This risk tool post is about the third step in a risk assessment, so if you haven’t read the first two post, we recommend you read the first post to find out why it is so important to do a risk assessment in your organization and how to get started! 

Step 3: Develop strategies to reduce risk and vulnerability   

Once the threats have been identified and evaluated, and the risks rated, the next step is to consider what can be done to reduce risks to an acceptable level. Developing security strategies is a critical step in ensuring that before committing staff, resources and the firm’s reputation, the firm has taken all reasonable steps to minimize the risk.   
In general, there are two possible courses of reducing exposure to risk:

Mitigation measures to reduce risk should focus on both prevention (reduce the probability) and reaction (reduce the impact). By doing this, you can reduce the level of residual risk from the level originally assigned to each threat identified, and thereby improve your ability to deliver your program.   

For example, we could reduce the exposure the to the risk of spreading with COVID-19 by:

Sources:   
Damon P. Coppola (2015) “Introduction to international disaster management”  

European interagency security forum (2020) “Security to go: A risk management toolkit for humanitarian aid agencies”  

Humanitarian Practice Network (2010) “Good practice review – Operational security management in violent environment”