To download the recently updated OSAC Risk Matrix, click on the attachment at the bottom of the page. Once you open the PDF, you may have to click on the button labeled "Enable all features" to view the document as a fillable form.
OSAC launched its Risk Matrix over two years ago. Since then, the overseas security landscape has become increasingly dynamic, with the threats posed by terrorists, hackers, and criminals compounded by risks presented by natural disasters and the COVID-19 pandemic.
OSAC designed the Risk Matrix to allow private-sector security professionals to take an holistic approach to risk analysis by assessing different dimensions of a given risk – and to do so in a way that is the most relevant to their organization and its interests.
The framework begins with a Country Profile that allows the user to assess the organization’s footprint in a given context. From there, it proceeds with seven modules: Crime, Terrorism, Civil Unrest, Environment, Health, COVID-19, and Operational / Information Security.
The framework concludes with a Countermeasures and Guidance module that allows private-sector security professionals to suggest countermeasures and provide actionable guidance based on their evaluation of the security environment.
To facilitate the evaluation process, most of the fields in the Assessment column have pre-identified answer choices, which we present as either a drop-down menu or a check-all-that-apply format. Several of the Risk indicators include a hyperlink, directing the user to online resources that may provide additional context and information.
OSAC acknowledges that the options provided in the Assessment column are unlikely to be exhaustive. We have tried to account for the wide range of situations and scenarios by providing a Clarification / additional information field. In many cases, the user can find suggested ideas or inputs by hovering the cursor over the blank field to reveal additional guidance.
Upon completion, the user can save the document, share with their organization, and/or print as an accompaniment (in case an electronic copy is not accessible during travel). At the top of the document are fields for the date of assessment, the name of the evaluator, and the title of the organization. It is OSAC’s intention that users should review and revise each assessment periodically based on the evolving security environment and the needs of the organization.
OSAC welcomes any feedback on the Risk Matrix, as with anything else we produce, in an effort to create the best products for our membership and help secure U.S. private-sector operations, investments, and personnel abroad.