The document provides information on security risk management and security risk assessments for NGOs operating in unstable environments. It defines key terms like strategy, planning, tactics, security risk management, and security risk assessment. It also discusses developing a security risk assessment, identifying threats and vulnerabilities, and using risk assessments to effectively manage security risks. The document provides examples of how to classify risk levels in different areas and outlines contingency plans, relocation thresholds, and evacuation procedures.

1. Malu Malu Louison | Country Security Coordinator| Plan
International |
P.O.Box 182| Hai Cinema| Juba|South Sudan|
Email: L.Malumalu@plan-international.org |
Cell phone: +211 (0) 956600908
+211 (0) 921402270
New phone number: +211 (0) 913380040
Office Cell Phone: +211 956 201 698
Skype: malu.malu.louison

2.  Strategy: a course of action to achieve certain
goals. Strategies can be general in nature or
very specific.
 Planning: the process of determining how to
carry out a course of action. It involves
anticipating future problems, understanding their
potential impact, establishing policies and
procedures, and allocating resources.
 Tactics: how the strategy is achieved. Specific
measures for dealing with threats, vulnerabilities
and risk.

3. The Security Risk Management model
is the managerial tool of NGOs for the analysis of safety
and security hazards that may affect its personnel, assets and
operations.
The definition of Security Risk Management is:
SRM is an analytical procedure that assists in assessing
the operational context of the NGO; and identifies the risk
level of undesirable events that may affect
personnel, assets, and operations; providing guidance
on the implementation of solutions in the form of
specific mitigation strategies and measures with the
aim of lowering the risk levels for the NGO by reducing the
impact and likelihood of an undesirable event.

4.  The Security Risk Assessment (SRA) is an integral part of the
SRM process. Security decisions, planning, and
implementation of security measures to manage security risks must be
based on sound Security Risk Assessments.
The definition of Security Risk Assessment is:
The process of identifying those threats which could affect
personnel, assets or operations and the NGOs
vulnerability to them, assessing risks to the NGO in terms of
likelihood and impact, prioritizing those risks
and identifying mitigations strategies and measures.
 A credible SRA is an essential prerequisite to the effective management
of risk; the objective of an SRA is to
identify and assess the nature of the risks to a NGO operation or activity
so that those risks can be effectively
managed and funded through the application of mitigating
measures. (The functioning of the SRA within the
overall SRM process is illustrated in Graph 1 and bottom presentation.)
F:AFRICARICE
PRESENTATIONSSRA & Securit

7. F:AFRICARICE
PRESENTATIONSSECURITY POLI
F:AFRICARICE
PRESENTATIONSSECURITY PLAN
F:AFRICARICE
PRESENTATIONSSOPs samples
F:AFRICARICE
PRESENTATIONSCPsPlans_Sou
F:AFRICARICE
PRESENTATIONSIRC Training
F:AFRICARICE
PRESENTATIONSGUIDELINES &
Microsoft Excel
97-2003 Worksheet

8.  How XXXXXX is perceived is very important
to managing security risks. It is essential that
the community you are working in understands your
mission and what you are trying to accomplish.
 While the people your organization serves will know
about and appreciate your programs, others
in the community might not know about the services
you are providing.
 If they are aware of the benefits of your
programs and understand your mission, they
are more likely to treat you as a good neighbor and
look out for your interests.

9. Which approach do you think offers a
greater amount of security?
◦ A guarded, walled compound that the
neighbors always see trucks leaving from in the
morning and returning in the evening but have
no idea about the work your organization is
doing.
or
◦ The same walled compound, with the
same guards and the trucks coming and
going, but the neighbors know your
organization is running a food
distribution center in a nearby village and a
local HIV/AIDS education program.

10.  Humanitarian organizations use three broad
security strategies for mitigating risk. These
 strategies are:
◦ Acceptance
◦ Protection
◦ Deterrence

11.  Reducing or removing a threat through
widespread understanding and acceptance
of an organization’s work.
 The acceptance strategy is accomplished by
establishing good relationships with the
people your organization serves,
government authorities and other stakeholders.
These relationships are based on showing
and earning respect.

12.  Reducing the vulnerability, but not the
threat, by making your organization less
vulnerable.
 This strategy relies on increased security
measures such as good locks, hiring
guards or setting curfews. Different types of
protective measures are selected based on
current threats and risks.

13.  Reducing the risk by containing and
deterring a threat with a counter-threat.
 This could include supporting military actions,
suspension and/or withdrawal of an organization’s
programs, a call for diplomatic sanctions, or
armed defense.

