There are many different activities and measures than can be taken to reduce risk. Which one you choose depends on many factors including the findings from your threat, vulnerability, and program analyses, your budget, and your overall organizational security strategy. Some organizations may decide upon a core strategy of maximum prevention activities. For example, the ICRC and many of the Red Cross National Societies often forgo protective vehicles and helmets, even in dangerous areas, and rely largely on community acceptance and plain identification of themselves in the field.
Other organizations, which for pragmatic or political reasons, may feel that they are already a target and that prevention strategies will not work for them, at least in the short term. They will necessarily have to depend on more protective and mitigation-based strategies.
The brief descriptions that follow comprise your risk reduction options or toolkit. Your organization may not have the ability to apply all of these measures, nor may it need to. What is important is that you consider your actual situation in the field and then survey all of the possible tools at your disposal. You will only need to use as many as are required to reduce your risk to an acceptable level. Note that the list below is not a sequence, nor are the “tools” shown in any particular priority. A comprehensive response to most high security risk situations will often entail a mix of some or all of the ten tools described below.
1) Planning is basically intended to help you foresee potential security threats and problems and reduce emergency response time. When security planning is done jointly with partners, it can facilitate a concerted response (see coordination below).
The American General Dwight D. Eisenhower once said “Plans are nothing; planning is every – thing.” What he meant was that the value gained from the planning process itself—meeting with partners, identifying problems, brainstorming options—is often more important than the document that results from the process. Knowing who your partners are and how they will react in case of a serious security event can be critical to your own safety and security as well.
2) Coordination with other actors in the field serves two important security functions. It can help you obtain important information that affects your security before it is too late, and it can facilitate quicker, more concerted emergency response/rescue in the event of an incident. Coordination measures can be both external and internal:
External coordination includes critical partners such as host government counterparts, other humanitarian or development agencies, local community leaders, and your program beneficiaries. Do you have linkages in place to ensure that critical security information gets to you in time from these sources?
Internal coordination includes establishing a warden system, or information tree, to ensure that all staff can be contacted immediately in the event of an emergency and know what to do. Remember to test the system regularly once it is in place. An outdated staffing list can actually slow down response time and introduce chaos into your emergency response.
3) Hardening usually comes to mind first when thinking about security measures. Hardening (or protective) measures are intended to make it more difficult for an attacker to harm you (hopefully preventing them from even trying) or to mitigate the effect of an attack if it occurs.
A few common hardening measures include:
4) Deterrence suggests that not only will it be hard for attackers to harm you, but that there will be some reprisal in response. For example, ballistic blankets and bullet-proof glass in a vehicle are considered hardening measures, but a police escort for the vehicle is a deterrent. If attacked, the police will fight back. What kinds of deterrence do humanitarian agencies have at their disposal?
Guards may be appropriate or necessary and can include any of the following:
Program suspension or sometimes just the threat of suspending your program (or pulling out altogether) can be a form of deterrence to threatening behavior. It can also be an influential bargaining point in negotiating support with local authorities for improved protection. But remember, in cases where perpetrators are hoping their acts will force you to leave, program suspension is not a deterrent at all.
5) Image and acceptance strategies are purely preventive and aim to decrease the likelihood of an attack by reducing the potential attacker’s desire to do harm to you or to your agency. Note that the term “acceptance” has a double meaning in the risk management context: among humanitarian agencies it has come to mean the receptivity of a population to the agency’s staff and programs. However, in the professional risk management industry, it is sometimes used to refer to a person’s “risk tolerance”; that is, the degree of risk that they are willing to accept. For this reason the term “hostility avoidance” is also used to refer to generic strategies aimed at reducing ill will toward aid workers. Common strategies include:
As noted, image and acceptance strategies may sometimes be considered to be in opposition to hardening strategies. In such cases, managers must balance the advantages and disadvantages of each measure in the context of their specific situation and the operation as a whole.
6) Communications equipment and procedures give you the ability to communicate quickly and clearly — a cornerstone of field security. This is so critical for humanitarians working in dangerous field environments that it merits special attention. Important questions to ask include:
You should consult a telecommunications and/or security officer for more detailed advice in this highly technical area. Some common communications solutions include:
7) Vehicle equipment and procedures – Like communications equipment, vehicles deserve special attention due to the generally recognized high vulnerability of staff during road travel in dangerous areas. Key questions to ask (the answer should be “yes” in each case):
8) Risk transference refers to measures designed to shift risk to another party. The example of risk transference that is most familiar to most of us is the use of insurance; in exchange for a monthly fee or premium, we transfer liability for a potentially costly event to the insurer. In humanitarian activities risk transference is used when you hire a trucking company to transport food into dangerous areas or seek the intervention of security forces to handle a potentially violent situation. In these cases the risk does not go away, but someone else has to face it. Risk transference strategies have advantages and cautions. They may be appropriate when:
9) Staff knowledge and skills – Staff who are knowledgeable and alert about security risks and procedures are more likely to avoid security incidents, or to handle them effectively when they occur. What specific knowledge or skills do you think are most important for security management?
Your answers may include topics and locally appropriate skills (e.g., local language skills) associated with your specific location or field security environment. Better informed and more skillful staff will be safer staff. The more they understand and are equipped to respond to their security environ – ment, the less risk they will face. Increasing this understanding and improving the response skills required are important parts of a comprehensive risk reduction strategy. Some important knowledge and skill areas include:
10) Exposure reduction is sometimes referred to as “reducing the operational tempo” which means reducing the size of the target presented to potential threats. In general these are:
The risk reduction toolkit of options described above is not intended to be all-inclusive— the ways to reduce risk and enable program success are limited only by your creativity and imagination. The important points to remember are that, as a manager, you have a broad range of options at your disposal, and a balanced and comprehensive security strategy will usually include a range of these different measures.
Criticality assessment considers the importance or urgency of the program activity, and weighs this against the risks to staff in carrying out the activity.
Generally speaking, it can yield three possible outcomes:
In this case the manager must select and implement appropriate measures designed to eliminate unnecessary risk and manage residual risk.
Criticality analysis cannot produce absolute, right or wrong answers and cannot be used to provide justification where risk is clearly unacceptable; however, it can help to clarify thinking, expose strengths and weaknesses in an argument, and provide support for a decision entailing reasonable risk once it is taken.
The SRA process should lead to practical measures designed to deal with risk.
The two basic types of risk reduction measures are:
The “Risk Reduction Toolkit” is a generic set of activities and means for reducing risk in the field. This toolkit of risk reduction measures includes: