemics and Infectious Diseases

> View All

RANE NETWORK | SAFETY + SECURITY

SAFETY + SECURITY

Personal and Executive Protection

Workplaces, Schools and Events

Infrastructure and Critical Industry

Terrorism and Emerging Threats

Supply Chain and Product Integrity

Natural Disasters and Climate Change

Perhaps the most elemental issue in risk management, Safety + Security encompasses protecting not only individuals and their families but also a broad range of personal, business and civic commitments from various forms of attack, both man-made and natural.

Almost by definition the risks comprised in Safety + Security cannot stand alone. Issues in the area connect closely with elements in other categories. Attacks on critical infrastructure, for example, relate as well to Cyber + Information topics like data protection; maintaining product integrity connects with topics under Diligence, Business, + Geopolitical Intel: for example, drug testing, fingerprinting and internal investigations. Issues in Medical + Psychological such as substance abuse and mental illness are often tied to threats to public safety, while corporate governance and human capital management touch questions of personal protection, supply chain and critical infrastructure.

PERSONAL PROTECTION
Personal and Executive Protection

 

Individual and Family Home Vehicles Security Surveys Travel Rescues and Evacuations

Enterprises and organizations must ensure that the people and property in their orbits remain safe from harm, be it theft, tampering or physical attack. That includes having adequate systems and information in place to protect employees traveling or living abroad. Detailed and flexible rescue, recovery and evacuation plans are often needed, as well as being prepared for the possibility of kidnapping for ransom. Thorough background checks and check lists are also crucial.
PUBLIC SAFETY
Workplaces, Schools, and Events

Workplaces, Schools, and Events Mass Shootings and Attacks Construction Security Sexual Assaults and Misconduct Violence and Bullying Surveillance of Property or Grounds Screenings and Identification Services Guard Services Canine Services Disability Services

Everything from workplace and campus violence, school bullying and sexual harassment to local crime, terrorism and weapons of mass destruction are among the broader risks that necessitate many kinds of screening, surveillance and response. Monitoring social media for potential threats is an increasingly essential part of the job.
CRITICAL INFRASTRUCTURE
Infrastructure and Critical Industry

Transportation Financial Utilities Communications Health Public Safety

Transportation systems, communications and financial networks, and power utilities all must confront and manage persistent risks of attack (both physical and cyber) and failure. To counter such dangers, operators have to develop comprehensive systems for assessment, management and recovery.
SUPPLY CHAIN
Supply Chain and Product Integrity

Customs Clearance Hijackings Piracy Tampering Contamination Mislabeling

Maintaining integrity in a supply chain, and in products themselves, involves facing challenges brought to bear by forces both legal and illegal: from customs services to hijackers, from judiciary investigations to tampering and contamination. Companies must be vigilant about the threat of counterfeiting, and remain mindful of human rights and labor standards, at home and abroad.
NATURAL DISASTERS
Natural Disasters and Climate Change

Avalanches Droughts Earthquakes Mudslides Solar Flares Tornados Tsunamis Volcanic Eruptions Wildfires

The natural world can threaten security more thoroughly than any human attack. Amid global climate change, some of the more familiar natural risks include tsunami, flood, hurricane and wildfire. More esoteric phenomena–ranging from sinkholes to solar flares–represent even less predictable threats to safety and security. The potential for chaos associated with such events can often lead to social and civil unrest; authorities must also be prepared for the possibility of destabilizing disruptions to food and water supplies as well as power and communications networks.
TERRORISM
Terrorism and Emerging Threats

Biological Chemical Nuclear and WMDs Explosives Cyber and Digital

RANE NETWORK | CYBER + INFORMATION

CYBER + INFORMATION

Data Protection Forensics Privacy and Identity Digital Currency and Payments Breaches and Remediation

Threats to information are growing exponentially while defense mechanisms seem incapable of keeping pace. No space is more critically in need of protection, and yet more vulnerable to attack, than an organization’s IT systems and infrastructure.

Issues in Cyber + Information, involving areas as diverse as attack, remediation and preservation as well as threats to critical infrastructure and supply chains, connect especially closely with topics in Safety + Security. At the same time, the need for close cooperation between the public and private sectors in combating such threats means that the Legal + Regulatory domain cannot be overlooked. That such attacks tend to come from a few distinct parts of the world, often state sponsored, or stem from industrial espionage suggests that Business, Diligence and Geopolitical Intel must always be taken into account when dealing with threats to any enterprise’s underlying technology. Often overlooked in responding to breaches is the critical aspect of how to manage the damage from a public relations standpoint, a key area under Governance, Risk + Compliance.

