Skip to content
VigilGuard Logo VigilGuard
Contact Us
EASM Platform VendorGuard ITRM Platform

Climate Resilience

Climate Resilience

Section titled “Climate Resilience”

5 automated security scanners

Water Security

Section titled “Water Security”

Purpose: The Water Security Scanner is designed to evaluate the water availability, quality issues, and usage efficiency within an organization by analyzing its security documentation, public policy pages, trust center information, and compliance certifications. This tool helps identify potential vulnerabilities in the company’s approach to managing water resources, ensuring comprehensive security posture across all aspects of water management.

What It Detects:

  • Policy Indicators: Security policy mentions, incident response procedures, data protection measures, access control protocols.
  • Maturity Indicators: SOC 2 compliance, ISO 27001 certification, penetration testing activities, vulnerability scanning or assessment.
  • Water Availability Indicators: References to water scarcity issues, water conservation policies, emergency water supply plans.
  • Water Quality Indicators: Water quality monitoring practices, contamination prevention measures, compliance with water quality standards.
  • Usage Efficiency Indicators: Water usage tracking systems, efficient irrigation practices, leak detection and repair protocols.

Inputs Required:

  • domain (string): The primary domain of the company website to be analyzed.
  • company_name (string): The name of the company for which the analysis is conducted.

Business Impact: This scanner plays a crucial role in enhancing an organization’s security posture by identifying potential vulnerabilities and weaknesses in its water management practices, thereby improving overall resilience against water-related threats and ensuring compliance with regulatory standards.

Risk Levels:

  • Critical: Findings that directly impact critical infrastructure or operations, such as severe deficiencies in water scarcity policies or lack of emergency water supply plans.
  • High: Issues that significantly affect business functions but are not critical, like inadequate access control for sensitive water management information.
  • Medium: Vulnerabilities that may lead to moderate disruptions if exploited, such as incomplete water quality monitoring practices.
  • Low: Minor issues that do not pose immediate risks but could evolve into significant problems over time, such as outdated water usage tracking systems.
  • Info: Informative findings about best practices or areas where improvements can be made without immediate risk, like general mentions of sustainable water use in policies.

Example Findings:

  • A company’s security policy lacks explicit mention of data protection measures, posing a high risk as it indicates inadequate handling of sensitive information related to water usage and quality.
  • ISO 27001 certification is absent, which could be considered critical if the organization operates in sectors heavily reliant on secure information management, such as those involved in water distribution or treatment.

Energy Resilience

Section titled “Energy Resilience”

Purpose: The Energy Resilience Scanner is designed to evaluate and document a company’s preparedness for potential disruptions caused by climate change, focusing on grid reliability, alternative energy sources, consumption efficiency, policy compliance, and overall resilience strategies.

What It Detects:

  • Grid Reliability Indicators:
    • Detection of mentions of backup generators or uninterruptible power supplies (UPS).
    • Identification of descriptions of redundant power systems.
    • Verification of grid resilience strategies such as microgrids or distributed generation.
    • Detection of references to emergency response plans for power outages.
    • Flagging gaps in disaster recovery planning.
  • Alternative Energy Sources:
    • Testing for solar panel installations or photovoltaic (PV) systems.
    • Checking for wind turbine deployments.
    • Verification of geothermal, hydroelectric, or biomass energy usage.
    • Detection of mentions of battery storage solutions.
    • Flagging any reliance on fossil fuels without mitigation strategies.
  • Consumption Efficiency Indicators:
    • Testing for energy-efficient building designs or green architecture.
    • Checking for smart grid technologies and demand response programs.
    • Verification of use of LED lighting and efficient HVAC systems.
    • Detection of references to energy management software or IoT devices.
    • Flagging any high-energy consumption practices without optimization plans.
  • Policy Review:
    • Testing for security policies related to energy infrastructure protection.
    • Checking for incident response plans specific to power outages.
    • Verification of data protection measures in the context of alternative energy systems.
    • Detecting access control protocols for critical energy assets.
    • Flagging compliance certifications such as ISO 50001 or SOC 2.
  • Manual Evaluation:
    • Testing for trust center information on energy resilience efforts.
    • Checking public policy pages for relevant regulations and standards.
    • Verifying company security documentation related to climate resilience.
    • Detecting any gaps in internal assessments of energy systems.
    • Flagging areas requiring further manual review by experts.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”)

Business Impact: This scanner is crucial for organizations aiming to mitigate the risks associated with climate change and its impact on energy infrastructure, ensuring business continuity and resilience in the face of power outages and other disruptions.

