VIII. Operational security risk management 
National Societies assume responsibility and accountability for the safety and security of staff and volunteers by developing and implementing an operational security risk management system and structure.
In today’s complex operational environments, National Societies need to develop a professional approach to operational security risk management to reinforce the wide array of acceptance measures it employs. Establishing such a system will help prevent and mitigate risk, enabling the National Society to reach more people more safely.
All staff and volunteers, be they guards, drivers, emergency responders, senior programme managers or others, have an individual responsibility for their own security, for the security of their team mates and for the security of the organization’s assets. To build a culture of security and to fulfil its duty of care and organizational accountability, a National Society needs to invest significant efforts in the creation of a context-specific operational security risk management system.
A sound operational security risk management system incorporates core tools and guidelines, such as standard operating procedures, security guidelines, incident management protocols, insurance for staff and volunteers, and a structured training programme. Grounded in a continuous context and risk assessment, it should also include building strong relationships with the community in order to understand their self-protection practices. The system must be integrated at every level of the National Society.
The approach should be encapsulated in a policy providing a clear and structured foundation for further efforts in this area.
It is essential that individual National Society operational security risk management systems fit into an overall Movement security risk management framework to ensure compatible systems and procedures are in place.
A sound operational security risk management system incorporates core tools and guidelines, such as standard operating procedures, security guidelines, incident management protocols, insurance for staff and volunteers, and a structured training programme. Grounded in a continuous context and risk assessment, it should also include building strong relationships with the community in order to understand their self-protection practices. The system must be integrated at every level of the National Society.
The approach should be encapsulated in a policy providing a clear and structured foundation for further efforts in this area.
It is essential that individual National Society operational security risk management systems fit into an overall Movement security risk management framework to ensure compatible systems and procedures are in place.
1Action checklist
- Foster a security culture, ensuring each individual and each organizational unit understands their role and develops a safety-first reflex in all their actions.
- Establish and implement an incident tracking system, analyzing trends and the root causes of each incident and whether harm to your National Society was intended; determine the implications for future operations.
- Develop security guidelines based on the context and risk assessment, and adapt them as needed as the context and the associated risks evolve.
- Establish standard operating procedures based on the context and risk assessment, incorporating operational and security protocols.
- Develop a safety and security risk management policy that clearly defines your National Society’s priorities and accountability in this area.
- Create practical core security risk management materials to be incorporated into the operational preparedness training of all staff and volunteers.
- Acquire adequate insurance coverage for all staff and volunteers and for your National Society’s assets.
2Table of Contents
8.0 Introduction
As late as 2000, international aid agencies were just beginning to realize that they needed to step up their practices in the area of operational security risk management. However, domestic organizations, among them many National Societies, have not kept pace with systematizing and professionalizing their security management policy and practices, including how they assess and manage operational risk, relying on past practice and experience as a driver for how to manage current and future risk.
|
Why should you invest in professionalizing your operational security risk management approach?
|
. Legally and morally, the leadership of an organization has a “duty of care” to its staff and volunteers, which entails taking all reasonable measures to prevent, reduce, avoid or mitigate risks they may face while performing their duties.
. Injury to or deaths of staff members or volunteers or destruction of property results in a reduction of capacity to respond and may even lead to a suspension of activities.
. Operationally, managing security in volatile situations is a means to an end. Without it, the prevailing insecurity is more likely to derail operations.
|
Safety and security management cannot be treated as an add-on or optional task but must be infused and integrated throughout an organization’s structures, systems and practices. It is not acceptable for a staff member or volunteer to be seriously injured or killed because their organization has not prioritized and taken the time to implement good practice in operational security risk management.
Reduced access and continuing security incidents affecting National Society staff and volunteers in today’s increasingly volatile environments have shown that this gap needs to be addressed not only by National Societies operating in insecure contexts but by all Movement components at all times.
To complement the various “active acceptance” measures outlined in the other seven Safer Access Framework elements, a robust operational security and risk management policy, systems, guidelines, training and practices are needed to provide the concrete dimension to managing the identified risks of intentional violence facing staff and volunteers and to protect the organization’s resources and assets.
Myth: Adopting operational security risk management practices will reduce the National Society’s ability to meet the needs of people and communities effectively – highlighting the tension between the “humanitarian imperative” and managing risk.
Reality: Professional operational security risk management practices are designed to facilitate access and enhance security – mitigating risk – resulting in greater reach to those in need, more safely.
In summary, operational security risk management aims to safeguard the lives and well-being of staff and volunteers and to protect the organization’s assets, its programmes and even its reputation.
Adopting a safety and security policy
All environments contain a certain level of risk, whether from accidents (traffic or otherwise) or, at the other end of the spectrum, indiscriminate or targeted acts of violence. Therefore, whatever the situation, it is essential for the National Society’s leadership to put in place an organization-wide, context-driven safety and security policy, which will provide a solid foundation for the fulfilment of its “duty of care” to its personnel.
This policy would form the core of your operational security risk management approach and reflect the Fundamental Principles and other values governing your organization. It might very well also incorporate the Safer Access Framework, not only as a guide to overall capacity strengthening and preparedness to work in sensitive and insecure contexts, but also integrating the specific actions and measures that contribute directly to safety and security management.
The contents of such a policy would provide clear parameters to support personnel in making operational decisions and in the development of their local security plans. It should incorporate relevant Movement policies, such as on the use of armed escorts (Council of Delegates 1995) and the minimum elements for working with external organizations (Council of Delegates 2003), and highlight their relevance for application.
The policy must also reflect individual and collective governance and management responsibilities in the security management of staff and volunteers, clearly specifying each one’s accountability. Reference should be made to associated documents containing standard operating procedures and security guidelines that provide more specific guidance and that may be adapted over time, taking into account developments in the context.
Fostering a culture of safety and security
Such a policy will help foster a culture of safety and security, whereby each staff member and volunteer – at all levels of the organization – has the reflex to pre-screen every communication and action from the perspective of how it will affect the beneficiaries and how it will influence their own acceptance and security and that of their colleagues, their organization and the Movement as a whole.
Establishing an inclusive and integrated approach to security management is crucial to generating a common commitment and understanding of the expectations of individuals and of management and their subsequent responsibilities in this regard.
The value of continually strengthening a safety and security culture will become evident when someone suddenly faces a particular circumstance where the existing good practice and guidelines may actually have to be adjusted or even superseded by sound situational judgement grounded in an analysis of the context realities and the basic premises of the security culture.
Integrated operational security risk management system and structure
Building on the context and risk assessment and the safety and security policy, it will be necessary to adopt an integrated operational security risk management approach by establishing or adjusting current systems, structures, guidelines, training and practices. A risk management system is a core feature of this approach.
Risk management
Risk management draws on a thorough understanding of the context, including, where relevant, the “conflict” dimension (i.e. who is fighting whom, where, why and with what means). Armed with that knowledge, a structured and unbiased collective assessment can be undertaken of the threats arising from the context and their likelihood of affecting the organization and its people. (See Context and Risk Assessment.)
Once identified, these risks must be managed singly and systematically, either by taking measures to avoid or prevent exposure to them, by accepting them while taking measures to mitigate their impact or, when they exceed the organization’s pre-determined risk threshold, by transferring them to others more able to take on such risks. If a decision is made to take on a risk, while mitigating the impact, it must be determined that the benefit – often measured by the expected impact of the humanitarian service on the beneficiaries – outweighs the exposure to the risk.
The overall process must be inclusive, inviting input from all staff and volunteers and others such as trusted community members and Movement partners in order to benefit from a broad diversity of perspectives. This will result in a more thorough and comprehensive assessment. Inclusiveness will also engender a common understanding of the risks and a shared understanding of and sense of responsibility for the necessary security measures.
Operational security strategy, plan and guidelines
The results of both the context assessment and the risk assessment will guide the development of your National Society’s specific security plan, internal guidelines or standard operating procedures, security rules and guidelines, code of conduct and subsequent training and decisions on the equipping of your teams.
Insurance
Insurance coverage is not protection; rather, it provides compensation for injury or death sustained by either staff members or volunteers while fulfilling their work duties. It is one of many mitigation strategies. In order to determine the contents of a suitable insurance policy, a full appreciation of the types of risks personnel are exposed to is required. It is an important part of the “duty of care” and of due diligence in managing staff and volunteers at all times, not only in insecure contexts.
In insecure contexts, the coverage must include war risk and, possibly, criminal acts. The personnel and their families should be fully briefed on the coverage provided and how to make a claim. Staff and volunteers are also encouraged to take personal responsibility by familiarizing themselves with the insurance coverage and requesting more information if something is not clear. Some individuals might consider obtaining additional private insurance if not satisfied with the coverage provided.
Not having insurance coverage for staff and volunteers may expose the organization to potential lawsuits, as accidents or security incidents can have major financial consequences for individuals and their families.
1Guiding questions
- If you have established a safety and security policy, how have you turned it into action in a way that provides a solid foundation for operational security risk management?
- In your interactions within communities, how does your National Society learn about and build on their existing self-protection practices? Does that learning contribute to safer response teams and communities?
- To support the application of your policy, which actions have you prioritized: the development of a security plan, standard operating procedures, code of conduct tailored to the situation, security guidelines?
- What does your safety and security competency development and training strategy include? Is it grounded in the policy and context assessment and does it draw on the core guidance developed here (above)? Is it provided for everyone in accordance with their respective needs so that they may shoulder their respective responsibilities.
- What practices have you incorporated to foster a safety and security culture throughout your National Society?
- Does your insurance coverage for staff and volunteers working in crises compensate them or their families for any possible injury, including psychological trauma/stress, or death incurred in the line of duty?
To learn more about the actions and measures linked to this element, and to access tools and shared experiences, see the relevant section below, and click on the Safer Access in Action map highlighting individual National Society accounts of the actions and measures they took when operating in sensitive and insecure contexts.
The contents of this section by no means attempt to replace the substantial technical advice on operational security risk management already available, such as the Humanitarian Practice Network’s “Good Practice Review: Operational Security Management in Violent Environments” (2010) or the International Federation’s “Stay Safe” materials. Rather, this section highlights the core areas of importance for National Societies, as local organizations, to address.
Additionally, while the focus of this section is primarily on addressing security concerns in violent situations, it should be noted that a good security management system will be built on the basics of health and safety risk management in place at all times, including in relation to accidents, fires and other environmental hazards.
8.1 Establish and implement a safety and security policy
A safety and security policy has been established and implemented.
8.2 Build upon existing community self-protection practices
The National Society learns about and builds on existing self-protection practices of communities
that could have a positive impact on the security of the communities and of the National Society.
8.3 Develop an integrated operational security risk management system and structure
An integrated operational security risk management system and structure have been established to protect the safety and security of staff and volunteers, facilities, equipment and vehicles; the system operates in accordance with duty of care provisions and responsibilities and the application of the Fundamental Principles and other Movement policies. (See also all elements, in particular I. Context and risk assessment)
8.4 Develop security and risk management systems, procedures, guidelines, tools and practice and train staff and volunteers on their use
Training in operational security risk management, which includes risk assessment tools and processes, guidelines, codes of conduct and active acceptance and protective measures, is provided for all who are responsible for managing operations or who are exposed to risk while carrying out their duties. (See also I. Context and risk assessment and IV. Acceptance of the individual)
8.5 Foster a security culture
A security culture is fostered within the National Society and all staff and volunteers are aware of and equipped to bear personal responsibility for managing their own safety and security and for adhering to the National Society’s guidelines and procedures in this regard.
8.6 Provide adequate insurance coverage
Adequate insurance coverage for staff and volunteers working in crises has been established to compensate them for possible injury, including psychological trauma/stress, or death in the course of duty.