The National Institute of Building Sciences project team undertook the present project to operationalize the NIPP 2013 framework into a conventional business process, a CISR Risk Management Process (CISR-RMP). The project employs a business process engineering approach to extend that framework into a workable, scalable, repeatable, defensible and practical process that infrastructures, especially interdependent lifelines (energy, water/wastewater, transportation and communications), local government agencies, and regional public-private partnerships can use to collaboratively rationalize the allocation of scarce and constrained resources for security and resilience. Three investigations informed the design specifications for such a process:

1. Review of federal policy and strategy documents to determine the specific objectives, scope and policy requirements for the process;
2. Decomposition of one of these requirements, defensibility, into a set of technical specifications based on the standards of the risk disciplines (economics, operations research, finance, etc.) and conducting a cursory review of 24 federally sponsored methods and tools designed for lifeline CIs; and
3. Interviews with infrastructure and local government analysts and decision-makers, typical of those who would use a CISR-RMP, to learn their interests, preferences and constraints.