Risk Taxonomy

RANE’s proprietary taxonomy classifies experts and content into over 250 individual risk topics, all falling into six major categories.

SAFETY + SECURITY

Personal and Executive Protection
Public Safety: Workplaces, Schools and Events
Infrastructure and Critical Industry
Terrorism and Emerging Threats
Supply Chain and Product Integrity
Natural Disasters and Climate Change

CYBER + INFORMATION

Data Protection
Forensics
Privacy and Identity
Digital Currency and Payments
Breaches and Remediation

LEGAL + REGULATORY

Fraud, Corruption and Illicit Activities
Transactional and Regulatory
Litigation and Investigations
Monitorships

DILIGENCE, BUSINESS + GEOPOLITICAL INTEL

Due Diligence
Investigative Resources
Background and Employment Screenings
Vendor Screenings
Geo-Political Risk
Business Intelligence Resources
Economic/Market Risk

GOVERNANCE, RISK + COMPLIANCE

Policies and Procedures
Internal and External Audits
Surveillance and Monitoring
Third-Party and Dashboard Solutions
Compliance Testing
Human Capital Management
Reputation Management

MEDICAL + PSYCHOLOGICAL

Substance Abuse and Addiction
Mental Illness
Medical/Legal
Suicide and Acts of Violence
Pandemics and Infectious Diseases

SAFETY + SECURITY

Personal and Executive Protection
Workplaces, Schools and Events
Infrastructure and Critical Industry
Terrorism and Emerging Threats
Supply Chain and Product Integrity
Natural Disasters and Climate Change

Perhaps the most elemental issue in risk management, Safety + Security encompasses protecting not only individuals and their families but also a broad range of personal, business and civic commitments from various forms of attack, both man-made and natural.

Almost by definition the risks comprised in Safety + Security cannot stand alone. Issues in the area connect closely with elements in other categories. Attacks on critical infrastructure, for example, relate as well to Cyber + Information topics like data protection; maintaining product integrity connects with topics under Diligence, Business, + Geopolitical Intel: for example, drug testing, fingerprinting and internal investigations. Issues in Medical + Psychological such as substance abuse and mental illness are often tied to threats to public safety, while corporate governance and human capital management touch questions of personal protection, supply chain and critical infrastructure.

Personal and Executive Protection

Individual and Family Home/Vehicles
Security Surveys
Travel Rescues and Evacuations

Enterprises and organizations must ensure that the people and property in their orbits remain safe from harm, be it theft, tampering or physical attack. That includes having adequate systems and information in place to protect employees traveling or living abroad. Detailed and flexible rescue, recovery and evacuation plans are often needed, as well as being prepared for the possibility of kidnapping for ransom. Thorough background checks and check lists are also crucial.

Workplaces, Schools, and Events

Mass Shootings and Attacks
Construction Security
Sexual Assaults and Misconduct
Violence and Bullying
Surveillance of Property or Grounds
Screenings and Identification Services
Guard Services
Canine Services
Disability Services

Everything from workplace and campus violence, school bullying and sexual harassment to local crime, terrorism and weapons of mass destruction are among the broader risks that necessitate many kinds of screening, surveillance and response. Monitoring social media for potential threats is an increasingly essential part of the job.

Infrastructure and Critical Industry

Transportation
Financial
Utilities
Communications
Health/Public Safety

Transportation systems, communications and financial networks, and power utilities all must confront and manage persistent risks of attack (both physical and cyber) and failure. To counter such dangers, operators have to develop comprehensive systems for assessment, management and recovery.

Supply Chain and Product Integrity

Customs Clearance
Hijackings
Piracy
Tampering
Contamination
Mislabeling

Maintaining integrity in a supply chain, and in products themselves, involves facing challenges brought to bear by forces both legal and illegal: from customs services to hijackers, from judiciary investigations to tampering and contamination. Companies must be vigilant about the threat of counterfeiting, and remain mindful of human rights and labor standards, at home and abroad.

Natural Disasters and Climate Change

Avalanches
Droughts
Earthquakes
Mudslides
Solar Flares
Tornados
Tsunamis
Volcanic Eruptions
Wildfires

The natural world can threaten security more thoroughly than any human attack. Amid global climate change, some of the more familiar natural risks include tsunami, flood, hurricane and wildfire. More esoteric phenomena–ranging from sinkholes to solar flares–represent even less predictable threats to safety and security. The potential for chaos associated with such events can often lead to social and civil unrest; authorities must also be prepared for the possibility of destabilizing disruptions to food and water supplies as well as power and communications networks.

