Open in app

Sign in

Write

Sign in

How to apply Safety & Security Risk Management in NGOs? (2021 Updated)

Sam Alsarori
8 min readJan 23, 2021
Article Image - Capacity building by Sam Alsrore

The recent killing of three staff members of aid organisations, one with his family in West Darfur, Sudan and the bombing of Aden Airport which resulted in the death of ICRC staff in Yemen are the recent incidents to sound the alarm over the security risks humanitarian workers face every day.

In DRC (Democratic Republic of Congo) alone, over 20,000 security incidents were registered in 2020, an increase of 38% compared to 2019 most of which occurred during humanitarian interventions. - ECHO

This puts aid workers (mostly national) at a greater risk and NGOs out-dated policies no longer cut it as the situation continue to escalate..

National aid workers security is now more critical for humanitarian agencies and their donors due to the declining access for international staff in some high-risk contexts — which put more pressure on increasing the reliance of national staff to remain where international staff members being evacuated.

NGOs operating in one or more country face both direct and indirect threats, whether being singled out and targeted, or facing risks through proximity and circumstance.

SECURITY RISK MANAGEMENT (SRM)

An aid worker’s personal security is impacted by the interplay between where the aid worker is, who they are, and their role and organisation.

As employers, aid organisations have a duty of care to take all reasonable measures to protect their staff from foreseeable risks.

SRM is an analytical procedure that assists in IDENTIFYING the risk level of undesirable events that may affect personnel, assets, and operations, and provide solutions in the form of specific mitigation — strategies and measures to lowering the risk levels for the NGO by reducing the impact and likelihood of the cause.

UNDERSTANDING RISKS and THREATS

If you had to evacuate your staff tomorrow from a project office due to a military coup, would you be prepared?

If you are not sure of your readiness in the event of a critical incident, consider these steps and apply it as teamwork for your team/organization.

You start by segregating risks and threats and format your plan around it according the scale of your organisation.

Factors (actions, circumstances, or events) which may cause harm, loss, or damage to your organisation including its personnel, assets, and operations are threats.

The impact and likelihood for harm, loss, or damage to the organisation from the exposure to threats are called risks.

Risks are categorised in levels from Very Low to Very High for their prioritisation.

HOW’S YOUR (SRA) SECURITY RISK ASSESSMENT?

Security decisions, planning, and implementation of security measures to manage security risks must be based on sound Security Risk Assessments.

SRA is meant to identify and assess the nature of the risks to a NGO operation or activity so that those risks can be effectively managed.

A credible SRA is an essential prerequisite to the effective management of risk;
You have to focus on five components as a manager or a director of safety and security of your organisation.

The image below should give you an understanding of the five components and examples of CURRENT measures your organisation may have already.

Now that you understood that, you now have to develop an organisation assessment.

This is mainly the Security & Safety Officer/Manager working with the Director. It should look like the below image.

The purpose of this template helps your senior management further evaluating the risks and protection plans for the organisation (especially if your organisation has multiple offices)

Program Assessment (PA) VS Threat Assessment (TA)

A program is normally an activity conducted by an NGO within a certain time frame and location.

Threat Assessments do not provide an assessment of risk, but provide the information and deductions that are used within a Risk Analysis.

It consists of two steps

  1. Situational Analysis
  2. General and Specific Threats to NGOs

Situation Analysis

Ask yourself these questions
What is the context in which you are working? What are the boundaries of the mandate for your programme? What is your risk analysis? How acceptable are those risks?

The purpose of situation analysis is for you to start putting information in the right place.

It’s important that you consult your senior manager in this step as you may be lacking data or unaware of certain polices.

You now have a clear image of the operational context in your Area of Responsibility.

With this information, the Risk Analysis is conducted and includes each specific threat scenario; and all the factors from the assessments relevant to that threat go through the following two steps.

Evaluating the Risks (Risk Analysis)

During Risk Analysis, determining risk levels for each specific threat scenario is made based assessments you made (Program Assessment or Threat Assessment).

The determination of risk analysis is a critical responsibility of senior managers.

The relationship between Program Criticality or the Organisation and the risk to the safety and security of personnel must be considered.

Managers must constantly strive to balance these two critical functions in order to create and mange a ―culture of security.

Risk Analysis: Impact

The impact this would have on the programme and/or individuals – example 1 (low) to 5 (high) or Negligible to Critical.

Each specific threat scenario is analyzed, within the context of the assessments, and the expected level of impact towards Operations; Personnel and Assets are identified and a descriptor is assigned to the threat.

Risk Analysis: Likelihood

It’s the probability of the event happening under current conditions, and guidelines on the required security and safety measures to be adopted by the organisation for each level.

When assessing a man-made threat, important efforts should be made to find and verify information in real time using resources.

Always update your SRA especially when

  1. There is a change in the political situation or an upcoming event of political significance (e.g. an election) that may impact on security.
  2. There is a change in the operational context (i.e. new role for the NGO or elements of the NGO in country).
  3. When planning for:
    i. A new mission to be deployed.
    ii. The consideration and selection of new offices or facilities.
    iii. An expansion of programs into new areas of a country.
    iv. Operations resuming after a program suspension, relocation or evacuation for security reasons.
    v. Special events or conferences.

Time and Place

Clear timeframes and geographical locations must be established to set the context in which SRAs are made.

It’s because, NGO operations are directly linked to these two factors.

Strategy and Management

What strategies and plans can you put in place to manage these risks?

There are 3 generally recognised strategies for trying to manage risk

ACCEPTANCE

To reduce risk by increasing acceptance of your presence and work.

You’d need to invest in and maintain relationships, engage with beneficiaries and manage behaviour (e.g. dress, hair, posture, vehicle, consumption of alcohol) to maximise acceptance and reduce risk.

PROTECTION

To reduce vulnerability by using protective measures.

You start with reducing exposure (e.g. respect curfews, limit cash, older cars; reduce or increase visibility e.g. logos, T-shirts); strength in numbers (travel in convoy; live in groups); protective devices (guards, radios, flak jackets); protective procedures identity cards, travel permissions).

DETERRENCE

This method aims to deter the threat with counter-threat.

Mainly to limits the scope where you may consider armed protection or threaten suspension or withdrawal.

SECURITY PLANNING & PROCEDURES

Based on the above, guidelines need to be agreed, written, shared and practiced — including:

  1. Standard Operating Procedures — How to avoid incidents: Guidelines on what the procedure is trying to achieve; what needs done and how; who does what; when actions are taken; any supporting documents. Examples may be vehicle movement, cash handling, check points, communications.
  2. Contingency planning — How to react to incidents: Guidelines on how to react in the field to an incidence, and how the incident is managed by the organisation. It is vital everyone is aware of these plans and responsibilities are clear. Examples may be medical evacuation, staff death, abduction / kidnapping, assault, ambush, bomb threat, withdrawal.

POST/PRE INCIDENT

Information collected in the Program or Threat Assessment and expected to have important effects in the Risk Analysis must be validated and shared with the Director or HQ / Country Management depending on the structure of your organisation.

Ensure timely reporting, inquiry, analysis, and staff support.

BUILD YOUR RISK MANAGEMENT CAPACITY

It's important an an NGOs to make sure your staff are aware of certain information on continuous basis for both learning and development of capacity.

As such, a more mature approach is now needed, and one which is based on recognised international standards.

You alos have to think of the nature, scope, and unique needs of the system to your organisation. Don’t just purchase a system.

Ask yourself theses questions

  • Do you have the right person or group designing your approach?
  • Is the approach one which moves you to your desired end point quickly and effectively?
  • Do you have the right management structures in place?
  • Does the system include the prepare and prevent, respond and manage and recover phases?
  • Is there top level commitment to developing, supporting, and enforcing a system?
  • Have you identified, and trained, champions to lead and manage the system once designed?
  • Have you articulated your approach effectively in policies, plans, and procedures?
  • Are other business and operational processes integrated into your risk management approach?
  • Do you have the right support and resources to manage risks or respond to incidents?

SUSTAIN THE KNOWLEDGE

For international NGOs with operations in the field, Local Security Management Officer will take the lead on risk and incident management, and a Security Focal Point may manage the day-to-day requirements of enacting and sustaining the system.

A training and testing program must support any systems and documents used by you staff and their teams, otherwise the knowledge and skills needed to activate and use them in times of crises will not be there when necessary.

The right approach will help NGOs—both their employees and those they serve through their programs—survive times of crisis and ensure sustainability.

REMEMBER! Accountability does not end with the analyses; it ends with personnel, assets, and operations conducted safely both at field and headquarters.

Sources: European Commission , United Nations OCHA , USAID Policy

Security Risk Management
Emergency Response System

--

--

Sam Alsarori

Written by Sam Alsarori

12 Followers

I write to ease the suffering of my mind.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams