Practical Framework
Certanet Risk Framework
A simple owner-facing method for converting threat, vulnerability and consequence into secure construction requirements.
1. Asset
Define what must be protected and what must continue operating after disruption.
2. Threat
Identify credible physical, cyber-physical and electromagnetic threat conditions.
3. Weak Links
Map envelope gaps, equipment rooms, utility paths, access points and single points of failure.
4. Consequence
Document operational, financial, public-safety and mission consequences.
Security Basis of Design Checklist
| Question | Expected output |
|---|---|
| What asset or function is critical? | Protected asset list and continuity priority. |
| What threat is credible enough to design against? | Design-basis threat narrative. |
| Where is the protective boundary? | Drawn boundary with doors, walls, glazing, roof, floors and penetrations identified. |
| What level of delay or protection is required? | Performance requirement for each assembly or space. |
| What residual risk remains? | Named owner acceptance and upgrade plan. |