Book a FREE Consultation Call

Site Vulernability – Site 360

SITE360 — Site Vulnerability Assessments | Soteria 360
Soteria 360 · Service · Site Vulnerability Framework
01 · The Service
SOTERIA 360 — SITE VULNERABILITY ASSESSMENTS

SITE360.

The Soteria 360 Site Vulnerability Framework.

Read the ground. Map the risk. Close the gap. Hold the line.

Built for venues, crowd events, and public open spaces — by people who have held the duty, not just consulted to it. One framework. Three domains. Four phases. Built to be lived with.

Book a call Download capability statement
Protecting People · Powering Workforces
Lead · Anthony Karpanos
Soteria 360 · Self-Assessment · No cost, no obligation
The Check
01 The Case

Site security is decided where the place, the people, and the legal duty meet.

Most site work in Australia falls short of that joint. The security consultancy hands over a sixty-page report and walks. The WHS consultancy stops at the back-of-house door. Neither closes the gap between physical risk, operational reality, and the duty the operator carries.

SITE360 closes it.

The framework runs the standard risk management process — Identify, Assess, Control, Review — anchored in AS/NZS ISO 31000:2018 and the Safe Work Australia How to manage work health and safety risks Code of Practice. It is delivered against the harmonised Work Health & Safety Acts and Regulations, the ANZCTC crowded places framework, and CPTED principles across first and second generation.

And it is delivered by operators who have run high-risk venues at scale, run major fixtures from inside the duty-holder seat, and held safety responsibility across crowded ground in stadium, sport, motorsport, athletics, and civic environments.

02 The Shape

One framework. Three domains. Four phases.

A single discipline, applied across three operating contexts, in four ordered steps. Built to be lived with — not filed and forgotten.

01

One framework.

A single discipline — SITE360 — anchored in AS/NZS ISO 31000:2018 and the Safe Work Australia Code of Practice. The same logic, every site.

02

Three domains.

Venues. Events. Public Realm. Each with its own threat profile, vulnerability surface, and CPTED weight.

03

Four phases.

Identify · Assess · Control · Review. The standard risk management process, in language regulators trust.

03 The Domains

Three domains.

One framework, three operating contexts. Each domain has its own threat profile, vulnerability surface, and CPTED weight — but the discipline is the same.

I
Domain 01

SITE360 | Venues

Perimeter · Concourse · Bowl

For fixed assets with a continuous operating tempo. Stadiums, arenas, sports centres, training facilities, multi-tenant complexes, civic and cultural buildings, transport interchanges.

Assessment runs across the full operating cycle — and across three concentric rings. Designed to live alongside the venue's safety management system, not parallel to it.

II
Domain 02

SITE360 | Events

Bump-in · Show · Bump-out

For time-bounded operations that bring crowds, infrastructure, and command structure to a place. Music festivals, sporting fixtures, public ceremonies, corporate activations, regional events, government and state visits.

Assessment spans the full operating cycle and integrates the ANZCTC crowded places framework, crowd density modelling, hostile vehicle mitigation, and command-and-control architecture.

III
Domain 03

SITE360 | Public Realm

Place · Movement · Activity

For public open spaces and the soft urban edge. Town centres, transit precincts, foreshores, plazas, parks, and the public-facing fronts of mixed-use developments.

Built around CPTED principles across both first and second generation. The work that sits upstream of every venue and every event.

04 The Phases

Four phases.

The standard risk management process — in language regulators trust, delivered by operators who have held the duty.

01
Identify Read the ground.

Establish context. Walk the site. Build a current threat picture across natural, accidental, deliberate, and crowd-dynamic categories. Define the duty: owner, occupier, operator, event organiser, PCBU.

Aligned to ISO 31000:2018 § 5–6.3 · WHS Code of Practice Step 1 · WHS Act Part 2 Div 2 (harmonised)
02
Assess Map the risk.

Vulnerability assessment scenario by scenario, walked on the ground. CPTED audit across the five first-generation principles, with second-generation overlay where the user dynamic warrants it. Risk analysis on a 5×5 matrix tested against the operator's risk appetite.

Aligned to ISO 31000:2018 § 6.4 · WHS Code of Practice Step 2 · HB 167:2006
03
Control Close the gap.

Each recommendation tied to a specific vulnerability and a specific consequence avoided, with indicative cost and a delivery sequence. Capital separated from operational. Immediate separated from long-term. HVM specifications calibrated to expected vehicle weight and street-network speed.

Aligned to ISO 31000:2018 § 6.5 · WHS Code of Practice Step 3 · WHS Regulations reg 36 (harmonised)
04
Review Hold the line.

Monitoring and review regime. Maintenance and management plan that protects the design intent against the next operational cycle. Review cadence and reassessment triggers defined — incident, refurbishment, change of use, change in threat profile, change in user dynamic.

Aligned to ISO 31000:2018 § 6.6 · WHS Code of Practice Step 4 · AS 3745
05 The Deliverables

What you receive.

A complete evidence package built to defend the operator's duty — and to be put to work the day it lands.

  • 01
    Threat & context register The current threat picture, mapped to the duty and the operating tempo.
  • 02
    Vulnerability assessment Scenario by scenario, walked on the ground — not desk-built.
  • 03
    CPTED audit First and second generation, applied where the user dynamic warrants it.
  • 04
    Risk register 5×5 matrix. Current control effectiveness. Residual rating. Tested against appetite.
  • 05
    Treatment plan Capital separated from operational. Immediate separated from long-term. Costed.
  • 06
    Crowded places assessment Where density profile triggers it. Aligned to the ANZCTC framework.
  • 07
    Management & review regime The plan that protects the design intent across the next operational cycle.
  • 08
    Executive briefing Walked through with the duty-holder. Not handed over and forgotten.
06 The Lead

Held the duty. Not just consulted to it.

SITE360 is led by Anthony Karpanos. He has run safety and risk across a stadium and venue portfolio at scale — sitting in the duty-holder seat, not adjacent to it. That experience is the difference between a report you file and a framework you live with.

Engagement Director Josh Smith oversees framework delivery, scope governance, and reporting standards across every SITE360 engagement.

Anthony Karpanos — Engagement Lead, Soteria 360
Lead · SITE360

Anthony Karpanos

Engagement Lead — Soteria 360

  • Former Chief Safety & Risk Officer — VenuesWest
  • Safety oversight across 14 venues, $3.3B asset value
  • 6.24 million annual patronage across the portfolio
  • WorkSafe WA Platinum Certificate of Achievement
  • ICAM Lead Investigator
  • Stadium · sport · motorsport · athletics · civic environments
14venues
Portfolio held under duty
$3.3b
Asset value under safety oversight
6.24m
Annual patronage across the portfolio
Plat·
WorkSafe WA Certificate of Achievement
The Soteria 360 team — Anthony Karpanos and Josh Smith
The Team Behind The Framework Anthony Karpanos · Josh Smith — Soteria 360
07 The Standards

Anchored where it counts.

SITE360 is delivered against the standards regulators, insurers, and counsel actually rely on. No private frameworks. No vendor-built ratings.

ISO 31000:2018
Risk Management — Guidelines
HB 167:2006
Security Risk Management
WHS Act
Australian Harmonised Framework
WHS Regs
Australian Harmonised Framework
Code of Practice
How to Manage WHS Risks
ANZCTC
Crowded Places Framework
CPTED 1&2
First & Second Generation
AS/NZS 1158
Lighting Standards
AS 3745
Emergency Planning

Standards are listed in every report's provenance statement, and every recommendation traces back to a specific clause. The framework is auditable end-to-end.

The Next Step

Start here.

Three ways in. Start where you are, and we'll meet you on the ground.

01

Book a call.

30 minutes. Talk through your site, your event, or your obligation. No deck. No pitch.

 02

Download the capability statement.

The full SITE360 framework as a PDF. Standards anchor, phases, domains, deliverables.

 03

Send an enquiry.

A site, an event, a regulatory trigger, or a brief you're still shaping. Tell us what you're working with.
Protecting People · Powering Workforces
Soteria 360 · soteria360.com.au