Because every organization has a limited set of resources, organizations should assess the impacts to organizational operations (that is, mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the like. Organizations can experience the consequences/impact of adverse events at the individual ICS system level (for example, failing to perform as required), at the business process level (for example, failing to fully meet business objectives), and at the organizational level (for example, failing to comply with legal or regulatory requirements, damaging reputation or relationships, or undermining long-term viability). An adverse event can have multiple consequences ...