At GISF, our members represent over 100 humanitarian organisations. Together, they work in a total of 130 countries. When delivering their vital services across the globe, safety and security are key. This is where security risk management comes in.
Oxfam, for example, currently has over 10,000 staff working to fight poverty in more than 90 countries. The risks that Oxfam faces are plenty, and it is the job of a security focal point to understand what these are and take action to mitigate them.
Aid workers, programmes, and organisations as a whole face varying levels of risk in carrying out their work globally. Organisations, therefore, must put in place security risk management practices that enable them to effectively reach those most in need while still meeting their duty of care obligations towards staff.
Humanitarian security risk management is a means to an end and not an end in itself. It is a set of tools that aim to support organisations in continuing to carry out their work while putting in place safeguards that ensure that the organisation’s most important assets – their people – are not unduly placed at risk.
ISO 31000 defines risk as the effect of uncertainty on objectives. Therefore, security risk management is about enabling organisations to meet their objectives. It is not about being risk averse, but about managing risk.
Safety versus security
Security means freedom from harm, or the risk of harm, which results from intentional acts. In humanitarian contexts, these risks might be kidnappings or bombings.
Safety means freedom from harm, or the risk of harm, which results from unintentional acts. In humanitarian contexts, these risks might be natural disasters or road traffic incidents.
It is also important to note that risks are not only physical but include psychological trauma and mental illnesses.
Risks to humanitarian organisations
GISF’s members operate in some of the world’s most dangerous locations, such as Afghanistan, the Democratic Republic of the Congo, South Sudan, Yemen and Syria.
In 2019, known figures show that at least 300 aid workers were attacked, killed or kidnapped around the world. Below are some of these stories.
On 29th June 2019, two national NGO volunteers were killed during a reported Russian airstrike, while attempting to evacuate injured people in an ambulance. The airstrike occurred in Khan Sheikhoun town, of Maarrat Al-Numan district, which has seen extensive aerial bombardment.
On 24th July 2019, two Ebola health workers were reportedly killed in their homes by community members in North Kivu. The health ministry reported the workers suffered months of threats prior to the attack. Attacks against Ebola responders in North Kivu have been occurring more often due to community mistrust.
On 8th May 2019, three national staff of an international NGO were killed at their project office in Kabul after a car bomb detonated, targeting another NGO’s nearby office. Reports indicate that two others were killed and fifteen were injured.
On 19th July 2019, seven staff of an international NGO were ambushed and attacked by Islamic State West Africa Province (ISWAP) militants. One driver was killed during the attack, and two other drivers, three health workers and an aid worker were kidnapped and were still held as of September 2019. On September 26th, one of the six hostages was killed. On December 13th, four of the remaining hostages were killed.
On 17th August 2019, an NGO staff member was reportedly shot and killed by a sniper targeting their aid convoy. The staff member was travelling in an ambulance marked with the organisation’s name. After the staff member was shot, a grenade hit the ambulance and other staff members were reportedly wounded.
Security risk management
Effective security risk management starts with well-designed humanitarian programmes, good leadership, strong personal and organisational resilience, and effective communication.
To better understand how to effectively manage security in a humanitarian context, it is helpful to consider the different elements of a security risk management framework:
- Operations and programmes
- Travel management and support
- Awareness and capacity building
- Incident monitoring
- Crisis management
- Security collaboration and networks
Rather than a process of its own, security risk management is a lens through which to understand how risk can affect programmes and staff throughout the project cycle and means identifying ways to mitigate against identified risks.
Key aspects of good security risk management include:
- Understanding security risk management is first and foremost a tool to enable access to and impact for crisis-affected populations
- Using security risk management as a tool to support decision-makers
- Developing a proactive approach to identify, assess and mitigate risks
- Taking an inclusive approach and drawing on the expertise and experience of internal and external stakeholders in a particular context to understand and manage risk
Security focal points
Security focal points are the people responsible for mitigating risk to ensure the safety and security of their organisation’s staff and operations. These individuals have a wide range of responsibilities, which often include:
- Policy and Decision Making
- Developing organisation-specific security risk management policies
- Ensuring policies are inclusive for all staff and meet duty of care requirements
- Supporting decision makers at all levels to understand the security risks the organisations face
- Funding
- Include costs in proposals to meet security risk management needs
- Partners and Localisation
- Include security risk assessments in partnership agreements
- Awareness and capacity building
- Developing capacity building and training programmes for security risk management and personal security
- Organising and conducting security training for staff and partners
- Crisis management
- Developing crisis management policy and structure
- Creating crisis management plans
- Sourcing assistance providers and support
- Supporting Operations and programmes
- Conducting security inductions for incoming staff
- Conducting risk assessments
- Putting in place security plans
- Travel management and support
- Incident monitoring and analysis
- Security collaboration and networks
- Coordinating with other organisations in the sector
The aim of security risk management is to enable organisations to reach those most in need, whilst fulfilling their duty of care.
At GISF, we provide security focal points with a network that keeps aid workers connected and shares global expertise. Through our work, we help organisations to prevent, prepare for, and recover from security incidents.