DATA PROTECTION AND PRIVACY
Networked data is a key resource and protecting it is a key priority for individuals, enterprises and governments. In both large-scale infrastructure and smaller personal computing and entertainment systems, the firewall remains a critical component to protecting privacy and maintaining data integrity. Assessing appropriate firewall deployment requires expertise in application-layer software, mandatory access control, proxy servers, and concealment of network addresses.

 

MOBILE
With mobile communication over wireless, cell, and satellite systems fast becoming a standard–even a default–practice, privacy and data is subjected to new risks. Specialized expertise is required to ensure protection of data routinely subject to exposure via phone and other handheld devices.

HACKING
When breaches do occur, the first step in achieving remediation is to investigate the purpose of the hack, be it theft, covert warfare, hactivism or spying. Expertise in forensic data extraction—especially for mobile devices—plays a key role, as do more traditional forensic techniques like identification and interpretation.

DEGRADATION
Time and change pose threats to data as dire as human attack. Data originally created on a wide array of software and platforms can become incompatible, outmoded or obsolete. Though critical to operations, much legacy data is quickly degrading beyond repair. Custom programming can enable targeted, highly intelligent searches through massive databases to locate, capture, mirror and preserve at-risk data.

Issues in Cyber + Information, involving areas as diverse as attack, remediation and preservation as well as threats to critical infrastructure and supply chains, connect especially closely with topics in Safety + Security. At the same time, the need for close cooperation between the public and private sectors in combating such threats means that the Legal + Regulatory domain cannot be overlooked. That such attacks tend to come from a few distinct parts of the world, often state sponsored, or stem from industrial espionage suggests that Business, Diligence and Geopolitical Intel must always be taken into account when dealing with threats to any enterprise’s underlying technology. Often overlooked in responding to breaches is the critical aspect of how to manage the damage from a public relations standpoint, a key area under Governance, Risk + Compliance.

Data Protection

Firewalls
Data Security
Mobile & Communications

Forensics

Data Extraction
Data Identification
Data Interpretation
Media Preservation

Digital Currency and Payments

Privacy and Identity

Personal
Commerical
Governmental

RANE NETWORK | GOVERNANCE, RISK + COMPLIANCE

DILIGENCE, BUSINESS + GEOPOLITICAL INTEL

Due Diligence Investigative Resources Background and Employment Screenings Vendor Screenings Geo-Political Risk Business Intelligence Resources Economic/Market Risk

Diligence, Business + Geopolitical Intel embraces research and screening to help organizations avoid certain costly and preventable mistakes. A wide array of investigative tools is used to discover warning signs in potential employees, partners, vendors, clients, customers, geographic markets, acquisition targets and others.

DUE DILIGENCE AND BUSINESS INTEL
Before entering into contractual and other relationships, companies and individuals must take steps to avoid exposure to legal liability and document defensible standards of care. Such risks, legal, financial and reputational, may stem from transactions (investment opportunities including public offerings, direct investments, financing, acquisitions and partnerships.); hiring both full- and part-time employees and individual contractors and vendors; and leasing, not only business offices but also infrastructure, including vehicles. Companies also rely on market analyses and competitive intelligence to weigh the commercial pros and cons of entering a new business or market.

ENHANCED DUE DILIGENCE
Risk can extend to customers or partners who may have motives for purchasing goods and services and making investments that can expose a business to prosecution as a criminal accomplice. A host of complex laws and regulations make it highly problematic for corporations, investors and entrepreneurs to become unwitting abettors of corruption; that can run the gamut from money laundering and sanctions evasion to terrorist and other illicit financing, and concealment of other illegal activity.

RESEARCH
Carrying out due diligence requires scrutinizing public records; studying IPO and mergers and acquisitions; reviewing individual social-media activity; sorting out immigration histories; identifying parties with interests in assets beyond the officially listed owners (“beneficial ownership”); and gaining knowledge of specific activities that have contributed to a corporate balance sheet or an individual’s net worth (“source of wealth”). Resources for carrying out depth and breadth of research and investigation take a number of forms, from analyzing “big data” and forensic accounting to industry analyses of regulatory trends and testing for internal controls. Other approaches can include handwriting analysis, polygraph, fingerprinting, behavioral profiling and surveillance.