Risk Levels:

  • Critical: Conditions that directly affect critical systems or could lead to immediate operational disruption without mitigation strategies in place.
  • High: Conditions that pose significant risks to operations but may have some mitigating factors if properly addressed.
  • Medium: Conditions that require attention for improvement but do not immediately impact critical functions.
  • Low: Informative findings that provide opportunities for optimization and efficiency improvements, with minimal immediate risk.
  • Info: General information about energy resilience practices without specific severity implications.

If the README doesn’t specify exact risk levels, infer them based on the scanner’s purpose and impact.

Example Findings:

  1. The company lacks explicit mention of backup generators in its sustainability reports, which could be a critical gap in disaster recovery planning.
  2. Acme Corporation does not disclose any information about solar panel installations or battery storage solutions, indicating potential reliance on traditional energy sources without mitigation strategies for climate change impacts.

Resource Security

Section titled “Resource Security”

Purpose: The Resource Security Scanner is designed to identify potential vulnerabilities and ensure climate resilience through robust resource management by analyzing company security documentation, public policy pages, trust center information, and compliance certifications. It helps in detecting critical resource access, alternative sourcing practices, and efficiency measures that could affect the security posture of a company.

What It Detects:

  • Security Policy Indicators: Identifies the presence of comprehensive security policies such as “security policy,” “incident response,” “data protection,” and “access control.”
  • Maturity Indicators: Checks for compliance with certifications like SOC 2, ISO 27001, penetration tests, and vulnerability scans.
  • Alternative Sourcing Practices: Detects mentions of alternative sourcing strategies or third-party vendors in security documentation.
  • Efficiency Measures: Identifies practices related to resource efficiency, such as energy management systems, waste reduction initiatives, and sustainable procurement policies.
  • Critical Resource Access Controls: Evaluates access control measures for critical resources to protect sensitive data and infrastructure.

Inputs Required:

  • domain (string): The primary domain of the company website to be analyzed (e.g., acme.com).
  • company_name (string): The name of the company, used for statement searching (e.g., “Acme Corporation”).

Business Impact: This scanner is crucial as it helps in identifying potential vulnerabilities and ensuring that critical resources are protected through robust security measures. It contributes to a resilient security posture by detecting areas where policies might be lacking or practices could be improved.

Risk Levels:

  • Critical: Findings that directly impact the core security of the organization, such as missing or inadequate incident response plans.
  • High: Issues that significantly affect operational efficiency or data protection compliance, such as lack of access control measures for critical resources.
  • Medium: Areas where practices could be improved to enhance overall security and compliance, such as incomplete documentation on alternative sourcing strategies.
  • Low: Informative findings that provide insights but do not pose immediate risks, such as mentions of ongoing vulnerability scans in the compliance section.
  • Info: General information about the company’s stance on resource management and sustainability practices.

Example Findings:

  • The security policy lacks a specific protocol for handling data breaches.
  • There is no mention of third-party vendor risk assessments in the compliance certifications listed.
  • Energy efficiency measures are only vaguely outlined, lacking specific targets or implementation details.

Facility Climate Risk

Section titled “Facility Climate Risk”

Purpose: The Facility Climate Risk Scanner is designed to detect vulnerabilities related to flooding, extreme weather events, and temperature effects that could impact the resilience of a facility. Its purpose is to help organizations identify potential climate-related risks and take proactive measures to mitigate them.

What It Detects:

  • Flooding Vulnerabilities: Identifies mentions of flood risk assessments, descriptions of flood mitigation strategies, historical flooding incidents, information on drainage systems and flood barriers, and inadequate flood protection measures.
  • Extreme Weather Preparedness: Searches for storm preparedness plans, identifies references to hurricane, tornado, or other extreme weather response protocols, looks for emergency evacuation procedures, describes wind-resistant building structures, and detects gaps in severe weather contingency planning.
  • Temperature Effects on Infrastructure: Identifies mentions of temperature-related stress on infrastructure, discusses heat resistance and cooling systems, provides information on thermal expansion and contraction impacts, refers to air conditioning and ventilation systems, and flags inadequate temperature management strategies.
  • Climate Change Adaptation Strategies: Searches for climate change adaptation plans, identifies mentions of renewable energy sources, describes sustainable building practices, includes green roofs and other eco-friendly features, and detects gaps in long-term climate resilience planning.
  • Compliance with Climate Resilience Standards: Identifies references to relevant compliance certifications (e.g., LEED, WELL), mentions of adherence to industry standards for climate resilience, describes third-party audits related to climate risk management, and checks information on regulatory requirements and guidelines.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”)

Business Impact: This scanner is crucial as it helps organizations proactively identify and address potential climate risks, which can directly impact the operational resilience and security of facilities. By detecting vulnerabilities early, organizations can implement necessary mitigation strategies to protect their assets and operations from the adverse effects of climate change.

Risk Levels:

  • Critical: Conditions that pose an immediate threat to facility operation or where failure could lead to catastrophic consequences.
  • High: Conditions that significantly impact operational efficiency or where significant risks are identified but do not immediately threaten safety.
  • Medium: Conditions that may marginally affect operations but require attention and planning for improvement.
  • Low: Informative findings that provide general insights into climate resilience without immediate concern.
  • Info: General information about the company’s stance on sustainability and environmental responsibility, which does not directly impact operational risk levels.

Example Findings:

  1. “The Acme Corporation has failed to implement adequate flood mitigation measures, posing a critical risk to its facilities.”
  2. “There is no mention of climate change adaptation plans within the documentation, indicating a low level of preparedness for long-term environmental risks.”

Supply Chain Climate Impact

Section titled “Supply Chain Climate Impact”

Purpose: The Supply Chain Climate Impact Scanner is designed to detect and assess potential vulnerabilities in a company’s supply chain related to climate risks, transportation disruptions, and resource availability. This tool helps identify weaknesses that could affect business continuity and sustainability by evaluating supplier practices and policies concerning greenhouse gas emissions, sustainable sourcing, and environmental management.

What It Detects:

  • Supplier Climate Risk Indicators:

    • Detection of mentions of suppliers’ carbon footprint or greenhouse gas emissions.
    • Verification of supplier sustainability reports or certifications such as ISO 14001.
    • Assessment of supplier energy usage and adoption of renewable energy sources.
    • Identification of references to climate change impacts on suppliers.
    • Flagging of any lack of supplier-specific climate risk assessments.

  • Transportation Disruption Patterns:

    • Detection of mentions of transportation risks associated with extreme weather events.
    • Verification of supply chain disruptions caused by natural disasters or climate-related incidents.
    • Evaluation of contingency plans for managing transportation delays or failures.
    • Identification of references to alternative, more sustainable transportation modes.
    • Flagging of inadequate strategies for dealing with transportation resilience issues.

  • Resource Availability Indicators:

    • Detection of water scarcity risks in supplier locations.
    • Verification of resource depletion issues affecting suppliers, including deforestation concerns.
    • Assessment of supplier sourcing practices and availability of raw materials.
    • Identification of sustainable management practices by suppliers regarding their resources.
    • Flagging of any lack of detailed assessments or expert opinions on resource sustainability.

  • Policy Review Patterns:

    • Detection of climate change policies or commitments within the company’s security documentation.
    • Verification of public policy pages that highlight supply chain sustainability initiatives.
    • Evaluation of trust center information regarding climate resilience programs and certifications.
    • Identification of compliance with relevant environmental standards such as LEED, GRI.
    • Flagging of any absence of specific climate-related policies within the organization.

  • Manual Evaluation Patterns:

    • Qualitative assessments of supplier climate risk in internal reports.
    • Manual evaluations of scenarios involving transportation disruptions.
    • Reviews of impacts on suppliers from resource availability issues.
    • Expert opinions or audits related to supply chain climate resilience.
    • Flagging of any lack of detailed manual evaluations and expert insights within the organization.

Inputs Required:

  • domain (string): Primary domain to analyze, e.g., “acme.com”.
  • company_name (string): Company name for statement searching, e.g., “Acme Corporation”.

Business Impact: This scanner is crucial as it helps companies understand and mitigate the environmental risks associated with their supply chain. By identifying potential vulnerabilities early on, businesses can implement proactive strategies to enhance climate resilience, ensuring long-term sustainability and operational continuity.

Risk Levels:

  • Critical: Conditions that directly lead to significant business disruptions or high financial losses due to severe climate impacts identified by the scanner.
  • High: Conditions indicating potential risks of supply chain interruptions or substantial environmental damage as detected by the scanner.
  • Medium: Conditions suggesting moderate risk levels, which may require immediate attention and strategic adjustments within the organization.
  • Low: Conditions indicative of minor issues that can be addressed through ongoing monitoring and routine updates to improve overall resilience.
  • Info: Informal or advisory findings from the scanner that provide basic insights but do not necessarily indicate urgent action is required.

If specific risk levels are not detailed in the README, they have been inferred based on the purpose of the scanner and its potential impact.

Example Findings:

  • “Supplier X has a carbon footprint of 100,000 tons CO2e per year.” - This finding highlights a significant environmental impact from supplier operations that may require closer review.
  • “We have contingency plans for transportation delays and failures.” - This indicates the presence of a preparedness strategy against potential disruptions in the supply chain, which is critical for maintaining business continuity.