Back to Course
Professor Sele
Lead Risk Assessment Specialist | SafeHaven Strategies

"Risk you haven't assessed is risk you've accepted by default."

Module 1

Introduction to ESRA

Professor Sele: Risk assessment is the foundation of every security decision SafeHaven makes. Before we deploy a guard, plan a route, or advise a client, we assess the risk. This module establishes what ESRA is, why it matters, and the professional standard we apply to it.

Section 1 — What Is ESRA?

An Emergency Security Risk Assessment is a structured, systematic process for identifying security threats and hazards, evaluating their likelihood and potential impact, and recommending proportionate control measures to reduce risk to an acceptable level.

The word "emergency" in ESRA does not mean the assessment is conducted during a crisis — it means the assessment is designed to prepare for emergencies before they occur. ESRA is a planning tool, not a reactive one.

Section 2 — Why ESRA Matters

Without a formal risk assessment, security decisions are based on intuition, habit, or the preferences of whoever is in charge. This produces under-protection of serious threats that don't feel urgent, over-reaction to visible but low-risk concerns, wasted resources on the wrong priorities, and legal exposure when an unassessed risk causes harm.

A completed, documented ESRA demonstrates that SafeHaven has exercised professional due diligence — protecting the client, the company, and the individuals who conducted the assessment.

Section 3 — The Five-Step ESRA Process

Identify — what are the threats, hazards, and vulnerabilities? Evaluate — how likely is each risk, and how severe would the impact be? Prioritise — which risks require immediate action? Control — what measures will reduce likelihood or impact? Review — are the controls working? Has the risk changed?

Section 4 — ESRA vs. Routine Risk Assessment

A standard risk assessment evaluates known, stable environments. An ESRA is specifically designed for dynamic, high-threat, or emergency-prone environments where conditions change rapidly, the consequences of failure are severe, and the assessment itself may need to be conducted under time pressure.

Key Points
  • ESRA is a planning tool — it prepares for emergencies before they occur
  • Five steps: Identify → Evaluate → Prioritise → Control → Review
  • Undocumented risk management creates legal exposure and resource waste
  • ESRA applies to dynamic environments where standard assessments are insufficient
  • Every security decision at SafeHaven is grounded in a risk assessment
Field Note · Professor Sele

"A mining client asked me why they needed a formal ESRA when they'd been operating for four years without a major incident. I told them: that's not evidence of good security — it may be evidence of good luck. We conducted the assessment and found a critical risk at their fuel storage area that had existed since day one. Four years of luck. One assessment changed it to four years of managed risk."

Knowledge Check

What is the primary purpose of an Emergency Security Risk Assessment?