Terrorism and Emerging Threats

Biological
Chemical
Nuclear and WMDs
Explosives
Cyber and Digital

CYBER + INFORMATION

Data Protection
Forensics
Privacy and Identity
Digital Currency and Payments
Breaches and Remediation

Threats to information are growing exponentially while defense mechanisms seem incapable of keeping pace. No space is more critically in need of protection, and yet more vulnerable to attack, than an organization’s IT systems and infrastructure.

Issues in Cyber + Information, involving areas as diverse as attack, remediation and preservation as well as threats to critical infrastructure and supply chains, connect especially closely with topics in Safety + Security. At the same time, the need for close cooperation between the public and private sectors in combating such threats means that the Legal + Regulatory domain cannot be overlooked. That such attacks tend to come from a few distinct parts of the world, often state sponsored, or stem from industrial espionage suggests that Business, Diligence and Geopolitical Intel must always be taken into account when dealing with threats to any enterprise’s underlying technology. Often overlooked in responding to breaches is the critical aspect of how to manage the damage from a public relations standpoint, a key area under Governance, Risk + Compliance.

Firewalls
Data Security
Mobile & Communications

Networked data is a key resource and protecting it is a key priority for individuals, enterprises and governments. In both large-scale infrastructure and smaller personal computing and entertainment systems, the firewall remains a critical component to protecting privacy and maintaining data integrity. Assessing appropriate firewall deployment requires expertise in application-layer software, mandatory access control, proxy servers, and concealment of network addresses.

With mobile communication over wireless, cell, and satellite systems fast becoming a standard–even a default–practice, privacy and data is subjected to new risks. Specialized expertise is required to ensure protection of data routinely subject to exposure via phone and other handheld devices.

Data Extraction
Data Identification
Data Interpretation
Media Preservation

When breaches do occur, the first step in achieving remediation is to investigate the purpose of the hack, be it theft, covert warfare, hactivism or spying. Expertise in forensic data extraction—especially for mobile devices—plays a key role, as do more traditional forensic techniques like identification and interpretation.

Time and change pose threats to data as dire as human attack. Data originally created on a wide array of software and platforms can become incompatible, outmoded or obsolete. Though critical to operations, much legacy data is quickly degrading beyond repair. Custom programming can enable targeted, highly intelligent searches through massive databases to locate, capture, mirror and preserve at-risk data.

DILIGENCE, BUSINESS + GEOPOLITICAL INTEL

Due Diligence
Investigative Resources
Background and Employment Screenings
Vendor Screenings
Geopolitical Risk
Business Intelligence Resources
Economic/Market Risk

Diligence, Business + Geopolitical Intel embraces research and screening to help organizations avoid certain costly and preventable mistakes. A wide array of investigative tools is used to discover warning signs in potential employees, partners, vendors, clients, customers, geographic markets, acquisition targets and others.

Many techniques in this category interconnect with topics in Governance, Risk + Compliance (GRC), Legal + Regulatory and Safety + Security, including surveillance of people and property; locating missing persons; drug testing; internal investigation; undercover operations; locating and interviewing witnesses; protection of people and assets; enhancement of internal controls; and maintaining government relations.

Public Records and Database
Research
Enhanced Due Diligence
Transactional Research (M&A, IPO, etc.)
Social Media Research
Immigration Reviews Beneficial
Ownership
Source of Wealth

Before entering into contractual and other relationships, companies and individuals must take steps to avoid exposure to legal liability and document defensible standards of care. Such risks, legal, financial and reputational, may stem from transactions (investment opportunities including public offerings, direct investments, financing, acquisitions and partnerships.); hiring both full- and part-time employees and individual contractors and vendors; and leasing, not only business offices but also infrastructure, including vehicles. Companies also rely on market analyses and competitive intelligence to weigh the commercial pros and cons of entering a new business or market.

Behavioral and Psychological Profiling
Bombings and Arson
Counterfeiting
Court and Public Records
DNA Forensics
Drug Testing
Fingerprinting
Internal Investigations
Missing Persons
“Mystery Shoppers”
Polygraphs and Deception Detection
Surveillance (Personal and Property)
Undercover Operations
Voice Analysis
Witness Location and Interviews

Carrying out due diligence requires scrutinizing public records; studying IPO and mergers and acquisitions; reviewing individual social-media activity; sorting out immigration histories; identifying parties with interests in assets beyond the officially listed owners (“beneficial ownership”); and gaining knowledge of specific activities that have contributed to a corporate balance sheet or an individual’s net worth (“source of wealth”). Resources for carrying out depth and breadth of research and investigation take a number of forms, from analyzing “big data” and forensic accounting to industry analyses of regulatory trends and testing for internal controls. Other approaches can include handwriting analysis, polygraph, fingerprinting, behavioral profiling and surveillance.

Background and Employment Screenings
Competitive and Market Analyses
Vendor Screenings
Economic/Market Risk

Risk can extend to customers or partners who may have motives for purchasing goods and services and making investments that can expose a business to prosecution as a criminal accomplice. A host of complex laws and regulations make it highly problematic for corporations, investors and entrepreneurs to become unwitting abettors of corruption; that can run the gamut from money laundering and sanctions evasion to terrorist and other illicit financing, and concealment of other illegal activity.

Regularly assessing risk premiums in overseas markets is an essential part of being a successful multinational enterprise. Geopolitical Intel is not limited to researching potential business opportunities. It is important for companies to gain detailed knowledge of operations in locations where political change, enforcement initiatives and social turmoil can occur suddenly and be very costly. Awareness of many forms of government and other corruption, and the potential for industry nationalizations, are also essential to doing business in certain parts of the world.

GOVERNANCE, RISK + COMPLIANCE

Policies and Procedures
Internal and External Audits
Surveillance and Monitoring
Third-Party and Dashboard Solutions
Compliance Testing
Human Capital Management
Reputation Management

Governance, Risk + Compliance (GRC) covers all aspects of an organization’s policies, procedures and structure for managing and complying with requirements imposed by law as well as documenting standards of care and management and board oversight.

Because of the complex nature of GRC—and the high stakes often attending it–this topic extends to a number of related issues, involving companies’ human capital, communications, and reputation, connecting with topics in other major areas of risk assistance, especially Diligence, Business + Global Intel and Legal + Regulatory.

Business Continuity
Regulatory Compliance
Subpoena Compliance
Suspicious Activity Reporting (SARs)
Tax Compliance
Whistleblower Reporting

Large, complicated regulatory systems, making stringent, ever-changing demands on industry, require enterprises to pay close attention to a wide range of compliance policies. These can include legal and internal controls, financial integrity and tax compliance, all of which become more complex as organizations grow; failure to comply with all obligations in every detail may draw increasingly dire consequences. Demands for compliance now come from a broad array of constituencies, including state and federal regulators, auditors, shareholders, creditors, industry standards and practices, and a company’s own testing systems. Establishing organizational policies, procedures, controls and testing systems for all forms of compliance is critical.

Email Surveillance
External Communications Customer
Screenings Transactional Surveillance
Suspicious Activity Detection

Because regulatory and tax compliance are often achieved and monitored via enterprise software, a thorough understanding of the salient technology forms a critical area of expertise. Outsourced third-party and dashboard solutions play a pervasive role in today’s efficient business practice; such solutions, if weakly scrutinized, present significant liability risk. In addition, technology often plays a critical role in transactional surveillance, electronic communications surveillance, vendor management, and fraud and whistleblower reporting.

Employment Practices
Immigration/Visas

Organizations draw, most importantly, on human capital. Special attention must be paid to matters like employees’ immigration status and visas. Such scrutiny may involve detailed research, as well as surveillance, monitoring and screenings of customers, transactions and every kind of internal and external communications: email, text, and phone.

Media Public and Relations
Governmental Relations
Investor Relations
Social and Digital

Managing an organization’s reputation depends on maintaining positive relationships with the public, the media, government and investors. Social media plays a key role: handling its benefits and potential downsides demands expertise in a rapidly changing digital landscape. Corporate Social Responsibility (CSR) enables a company to maintain adherence to generally recognized standards of conduct. Charitable giving, support for non-governmental organizations (NGO), and political contributions can enhance reputation but carry potential for risk and must be handled with caution and sophistication.

Failure to follow subpoena instructions can lead to fines and even incarceration. Yet following those instructions can be far from intuitive. Navigating the issue of compliance with subpoenas requires special legal and procedural expertise.

Financial reporting, whether to stockholders, government agencies, or potential investors via prospectus, is only one key form of reporting. Suspicious activity reporting requirements vary from country to country. As law enforcement organizations and financial regulatory agencies continue to expand their efforts to collect and analyze transactions, demands are intensifying on financial institutions to scrutinize and report suspicious activity.

Whistleblower reporting — when an employee brings supervisors’ attention to alleged violations — subjects employers to a plethora of rules governed by US agencies from EPA, OSHA, Treasury and the SEC to Justice, Defense, Commerce and Labor. Early detection and reporting can be one of the most significant mitigating factors in limiting criminal and civil liability.

Testing, one of a number of internal audits for which prudent companies establish and execute procedures, plays a critical role in ameliorating risk of noncompliance by making sure employees are aware of the rules. Coping with external audits—by government agencies, contractual partners and others—also requires well-considered policies and procedures.

MEDICAL + PSYCHOLOGICAL

Substance Abuse and Addiction
Mental Illness
Medical/Legal
Suicide and Acts of Violence
Pandemics and Infectious Diseases

Medical and psychological issues pose companies and their employees (and customers) a special set of challenges, with safety and legal ramifications. For too long overlooked at an enterprise level, they require unique blends of sensitivity, acumen and assertiveness, The smartest organizations know they have to put systems and programs in place to deal with such problems long before they actually manifest themselves at the office; by that point, not only do they cause havoc for employees and their families but they can become a major distraction for co-workers.

Medical + Psychological issues are much more intertwined with other risk areas than often appreciated. An organization fails to realize this at its own peril. Substance abuse and mental illness’ potential links to workplace violence puts the category squarely in the realm of Safety + Security; employee background screening for personal problems relate to Diligence; and all manner of laws and regulations regarding how an organization deals with employees’ medical or psychological issues (and privacy) connect to both Compliance and Legal + Regulatory. Companies may also need to coordinate with law enforcement and handle any potential PR fallout.

Prescription and Controlled Substances
Alcohol
Gambling

Abuse of alcohol and recreational and prescription drugs is as pervasive a problem for companies and organizations as it is in broader society. It has the potential to undermine work performance and quality –and not just of the victim–while damaging individuals, weakening morale, and sapping valuable reputation. Addressing such complicated issues requires a mix of medical, psychological, managerial and legal expertise.

Anxiety
Depression
Bipolar
OCD and Related
Trauma/Post Traumatic Stress
Eating and Feeding Disorders
Dissociative Disorders
Schizophrenia Spectrum and Other
Psychotic Disorders
Neurodevelopmental and Attention
Disorders Neurocognitive Disorders
Personality Disorders

Taking a multitude of forms, from anxiety, depression and schizophrenia to eating and personality disorders, mental illness challenges a company to manage highly fraught, deeply personal issues. Legal matters involve privacy, consent and employer responsibility. A company may need to make complicated accommodations, pay unexpected costs, and develop appropriate communication systems by which employees may report to supervisors on personal matters while maintaining privacy.

Modern transportation and a global marketplace help pathogens travel great distances in short times, as evidenced by everything from Ebola, pandemic flu and SARS to virulent strains of TB and the rising problem of antibiotic resistance. With workplaces serving as ideal incubators of disease, an entire workforce can become quickly disabled, interrupting critical business processes. Techniques from rapid redeployment to quarantine—with their own legal considerations—can become key to maintaining operations and employee and customer trust. Proper planning must include the distribution of potentially scarce medical resources; in some cases companies must make difficult choices of prioritizing certain critical, front-line employees who should receive treatment or medication before others. Both the public and private sectors cannot afford to discount the possibility of a biological weapons attack.

Both suicide and violence against others destabilize workplaces. Angry workers, the mentally ill, family members with grudges, terrorists and activists may all pose physical threats. The issue reaches into areas as diverse as hiring practices, background screenings, security, and vehicle control. Prevention of and recovery from suicide and violence may call for refined approaches to hostility management, threat notification, family assistance programs and emergency drills.