The purpose of this paper is to present a methodology for the analysis of the robustness of industrial internal and external emergency plans, established by the European Union SEVESO II Directive. This methodology is based upon a systemic, hierarchical and generic model of an internal or external industrial emergency plan. The process generally found within an internal and/or external industrial emergency plan is identified through the model, thus allowing for a modular representation of the plan. Each process integrates the functions/activities performed, the resources necessary for performing these functions/activities, the resources generated or affected by these functions, the supports required for each resource and the interactions (inputs and outputs) of each process. An explicit specification of these elements for a generic plan was provided through an ontological approach. An analysis of the plan model is performed to estimate a priori the failures that can potentially occur in the emergency response phase, when the plan is put into action. An extensive experience feedback analysis has also been performed to identify a posteriori the failures that have already occurred during the application of the plan. Some 160 accident reports have been consulted, and 31 internal and external emergency plan exercises were followed. This double analysis (a priori and a posteriori) has led to putting in place assessment checklists, structured via the systemic model for each of the plan's process. Each checklist provides an indicator of the level of accomplishment (performance indicator) for the respective function. The logical combination of the function performance indicators results in a comprehensive assessment of the robustness of the industrial emergency plan. This methodology can hence be used as a toolbox, both for the assessment of existing plans and also for the iterative development of industrial emergency plans.