GEOPOLITICAL INTEL
Regularly assessing risk premiums in overseas markets is an essential part of being a successful multinational enterprise. Geopolitical Intel is not limited to researching potential business opportunities. It is important for companies to gain detailed knowledge of operations in locations where political change, enforcement initiatives and social turmoil can occur suddenly and be very costly. Awareness of many forms of government and other corruption, and the potential for industry nationalizations, are also essential to doing business in certain parts of the world.

Many techniques in this category interconnect with topics in Governance, Risk + Compliance (GRC), Legal + Regulatory and Safety + Security, including surveillance of people and property; locating missing persons; drug testing; internal investigation; undercover operations; locating and interviewing witnesses; protection of people and assets; enhancement of internal controls; and maintaining government relations.

Due Diligence

Public Records and Database
Research
Enhanced Due Diligence
Transactional Research (M&A, IPO, etc.)
Social Media Research
Immigration Reviews Beneficial
Ownership
Source of Wealth

Investigative Resources

Behavioral and Psychological Profiling
Bombings and Arson
Counterfeiting
Court and Public Records
DNA Forensics
Drug Testing
Fingerprinting
Internal Investigations
Missing Persons
“Mystery Shoppers”
Polygraphs and Deception Detection
Surveillance (Personal and Property)
Undercover Operations
Voice Analysis
Witness Location and Interviews

Business Intelligence Resources

Competitive and Market Analyses

Geo-Political Risk
Vendor Screenings
Economic/Market Risk

Background and Employment Screenings

RANE NETWORK | GOVERNANCE, RISK + COMPLIANCE

GOVERNANCE, RISK + COMPLIANCE

Policies and Procedures Internal and External Audits Surveillance and Monitoring Third-Party and Dashboard Solutions Compliance Testing Human Capital Management Reputation Management

Governance, Risk + Compliance (GRC) covers all aspects of an organization’s policies, procedures and structure for managing and complying with requirements imposed by law as well as documenting standards of care and management and board oversight.

COMPLIANCE
Large, complicated regulatory systems, making stringent, ever-changing demands on industry, require enterprises to pay close attention to a wide range of compliance policies. These can include legal and internal controls, financial integrity and tax compliance, all of which become more complex as organizations grow; failure to comply with all obligations in every detail may draw increasingly dire consequences. Demands for compliance now come from a broad array of constituencies, including state and federal regulators, auditors, shareholders, creditors, industry standards and practices, and a company’s own testing systems. Establishing organizational policies, procedures, controls and testing systems for all forms of compliance is critical.

TECHNOLOGY
Because regulatory and tax compliance are often achieved and monitored via enterprise software, a thorough understanding of the salient technology forms a critical area of expertise. Outsourced third-party and dashboard solutions play a pervasive role in today’s efficient business practice; such solutions, if weakly scrutinized, present significant liability risk. In addition, technology often plays a critical role in transactional surveillance, electronic communications surveillance, vendor management, and fraud and whistleblower reporting.

SUBPOENA
Failure to follow subpoena instructions can lead to fines and even incarceration. Yet following those instructions can be far from intuitive. Navigating the issue of compliance with subpoenas requires special legal and procedural expertise.

DETECTION AND REPORTING
Financial reporting, whether to stockholders, government agencies, or potential investors via prospectus, is only one key form of reporting. Suspicious activity reporting requirements vary from country to country. As law enforcement organizations and financial regulatory agencies continue to expand their efforts to collect and analyze transactions, demands are intensifying on financial institutions to scrutinize and report suspicious activity.

Whistleblower reporting — when an employee brings supervisors’ attention to alleged violations — subjects employers to a plethora of rules governed by US agencies from EPA, OSHA, Treasury and the SEC to Justice, Defense, Commerce and Labor. Early detection and reporting can be one of the most significant mitigating factors in limiting criminal and civil liability.

TESTING
Testing, one of a number of internal audits for which prudent companies establish and execute procedures, plays a critical role in ameliorating risk of noncompliance by making sure employees are aware of the rules. Coping with external audits—by government agencies, contractual partners and others—also requires well-considered policies and procedures.

EMPLOYMENT
Organizations draw, most importantly, on human capital. Special attention must be paid to matters like employees’ immigration status and visas. Such scrutiny may involve detailed research, as well as surveillance, monitoring and screenings of customers, transactions and every kind of internal and external communications: email, text, and phone.

REPUTATION
Managing an organization’s reputation depends on maintaining positive relationships with the public, the media, government and investors. Social media plays a key role: handling its benefits and potential downsides demands expertise in a rapidly changing digital landscape. Corporate Social Responsibility (CSR) enables a company to maintain adherence to generally recognized standards of conduct. Charitable giving, support for non-governmental organizations (NGO), and political contributions can enhance reputation but carry potential for risk and must be handled with caution and sophistication.

Because of the complex nature of GRC—and the high stakes often attending it–this topic extends to a number of related issues, involving companies’ human capital, communications, and reputation, connecting with topics in other major areas of risk assistance, especially Diligence, Business + Global Intel and Legal + Regulatory.

Policies and Procedures

Business Continuity
Regulatory Compliance
Subpoena Compliance
Suspicious Activity Reporting (SARs)
Tax Compliance
Whistleblower Reporting

Human Capital Management

Employment Practices
Immigration/Visas

Compliance Testing
Internal and External Audits
Third-Party and Dashboard Solutions

Surveillance and Monitoring

Email Surveillance
External Communications Customer
Screenings Transactional Surveillance
Suspicious Activity Detection

Reputation Management

Media Public and Relations
Governmental Relations
Investor Relations
Social and Digital

RANE NETWORK | MEDICAL + PSYCHOLOGICAL

MEDICAL + PSYCHOLOGICAL

Substance Abuse and Addiction Mental Illness Medical/Legal Suicide and Acts of Violence Pandemics and Infectious Diseases

Medical and psychological issues pose companies and their employees (and customers) a special set of challenges, with safety and legal ramifications. For too long overlooked at an enterprise level, they require unique blends of sensitivity, acumen and assertiveness, The smartest organizations know they have to put systems and programs in place to deal with such problems long before they actually manifest themselves at the office; by that point, not only do they cause havoc for employees and their families but they can become a major distraction for co-workers.

ADDICTION

Abuse of alcohol and recreational and prescription drugs is as pervasive a problem for companies and organizations as it is in broader society. It has the potential to undermine work performance and quality –and not just of the victim–while damaging individuals, weakening morale, and sapping valuable reputation. Addressing such complicated issues requires a mix of medical, psychological, managerial and legal expertise.

MENTAL ILLNESS

Taking a multitude of forms, from anxiety, depression and schizophrenia to eating and personality disorders, mental illness challenges a company to manage highly fraught, deeply personal issues. Legal matters involve privacy, consent and employer responsibility. A company may need to make complicated accommodations, pay unexpected costs, and develop appropriate communication systems by which employees may report to supervisors on personal matters while maintaining privacy.

INFECTIOUS DISEASE

Modern transportation and a global marketplace help pathogens travel great distances in short times, as evidenced by everything from Ebola, pandemic flu and SARS to virulent strains of TB and the rising problem of antibiotic resistance. With workplaces serving as ideal incubators of disease, an entire workforce can become quickly disabled, interrupting critical business processes. Techniques from rapid redeployment to quarantine—with their own legal considerations—can become key to maintaining operations and employee and customer trust. Proper planning must include the distribution of potentially scarce medical resources; in some cases companies must make difficult choices of prioritizing certain critical, front-line employees who should receive treatment or medication before others. Both the public and private sectors cannot afford to discount the possibility of a biological weapons attack.

ACTS OF VIOLENCE

Both suicide and violence against others destabilize workplaces. Angry workers, the mentally ill, family members with grudges, terrorists and activists may all pose physical threats. The issue reaches into areas as diverse as hiring practices, background screenings, security, and vehicle control. Prevention of and recovery from suicide and violence may call for refined approaches to hostility management, threat notification, family assistance programs and emergency drills.

Medical + Psychological issues are much more intertwined with other risk areas than often appreciated. An organization fails to realize this at its own peril. Substance abuse and mental illness’ potential links to workplace violence puts the category squarely in the realm of Safety + Security; employee background screening for personal problems relate to Diligence; and all manner of laws and regulations regarding how an organization deals with employees’ medical or psychological issues (and privacy) connect to both Compliance and Legal + Regulatory. Companies may also need to coordinate with law enforcement and handle any potential PR fallout.

Medical/Legal

Consent
Privacy

Substance Abuse and Addiction

Prescription and Controlled Substances
Alcohol
Gambling

Mental Illness

Anxiety
Depression
Bipolar
OCD and Related
Trauma/Post Traumatic Stress
Eating and Feeding Disorders
Dissociative Disorders
Schizophrenia Spectrum and Other
Psychotic Disorders
Neurodevelopmental and Attention
Disorders Neurocognitive Disorders
Personality Disorders

Suicide and Acts of Violence

Pandemics and Infectious Diseases