1

The organization uses widely accepted theoretical frameworks for risk management, and established model(s) of incident causation and prevention, in the development and implementation of its risk management infrastructure, and can identify and describe the frameworks and models employed

2

The organization employs four approaches to managing risk: transfer, reduce, eliminate and accept risk

3

In general, the organization employs complex socio-technical systems theory in its risk management practice

4

The organization recognizes that the use of probabilistic risk assessments (PRAs), such as in spreadsheet form, may have utility, but does not indicate the presence of a high-quality, comprehensive risk management system

5

Whether using these terms or not, the organization institutes policies, procedures, values and systems to manage reasonably foreseeable risks in these risk domains: Organizational Culture, Activities and Program Areas, Staff, Equipment, Participants, Subcontractors, Transportation, Business Administration, Government, Society, Outdoor Industry, Business

6

Whether using these terms or not, the organization employs the risk management instruments (tools) that may be appropriate for their circumstance, from the following list of risk management instruments: Risk Transfer, Incident Management, Incident Reporting, Incident Reviews, Risk Management Committee, Medical Screening, Risk Management Reviews, Media Relations, Documentation, Accreditation, Seeing Systems

7

The organization employs the resilience engineering principle of 'Extra Capacity,' maintaining reserves of personnel, personnel capacities, equipment, or other resources for use during times of reduced supply or increased demand

8

The organization employs the resilience engineering principle of 'Redundancy,' having backup options (emergency response equipment, trained personnel, data-gathering methods, etc.) in case of primary element failure

9

The organization employs the resilience engineering principle of 'Integrated Safety Culture,' intentionally and carefully balancing rules-based safety with support for use of individual judgment

10

The organization fosters psychological resilience in staff, building a positive, can-do attitude towards confronting unanticipated major challenges

11

The organization employs Just Culture, evaluating systemic factors in incident causation rather than reflexively blaming the individual directly involved

12

When considering starting with a new activity, location or participant population, the organization evaluates all elements of the organization for readiness--including administrative, logistics/operations, marketing, staffing, and program delivery areas

13

When conducting formal incident reviews or risk management reviews, the organization evaluates safety from a complex socio-technical systems perspective--evaluating all instruments and domains, and incorporating resilience engineering principles

14

Incident reports are completed when appropriate, then systematically evaluated individually and in the aggregate, and the results are intentionally and demonstrably disseminated throughout the entire organization (e.g. in the form of reports, training, etc.)

15

The organization considers strategic risks, such as climate change, geopolitical concerns, trends in social tolerance of risk, and legal trends, in its management of risk

16

The organization employs systems-informed strategic planning techniques, such as the 'pre- mortem'

17

The organization organizes its approaches to the management of risk in a risk management plan that is available to and understood by all applicable stakeholders