14.  Organizations often use a mix of strategies or
emphasize one over another based on the situation.
 Varying strategies may be used in different
parts of a country or at different times,
depending on the circumstances.
 The strategies may need to change, sometimes
rapidly, based on events and incidents.
 Successfully determining the appropriate strategies
to be used depends on fully understanding the
context and risks involved.

15. Discuss which strategies does your office use? Are
they successful?

16.  Different places have different levels of
risk. You should have a way of classifying
the level of risk for each place that has
programs.
 The level of risk determines which safety and
security measures are used.
Microsoft Excel
Worksheet

17.  These are countries, regions or cities
that are stable and free of political,
economic and social unrest. The crime rate
is generally low and organized anti-government
or terrorist groups, if present, have limited
capabilities. (Keep in mind that while the
security situation may be stable, an area still can
be at risk from natural disasters.)
 Low risk environments use standard
safety and security measures.

18.  Low-level political, economic and social
unrest is present or the safety and security
infrastructure (law enforcement, medical and fire) is
poorly developed. Organized anti-government or
terrorist groups may be active but are not strong
enough to threaten the government’s stability.
The country may be involved in a regional dispute,
have high crime rates, or be susceptible to natural
disasters or disease outbreaks.
 In moderate risk environments, increased
safety and security measures are required to
address recognized threats.

19.  Organized anti-government or terrorist
groups are very active and pose a serious
threat to the country’s political or economic
stability.
 A civil war may in progress and paramilitary or
insurgent forces may be in control of large areas.
 The country may also be near or in the process of a
military coup, be involved in violent regional
disputes with bordering countries, or be
experiencing a breakdown in the social
infrastructure.

20.  There may be threats or harassment of
humanitarian workers.
 Disease epidemics or natural disasters can also
cause an area to be considered high-risk.
 In these environments, stringent safety and
security measures, such as restricted staff
movement or curfew, may be required. Non-
essential staff and dependents may be
evacuated or relocated.

21.  Countries or regions where the level of
violence presents a direct threat to the
safety and security of staff members.
 Operations are usually not possible without
military support and security cannot be assured.
 There may be temporary operations
suspensions, evacuation of international
staff, and maximum-security precautions
for national staff.

22. What is the current risk rating for your country, the
capital city, and regions where your organization
has offices?

23.  An event or series of events that causes certain
security measures to be implemented.
 Security thresholds can also work the other way,
and reduce security measures.
 Security thresholds should be identified
ahead of time, so you can rapidly and
efficiently implement contingency plans.
 If you rely on security thresholds as
decision-making points, be sure to have
enough information to know when a threshold
has been reached.

24. List some security thresholds that apply to your
office and the responses that are advised as each
threshold is reached.

25.  Relocation is the movement of staff to a safe
place within the country.
 Evacuation is the movement of staff to a safe
place outside the country. Evacuation is
considered a last resort after efforts to resolve or
mitigate potential threats are unsuccessful.

26.  A sudden crisis such as a natural disaster
 Insurrection and other civil disorder
 Terrorist activities and threats

27. Issues that need to be addressed include:
 Which staff members will be evacuated.
 Whether programs will continue and be
remotely managed.
 When and whether to resume operations.
 Disposition of assets, and staff
compensation.

28.  Define the thresholds that would cause a
relocation/evacuation.
 Establish the decision making process for
ordering evacuation.
 Clarify the means by which decisions will
be communicated.
 Identify who gets evacuated under which
circumstances.
 List the resources to be provided at safe
locations.
 Define policies and procedures for
evacuated staff (communication with the office,
payment, reimbursement, additional duties).
 Be updated regularly and rehearsed annually.

29.  One – Pre-planning
 Two – Alert
 Three: Curtailment of Operations/Relocation
 Four – Evacuation
In reality, a situation could deteriorate rapidly,
and the need for an evacuation might start in
any one of these phases. That is why a written,
well-designed and practiced evacuation plan is so
important.

30.  Pre-planning. This is everyday, normal operations.
 Your office should be continually monitoring
the safety and security situation, especially in
Moderate or High-risk areas in case there is a
potential need for evacuation.
 Phase One is the time when a good
evacuation plan should be developed and
staff are trained in exercising it.

31.  Alert. Mounting tensions or instability may lead
senior management to:
◦ Limit operations
◦ Increase security measures
◦ Formally review the evacuation plan for rapid
implementation
 Staff should prepare for the possibility of an
evacuation.

32.  Curtailment of Operations/Relocation. During
this phase, the situation has deteriorated enough so normal
work cannot continue and evacuation is imminent.
 All non-essential international staff and family
members may be requested to evacuate.
 Staff members outside the hazardous region may be
asked to remain in a safe place.
 The formal pre-evacuation process is started,
including copying and removing sensitive
documents from files, ensuring logistical support is in
place and preparing safe locations for staff.

33.  Evacuation. The decision is made to evacuate
and plans are implemented.
 The final evacuation may be done in several
stages, usually ending with all staff relocating to a
safe area.
 Your office may continue some operations with
national staff or decide to close completely.

34.  Hibernation is a last resort for situations
where evacuation is warranted, but is not
possible due to unsafe conditions. Hibernation
is not an alternative to a planned evacuation.
 As part of an office evacuation plan, designated safe
locations are identified (such as homes, offices, or
embassies).
 A safe place should have sufficient food and
water for at least a week as well as reliable
communications equipment.
 Staff that hibernates will continue with normal
evacuation plans when the situation becomes safer.If
a crisis resolves itself while staff is hibernating, senior
management may decide to resume normal
operations as soon as possible with staff that have
not evacuated.

35.  Self-evacuation is when an evacuation is
ordered, but a staff member is working in
a remote area or for some reason cannot
be part of the main evacuation effort.
 In such cases staff members should use their
best judgment on what to do.
 Staff members self-evacuating should make
every effort to stay in contact with XXXXXX
during their progress. At the very least, they
should contact a XXXXXX representative as
soon as reaching a safe area.

36.  Your office should have a standardized way of
collecting information about safety and security
incidents.
 By reporting incidents in a timely manner and having a system
in place to track and analyze the information, your
organization can identify trends and respond
accordingly.
 Even if incidents are being tracked by your organization’s
headquarters, someone should also be tracking and
analyzing local incidents so you have a better
understanding of the current safety and security
situation.

37. Ambushes
Arrests or detentions
Attacks or assault (physical or sexual), including
attempts
Bombings
Civil disturbances
Credible threats of harm to staff or property
Extortion attempts
Kidnappings or attempted kidnappings
On-the-job accidents that result in serious injury
Patterns of hostile acts directed at staff
Thefts of funds, goods, or other assets
Vehicle accidents involving staff that result in injury or
death

38. Your country or field office should have a
written safety and security plan. It serves
several purposes:
◦ Clearly states office safety and security policies and
procedures.
◦ Acts as a procedures reference during an
emergency.
◦ Helps the management team identify and think
through safety and security issues.
◦ Makes it easier to orientate new staff to XXXXXX
's approach to safety and security and the individual staff
member's roles and responsibilities.
Microsoft Word
Document

39. Information in safety and security plans falls into two
categories:
◦ Standard operating procedures – Are safety and security
measures that are always in effect, such as requirements for
wearing seat belts, having fire extinguishers present in offices,
and providing staff with first aid training.
◦ Contingency procedures – Are safety and security
measures that only go into effect when risks increase or
specific events occur. Examples include disaster
preparedness plans, restricted staff movement, and
evacuation.

40.  Communications reference – Key contacts with office
and home phone numbers, email addresses and radio
frequencies.
 Contingency plans - Contingency plans, with
procedures for evacuations, civil unrest, medical
emergencies, natural disasters, vehicle accidents and
other events identified during the risk assessment
process.
 Incident reporting - A description of the safety and
security incident reporting system, including the
designated staff member responsible for incident reporting
and the location of all incident report records.

41.  Safety and security procedures - A list of all
standard office safety and security procedures.
 Security briefing and orientation records –
Records of all staff security briefings and orientations,
including the briefing date, person conducting the briefing,
and the topics covered.
 Training records – Records of all safety and security
training provided to staff.
 Travel precautions – Any travel-related safety or
security issues or precautions.
 Visitor policies - The current policies, standards,
procedures, and restrictions for in-country visits.

42.  The most effective safety and security plans are those that
are the product of a collaborative assessment and
planning process.
 A safety and security plan should be tailored to your
office’s situation and needs.
 The purpose of a safety and security plan is not just to
check a box that your office has one. A plan is meant to
reduce the chances of XXXXXX, its staff and
assets suffering harm or loss.
 All staff needs to be orientated to the safety and
security plan. They need to understand the threat
environment, policies and procedures and their respective
roles and responsibilities.

43. More information at: