At GISF, our members represent over 130 humanitarian organisations, working all over the world. When delivering their vital services across the globe, safety and security are key. This is where security risk management comes in.
Oxfam, for example, currently has around 10,000 staff working in 85 countries. The risks that Oxfam faces are plenty, and it is the job of a security focal point to understand what these are and take action to mitigate them.
Aid workers, programmes, and organisations as a whole face varying levels of risk in carrying out their work globally. Organisations, therefore, must put in place security risk management practices that enable them to effectively reach those most in need while still meeting their duty of care obligations towards staff.
Humanitarian security risk management is a means to an end and not an end in itself. It supports organisations to carry out their work while putting in place safeguards that ensure that the organisation’s most important assets – their people – are not unduly placed at risk.
The risk management guide ISO 31000 defines risk as the effect of uncertainty on objectives. Therefore, security risk management is about enabling organisations to meet their objectives. It is not about being risk averse, but about managing risk.
This GISF video explores what Security Risk Management is, how it can help to keep staff safe and enable sustainable programmes, and why it is important to adopt an inclusive approach to staff security.
Safety versus security
Security means freedom from harm, or the risk of harm, which results from intentional acts. In humanitarian contexts, these risks might be kidnappings or bombings.
Safety means freedom from harm, or the risk of harm, which results from unintentional acts. In humanitarian contexts, these risks might be natural disasters or road traffic incidents.
It is also important to note that risks are not only physical but include psychological trauma and mental illnesses.
Risks to humanitarian organisations
GISF’s members operate in some of the world’s most dangerous locations, such as Afghanistan, the Democratic Republic of the Congo, South Sudan, Yemen and Syria.
In 2022, 444 aid workers were victims of major attacks, with 116 killed, 143 injured, and 185 kidnapped.
In March 2024, a logistics coordinator for a US NGO was killed by an airstrike in Gaza. The attack occurred despite the fact that coordinates of his shelter had been provided for the purpose of protecting him.
In February 2024, two humanitarian aid workers were killed and others injured when their vehicle was attacked in Kherson Oblast. The attack came amidst a context of indiscriminate attacks, urban bombardments and the use of explosive weapons in populated areas.
In July 2023, a gunman opened fire on aid workers from the World Food Programme (WFP). One aid worker, who had worked for WFP for 18 years, was killed and another injured.
In January 2024, three aid workers with French NGO Premiere Urgence Internationale (PUI) were kidnapped in northern Cameroon. The Far North region, where the borders of Nigeria, Chad, Niger and Cameroon meet, has long been plagued by attacks from armed groups.
Security risk management
Effective security risk management starts with well-designed humanitarian programmes, good leadership, strong personal and organisational resilience, and effective communication.
To better understand how to effectively manage security in a humanitarian context, it is helpful to consider the different elements of a security risk management framework:
- Operations and programmes
- Travel management and support
- Awareness and capacity building
- Incident monitoring
- Crisis management
- Security collaboration and networks.
Rather than a process of its own, security risk management is a lens through which to understand how risk can affect programmes and staff throughout the project cycle and means identifying ways to mitigate against identified risks.
Key aspects of good security risk management include:
- Understanding security risk management is first and foremost a tool to enable access to and impact for crisis-affected populations
- Using security risk management as a tool to support decision-makers
- Developing a proactive approach to identify, assess and mitigate risks
- Taking an inclusive approach and drawing on the expertise and experience of internal and external stakeholders in a particular context to understand and manage risk.
Security focal points
Security focal points are the people responsible for mitigating risk to ensure the safety and security of their organisation’s staff and operations. These individuals have a wide range of responsibilities, which often include:
- Policy and Decision Making
- Developing organisation-specific security risk management policies
- Ensuring policies are inclusive for all staff and meet duty of care requirements
- Supporting decision-makers at all levels to understand the security risks the organisations face.
- Funding
- Including costs in proposals to meet security risk management needs.
- Partners and Localisation
- Including security risk assessments in partnership agreements.
- Awareness and capacity building
- Developing capacity building and training programmes for security risk management and personal security
- Organising and conducting security training for staff and partners.
- Crisis management
- Developing crisis management policies and structures
- Creating crisis management plans
- Sourcing assistance providers and support.
- Supporting operations and programmes
- Conducting security inductions for incoming staff
- Conducting risk assessments
- Putting in place security plans
- Travel management and support
- Incident monitoring and analysis.
- Security collaboration and networks
- Coordinating with other organisations in the sector.
The aim of security risk management is to enable organisations to reach those most in need, whilst fulfilling their duty of care.
At GISF, we provide security focal points with a network that keeps aid workers connected and shares global expertise. Through our work, we help organisations to prevent, prepare for, and recover from security incidents.