At a glance: The 4 categories of a solid security risk management system

An important shift in how international nongovernmental organizations view security is now under way. Given the spike in life-threatening incidents in recent years, coupled with ever-rising humanitarian need, international NGOs are rightly looking to do “something” to increase the safety of their staff. But a significant percentage of NGO leaders are still uncertain exactly what that “something” ought to be. There are seemingly obvious measures, such as establishing evacuation procedures, purchasing insurance, buying GPS tracking mechanisms, hiring guards etc. But without an overall organizational security risk management framework, just buying new insurance or equipment leaves organizations exposed. Simply stated, doing “something” about security is not enough. Organizations need to establish an overall Security Risk Management System. It doesn’t have to be complicated. It just needs to be systematic. Simply put, an SRMS is a set of tools, protocols and mechanisms used by international NGOs to manage security. Like human resources departments or financial management systems, an SRMS applies to and covers the entire organization, and includes staff care. There are four standard categories in an SRMS: policies, security plans, security systems and training. 1. Security policy. A strong set of security policies gathered into a single document is the first place to start. Security policies should apply to the entire organization and outline the organization’s security standards, protocols and institutional requirements. This includes staff conduct policies, staff care policies, lines of authority, security training policies and incident reporting policies. Insider tip: There are many examples of international NGO security policies that are not written as policies, but suggestions. Security policies should not be suggestive: “Not following the agencies’ code of conduct may result in a deterioration of our image.” They should require a clear action and behavior: “All staff must abide by the agencies’ code of conduct,” or “All staff are required to report security incidents to …” 2. Security plans. Country-specific plans should outline how a field office will manage security. These plans must be based on a country or program-specific risk assessment to identify specific threats to staff, property and the program in a given area. Plans also must include specific emergency operations directives, including: mitigating measures; contingency plans; hibernation, relocation and evacuation plans; medical emergencies plans; and both primary communication and backup communication systems and plans. International NGO risk management has come a long way in the last 20 years. We now expect our security plans to be based on the identified threats in our operating environments: kidnapping, politically motivated attack on offices, and indirect fire. We also require that they tell us how to avoid those risks (risk mitigating measures), and tell us what we should do should we ever encounter those threats (contingency plans). Insider tip: I’ve seen security plans that basically boil down to, “Be very, very careful.” They are generally composed of common sense measures that would apply to any other part of the world: don’t wear ostentatious jewelry; avoid walking after dark if you can; lock your doors at night, etc. General, one-size-fits all security plans may sound good to some at the home office, but can be disastrous for staff working in active conflict zones. 3. Security systems. The right policies and plans must be matched with a strong set of security protocols, procedures and hardware. Security systems are the basic operating procedures and tools that should be established in a field office to meet the identified threats. Insider tip: We are more familiar with this category than any other. It includes movement tracking procedures, hibernation plans, evacuation routes, first aid delivery etc. 4. Security training. Finally, the last category of a strong international NGO SRMS is training. In the last several years we have seen many different types of security training offered to international NGOs, some more relevant and appropriate than others. Despite variations, there are two main types: security management and personal security. The former covers how to manage security and should be taken by all managerial staff. The latter is a much shorter course that should be taken by all staff. Insider tip: For guidance on what ought to constitute international NGO security training, see the NGO Safety and Security Training Project: How to Create Effective Security Training for NGOs. Changing an NGO’s security systems is a slow and difficult process. But approaching the issue of NGO security holistically and developing a security framework, as opposed to instituting piecemeal measures, is essential for today’s operating environments. With organizations being called to more places like Syria and Yemen, patient and persistent NGO leaders will find that investing the time and resources in establishing a systematic way to manage security risks will better protect staff, as well as allow for more effective and broad delivery of aid and emergency relief. Devex Professional Membership means access to the latest buzz, innovations, and lifestyle tips for development, health, sustainability and humanitarian professionals like you. Our mission is to do more good for more people. If you think the right information can make a difference, we invite you to join us by making a small investment in Professional Membership.