Strategic Risk Assessments

Understand where you’re exposed — across physical, digital, and operational domains — using structured assessments powered by Jicho’s threat-informed perspective.

Request Risk Review
Risk assessment and threat mapping

A Clearer Picture of Your Risk

Risk is rarely just “cyber” or just “physical.” It’s the combination of systems, people, locations, and decisions over time. Our assessments look across domains to uncover how threats could actually impact you.

We leverage Jicho to align your risk picture with current and emerging threats — not just theoretical scenarios. The result: a more honest understanding of what’s likely, what’s possible, and what to prioritize.

Jicho in Strategic Risk Work

Jicho connects threat intelligence, local context, and your environment so assessments aren’t just checklists — they’re grounded in reality.

Threat & Hazard Identification

Use Jicho to identify relevant cyber threats, physical security issues, and environmental hazards that intersect with your locations and operations.

Operational Impact Mapping

We map how those threats could realistically affect your systems, people, and mission-critical processes — not just in theory, but in likely progression.

Prioritized Risk Actions

Intelligence from Jicho helps prioritize which risks to address first based on likelihood, impact, and cost to mitigate.

Assessment Types

Strategic assessments are scoped to your size and mission, whether you’re a small team, a household, or an organization with multiple sites.

Facility & Physical Security Review

Evaluate entrances, access control, monitoring, lighting, zones, and patterns of life to identify vulnerabilities and improvement opportunities.

Cyber & Information Risk Overview

High-level review of how data is handled, where it lives, who can access it, and where cyber threats intersect with physical operations.

Communications & Continuity (with Ngome)

Assessment of your ability to communicate and coordinate during disruptions, with recommendations for layering Ngome-powered resilience.

Household & Small Team Resilience

Tailored assessments for families and small teams, integrating Fortify tabletop exercises, Jicho-informed threat context, and realistic planning.

Assessment Process

1. Intake & Objectives

We clarify your goals: compliance support, preparedness, leadership visibility, or household safety. Scope, constraints, and key concerns are documented.

2. On-Site & Remote Review

We combine on-site observation (where appropriate) with digital reviews and Jicho’s threat lens to build a comprehensive picture.

3. Findings & Roadmap

You receive clear, prioritized findings with specific actions, grouped into: immediate fixes, short-term projects, and longer-term improvements.

Frequently Asked Questions

Common questions about risk assessments, process, deliverables, and investment.

What does a risk assessment typically cost?

Assessment costs are based on facility size, complexity, and scope:

Pricing Framework
  • Initial consultation: $500 (applied to assessment if you proceed)
  • Small facility (under 10,000 sq ft): $2,500 - $5,000
  • Medium facility (10,000-50,000 sq ft): $5,000 - $12,000
  • Large or complex facility: $12,000 - $25,000+
  • Multi-site assessment: Custom quote (often discounted per-site rate)
  • Annual reassessment (existing client): 40-50% discount from initial

Pricing includes on-site evaluation, threat mapping, detailed report with recommendations, and implementation planning session.

How long does a risk assessment take?

Timeline depends on facility size and complexity:

Typical timeline:

  • Small facility: 2-4 hours on-site, 1 week for report → 1.5-2 weeks total
  • Medium facility: 4-8 hours on-site, 2 weeks for analysis → 2-3 weeks total
  • Large/complex facility: Multiple site visits, 3-4 weeks for comprehensive analysis → 4-6 weeks total

Rush assessments can be accommodated for urgent situations, though thoroughness may be limited.

The process typically includes:

  • Initial consultation and scope definition
  • On-site walkthrough and evaluation
  • Staff/stakeholder interviews (if needed)
  • Threat mapping and analysis
  • Report generation with prioritized recommendations
  • Presentation of findings and implementation planning
What's included in the assessment deliverable?

You receive a comprehensive report tailored to your facility:

Report contents:

  • Executive Summary: High-level findings and priority actions
  • Facility Overview: Layout analysis, access points, current security measures
  • Threat Assessment: Specific risks to your location, industry, and operations
  • Vulnerability Analysis: Gaps in physical security, procedures, and awareness
  • Prioritized Recommendations: Actionable improvements ranked by impact and cost
  • Implementation Roadmap: Phased approach with timelines and estimated costs
  • Resource List: Vendors, products, and services to support implementation

Reports are clear, practical, and written for decision-makers—not security consultants.

Do you work with small organizations or just large facilities?

We work with organizations of all sizes. Small businesses and community organizations often face significant risks but lack the resources for expensive security consultants.

Our approach scales to your reality:

  • Small businesses: Focus on high-impact, low-cost improvements
  • Medium organizations: Balance immediate needs with long-term planning
  • Large facilities: Comprehensive, layered security strategies

Every organization deserves a clear understanding of their risks and practical ways to address them.

What types of facilities do you assess?

We've assessed a wide range of facilities and can adapt to almost any environment:

Common facility types:

  • Schools and educational institutions (K-12, colleges)
  • Houses of worship (churches, synagogues, mosques)
  • Healthcare facilities (clinics, medical offices, small hospitals)
  • Office buildings and corporate campuses
  • Retail and commercial spaces
  • Manufacturing and industrial facilities
  • Non-profits and community centers
  • Residential properties (high-value or at-risk individuals)

If your facility has people in it and faces threats, we can assess it.

Will the assessment disrupt our operations?

No. We design the assessment process to minimize disruption:

  • Site visits scheduled around your operations
  • Staff interviews (if needed) are brief and flexible
  • Most observations can be done unobtrusively during normal business
  • No need to close or restrict access during evaluation

We work around your schedule, not the other way around. Many clients don't even notice we're there beyond the initial introduction.

Do you help with implementation or just provide recommendations?

Both. We can deliver a report and walk away, or stay engaged through implementation—your choice.

Implementation support options:

  • Project management: We oversee execution of recommendations
  • Vendor coordination: We source and manage contractors (security systems, construction, training providers)
  • Staff training: We train your team on new procedures or equipment
  • Testing & validation: We verify improvements work as intended
  • Ongoing advisory: Monthly or quarterly check-ins to maintain progress

We're vendor-neutral—we don't sell products or get kickbacks. Our recommendations are based on what works, not what profits us.

How often should a facility be reassessed?

It depends on your facility, threats, and changes:

General guidelines:

  • Annual reassessment: Recommended for high-risk facilities (schools, healthcare, high-profile targets)
  • Every 2-3 years: Suitable for moderate-risk facilities with stable operations
  • After major changes: New leadership, facility modifications, local threat changes, or post-incident

We offer discounted rates (40-50% off) for reassessments of existing clients. Many choose to retain us for annual or bi-annual reviews to ensure their security posture stays current.

What happens during the initial consultation?

The consultation is a conversation to understand your concerns and determine if an assessment is right for you:

We'll discuss:

  • Your facility type, size, and operations
  • Known security concerns or past incidents
  • Current security measures (if any)
  • Stakeholder concerns (staff, parents, board members, etc.)
  • Budget constraints and timeline
  • Goals for the assessment

From there, we'll outline our assessment approach, provide a clear scope and quote, and explain the timeline. No obligation—just clarity on what you need and what it costs.

The $500 consultation fee is applied to your assessment if you decide to proceed.

See your risk with new clarity.

Begin with a strategic risk assessment powered by Jicho — and walk away with a realistic, prioritized plan to strengthen your defenses.

Request Risk Review