GISF recently produced a new guide with International Location Safety (ILS) on approaching security risk management (SRM) from a strategic and policy lens. In this blog, Stephen Gluning, Director of Risk Advisory Services at ILS, discusses the development process and highlights key insights from the document.
A Strategic Shift: the new SRM guide
Humanitarian security risk management (SRM) has made significant progress over the last 20 years. In the past, SRM efforts often relied on ad hoc field arrangements and questionable practices. Today, these have largely been replaced by comprehensive and well-articulated security plans. These plans follow a standardised typology covering all aspects of operational security.
International NGOs have also invested heavily in strengthening the capacity of their field staff, training them on best practices for both personal and organisational security. This progress has been guided by key sector documents. These include InterAction’s Minimum Operating Security Standards (2006), the Good Practice Review: Operational Security in Violent Environments (2010), and numerous GISF publications in the recent years.
Yet, despite these improvements, SRM can still feel like a patchwork solution—reactive, siloed, and often disconnected from the bigger picture of organisational strategy. Today’s rapidly changing humanitarian landscape demands a move beyond standard risk frameworks. With new actors, shifting policies, and increasingly complex operating environments, organisations need to do more than manage risks. They need to strategically anticipate and proactively mitigate emerging threats.
It is clear that security can no longer be an afterthought or a separate process—it must be a foundational element in how humanitarian work is structured and delivered.
The Security Risk Management (SRM) Strategy and Policy Development guide was born out of this recognition. Offering a timely and forward-thinking approach to SRM, it provides a pathway for NGO headquarters to recognise security not just as a function within an organisation, but as an organisation-wide business risk that impacts everything—from programme delivery to organisational resilience. The guide is interdisciplinary in nature. It connects security with ongoing sectoral debates and practical solutions, helping organisations align their SRM with broader operational goals.
Developing the Guide: a participatory approach
Creating this guide was a collaborative effort aimed at staying aligned with current trends in the humanitarian sector. But more than that, it sought to make a key argument clear: strong SRM isn’t just about safeguarding staff; it’s about ensuring programmes can thrive and deliver long-term impact.
The development process for this guide drew on the collective experience of GISF’s members and associates. This included workshops, surveys, and key informant interviews. These diverse inputs shaped the guide’s recommendations, ensuring it addresses the real challenges organisations face today.
One key challenge identified was that SRM often lacks visibility among organisations. Less than half of the respondents to the survey felt that SRM was well known and communicated across their respective organisations. This disconnect was compounded by weak cross-function engagement. Despite being identified as key for effective strategic SRM, it was found that there was a lack of confidence among staff that SRM was being fully integrated across organisational departments.
Another major finding was the gap in budgeting for SRM, with many organisations failing to prioritise this at the strategic level. Staff engagement also emerged as a significant challenge, with SRM often viewed as the responsibility of security teams rather than a shared, organisation-wide duty. Moreover, accountability remains an issue, with both leadership and field teams frequently falling short in adhering to SRM policies and procedures. This gap points to a need for better training, simpler systems, and clearer consequences for non-compliance.
A comprehensive resource for strategic SRM
The guide is designed to help NGOs navigate today’s increasingly complex and risky operational environments. It does this by embedding SRM into the core decision-making processes of organisations so they can better protect their staff and also enhance programme delivery and long-term sustainability. The guide focuses on ownership of the SRM process by the people in the organisation. It places SRM as a living process requiring regular review and feedback.
This guide speaks to an interdisciplinary audience. Its primary users may be strategic leaders responsible for SRM at the headquarters level. But it also has broader implications for senior leaders across all functions—HR, finance, IT, programmes, and communications—recognising that security is not confined to one department.
At the heart of the guide are several guiding pillars. These provide a roadmap for integrating SRM into an organisation’s DNA. It begins with a broad view, looking at how an organisation can develop an overarching SRM strategy and how this can be integrated into an organisational strategy. From there, each chapter focuses on a specific area, like engaging with organisational governance structures and coordinating SRM with other functions within an organisation, allowing users to navigate directly to the sections that are more relevant to their department or role within an SRM strategy. Alongside the guide, there is also a set of 12 tools. These include various templates to help senior leaders draft risk attitude statements, a theory of change, and much more.
Concluding Thoughts: a guide for the future of SRM
What has emerged from this comprehensive research is a clear, actionable framework for embedding SRM into the heart of every NGO’s operations. From Somalia in 1993 to the Philppines in 2019, one thing has always been evident to me, and many others: a robust SRM strategy is critical for an organisation to meet its programme goals. Yet, despite its importance, SRM has often struggled to gain the traction it needs across organisations, hindered by fragmented policies, weak internal coordination, and inconsistent communication.
The research associated with this project has reinforced a simple but powerful truth: when an SRM strategy is clearly defined, embedded and nurtured across an organisation, it will serve as a catalyst for improved operational efficiency, stronger regulatory compliance, and increased stakeholder trust. And beyond this, it will establish the groundwork for high-quality, innovative, and sustainable programming in the long term.
I have been involved with SRM for over 30 years. Apart from the early iterations of SRM policies, this is the first time I have encountered a guide that moves away from numbers, event descriptors and interactive databases. Instead, this guide goes back to basics. It focuses on people, on ownership across staff within an organisation, on responsibility and accountability, and on internal and external communication, cooperation and collaboration. It understands the programme and where it fits within the context. It acknowledges the mutual benefits SRM affords to many parts of an organisation. But most importantly, it views SRM as a living process that requires regular review and feedback.
Now, more than ever, SRM must be seen as a shared responsibility that cuts across all functions within the organisation. We encourage all NGO staff to actively engage with this guide and share its insights across departments. This guide isn’t exclusively for security experts—it’s a resource that can inform decision-making at every level, from the boardroom to field operations.
About the author
Stephen Gluning currently serves as the Director of Risk Advisory Services at International Location Safety (ILS). He has an extensive background in security risk management, crisis management and humanitarian operations management from a 23-year operational and director-level career in the United Nations. Prior to joining ILS, Stephen held senior positions at World Food Programme in the Philippines, Italy, and Pakistan from 2009 to 2019.
Related:
What goes on at a GISF Autumn Forum?
Every year, GISF hosts its Autumn Forums in Europe and the Americas for our members and associates – find out what happens at these exciting events in our latest blog.
UN Resolution 2730: why it matters for security
Confused by all the talk at last month’s UN General Assembly on UN Resolution 2730 on the protection of aid workers? Here’s what you need to know about UN Resolution 2730 – and why it matters for security.
NGO cyber security: how should you navigate an increasingly volatile and digitised world?
Everyone faces cyber security risks. But NGOs have particular vulnerabilities. In this blog, Sneha Dawda and Nick Robinson from AnotherDay break down some of the key challenges and offer practical solutions.