Not all schools or organizations can support expensive and complicated risk assessments and risk management options. But doing something is better than doing nothing, as many of us know from our personal fitness routines...The simple key is to make sure your process (efforts) fits the foundational requirements and context of your organization, and involves some basic procedures and guidelines based on best practices or recognized standards. Foundation and context considerations should include, your mission/vision, core values, operating environment, internal/external stakeholders, legal requirements, transparency. and governance among others.
Establishing assessment procedures/guidelines should include creating, maintaining, and managing documentation of your procedures or policies. The process should also involve a "community systems approach" by identifying and engaging sources that have information about potential risk or threats against your school or organization. This continual information/intelligence gathering should be followed by investigation, assessment, and management of potential risks/threats by your "subject-matter-experts" or your established "threat assessment team".
Once you have identified potential ongoing risk and/or new undesired threats, there must be a plan or procedure in place to address or "manage" the risk or potential threat. This can be achieved by pre-planning for various scenarios based on your identified risk/threat potential in your environment. Create a base line of how to manage these risks as part of a documented procedure or policy that fits your school or organization. But leave room in your procedure to adjust to unique or unusual circumstances that may arise in any potential risk or threat.
These efforts should be conducted as part of an enterprise/organizational wide approach to security of your assets, and include at a minimum the areas 360 refers to as "CHIRP". Which refers to your asset environments of cyber, human, information, reputation, and physical.
This article summarizes some of the ideas and importance of procedure and process. As written in the article, Captain Chelsey "Sully" Sullenberger of "The Miracle on the Hudson", often cited "procedure" as one of the most fundamental keys to his success.