Module 8.3 – The Risk Reduction Toolkit

There are many different activities and measures than can be taken to reduce risk. Which one you choose depends on many factors including the findings from your threat, vulnerability, and program analyses, your budget, and your overall organizational security strategy. Some organizations may decide upon a core strategy of maximum prevention activities. For example, the ICRC and many of the Red Cross National Societies often forgo protective vehicles and helmets, even in dangerous areas, and rely largely on community acceptance and plain identification of themselves in the field.

Other organizations, which for pragmatic or political reasons, may feel that they are already a target and that prevention strategies will not work for them, at least in the short term. They will necessarily have to depend on more protective and mitigation-based strategies.

The brief descriptions that follow comprise your risk reduction options or toolkit. Your organization may not have the ability to apply all of these measures, nor may it need to. What is important is that you consider your actual situation in the field and then survey all of the possible tools at your disposal. You will only need to use as many as are required to reduce your risk to an acceptable level. Note that the list below is not a sequence, nor are the “tools” shown in any particular priority. A comprehensive response to most high security risk situations will often entail a mix of some or all of the ten tools described below.

1) Planning is basically intended to help you foresee potential security threats and problems and reduce emergency response time. When security planning is done jointly with partners, it can facilitate a concerted response (see coordination below).

  • An office security plan contains basic information such as identification of key people with security responsibilities, analysis of the situation and threats, and basic steps to be taken in the event of a security incident. Updated staff lists are usually included as an annex. Every office, no matter how small, should have a security plan, although the amount of detail can vary according to the needs of the office.
  • Specific security scenario-based contingency plans explain how the office will respond to scenarios that have been identified as being particularly important in the risk analysis process. They can be included as annexes in the overall security plan.

The American General Dwight D. Eisenhower once said “Plans are nothing; planning is every – thing.” What he meant was that the value gained from the planning process itself—meeting with partners, identifying problems, brainstorming options—is often more important than the document that results from the process. Knowing who your partners are and how they will react in case of a serious security event can be critical to your own safety and security as well.

2) Coordination with other actors in the field serves two important security functions. It can help you obtain important information that affects your security before it is too late, and it can facilitate quicker, more concerted emergency response/rescue in the event of an incident. Coordination measures can be both external and internal:

External coordination includes critical partners such as host government counterparts, other humanitarian or development agencies, local community leaders, and your program beneficiaries. Do you have linkages in place to ensure that critical security information gets to you in time from these sources?

Internal coordination includes establishing a warden system, or information tree, to ensure that all staff can be contacted immediately in the event of an emergency and know what to do. Remember to test the system regularly once it is in place. An outdated staffing list can actually slow down response time and introduce chaos into your emergency response.

3) Hardening usually comes to mind first when thinking about security measures. Hardening (or protective) measures are intended to make it more difficult for an attacker to harm you (hopefully preventing them from even trying) or to mitigate the effect of an attack if it occurs.

A few common hardening measures include:

  • A strong perimeter enclosure—wall or sturdy fence.
  • A sturdy gate and lock.
  • Strong building materials (concrete or brick) with sturdy locking doors.
  • Shatter-resistant film on exterior glass windows.
  • Steel bars on external windows.
  • A bunker or safe room inside the office or compound provisioned with emergency supplies. Hardening measures may also have disadvantages:
  • They may be equipment-intensive and therefore expensive.
  • They may work in opposition to image and acceptance strategies (see below). Still, some hardening measures are almost always part of a comprehensive security strategy.

4) Deterrence suggests that not only will it be hard for attackers to harm you, but that there will be some reprisal in response. For example, ballistic blankets and bullet-proof glass in a vehicle are considered hardening measures, but a police escort for the vehicle is a deterrent. If attacked, the police will fight back. What kinds of deterrence do humanitarian agencies have at their disposal?

Guards may be appropriate or necessary and can include any of the following:

  • Unarmed guards, either recruited locally or provided by a reputable security firm.
  • Armed guards, provided by a reputable security firm.
  • Guards specially provided by the host government.
  • Local police.
  • Police or military escorts for road movements.
  • Host government military forces.
  • International military forces (e.g., UN Peacekeeping Forces).
  • In certain cases, other military forces (e.g., forces of a specific faction controlling the ground where you are operating, or a national armed force operating in your area). Note that using guards involves important considerations such as the level of training and awareness of guards, the impact on your mission and mandate and the impact of your cooperation on perceptions of impartiality and neutrality.

Program suspension or sometimes just the threat of suspending your program (or pulling out altogether) can be a form of deterrence to threatening behavior. It can also be an influential bargaining point in negotiating support with local authorities for improved protection. But remember, in cases where perpetrators are hoping their acts will force you to leave, program suspension is not a deterrent at all.

5) Image and acceptance strategies are purely preventive and aim to decrease the likelihood of an attack by reducing the potential attacker’s desire to do harm to you or to your agency. Note that the term “acceptance” has a double meaning in the risk management context: among humanitarian agencies it has come to mean the receptivity of a population to the agency’s staff and programs. However, in the professional risk management industry, it is sometimes used to refer to a person’s “risk tolerance”; that is, the degree of risk that they are willing to accept. For this reason the term “hostility avoidance” is also used to refer to generic strategies aimed at reducing ill will toward aid workers. Common strategies include:

  • A clear and proactive public information campaign to explain the agency’s programs.
  • Regular and positive interaction with the local population.
  • Programs that benefit the population and that distribute benefits fairly and transparently.
  • Staff behavior that respects cultural norms.

As noted, image and acceptance strategies may sometimes be considered to be in opposition to hardening strategies. In such cases, managers must balance the advantages and disadvantages of each measure in the context of their specific situation and the operation as a whole.

6) Communications equipment and procedures give you the ability to communicate quickly and clearly — a cornerstone of field security. This is so critical for humanitarians working in dangerous field environments that it merits special attention. Important questions to ask include:

  • Do I have an assured means of communicating with all my staff in an emergency, and can they reach me?
  • Do I have a way of communicating with critical partners and headquarters?
  • Do staff members working in areas at risk have a means of communication with each other?
  • Do I have reliable communications with staff members during road travel, where they are often at particular risk?
  • For all of the above, is there a backup means of communication? In areas of particularly high risk this may be a minimum standard.
  • Is communication equipment well maintained? Do all staff members know how to operate it?
  • Are there appropriate communications protocols/procedures in place, and does staff know and comply with them?

You should consult a telecommunications and/or security officer for more detailed advice in this highly technical area. Some common communications solutions include:

  • Landline telephones (Is the network reliable in your area?)
  • Mobile/cellular telephones (Remember, the network is likely to become overloaded and may collapse during a large-scale crisis!)
  • VHF and HF Radios (Are you familiar with the range/terrain limitations? Are additional base stations or repeaters needed?)
  • Satellite telephones (Is there appropriate satellite coverage in your area?)
  • Various data transmission systems

7) Vehicle equipment and procedures – Like communications equipment, vehicles deserve special attention due to the generally recognized high vulnerability of staff during road travel in dangerous areas. Key questions to ask (the answer should be “yes” in each case):

  • Are your vehicles appropriately chosen and equipped for the threats in your area?
  • Are they appropriate for the terrain and natural hazards?
  • Are there appropriate procedures in place, such as a mission tracking system?
  • Do staff members know what emergency actions are to be taken in the event of an incident?
  • Do drivers have appropriate training?

8) Risk transference refers to measures designed to shift risk to another party. The example of risk transference that is most familiar to most of us is the use of insurance; in exchange for a monthly fee or premium, we transfer liability for a potentially costly event to the insurer. In humanitarian activities risk transference is used when you hire a trucking company to transport food into dangerous areas or seek the intervention of security forces to handle a potentially violent situation. In these cases the risk does not go away, but someone else has to face it. Risk transference strategies have advantages and cautions. They may be appropriate when:

  • The party to whom you are transferring risk is mandated or better equipped to deal with the risk (as in the case with law enforcement above).
  • Your transfer of risk distributes it among many, thus reducing it to acceptable levels for all.
  • A number of parties are sharing in the benefits of a particular program where it may be appropriate for them to share the risks equally.
  • Risk transference has obvious benefits for the transferring organization that thereby lowers its risk. However, there may be political, managerial and ethical considerations as well:
  • Risk transference may result in loss of control and quality of the work or program.
  • It may result in transference of some of the benefits, e.g., from positive publicity of the program.
  • There may be significant issues of responsibility and accountability for the well-being of those assigned to do the work, both morally and, in many instances, legally.

9) Staff knowledge and skills – Staff who are knowledgeable and alert about security risks and procedures are more likely to avoid security incidents, or to handle them effectively when they occur. What specific knowledge or skills do you think are most important for security management?

Your answers may include topics and locally appropriate skills (e.g., local language skills) associated with your specific location or field security environment. Better informed and more skillful staff will be safer staff. The more they understand and are equipped to respond to their security environ – ment, the less risk they will face. Increasing this understanding and improving the response skills required are important parts of a comprehensive risk reduction strategy. Some important knowledge and skill areas include:

  • Briefing and understanding of the general environment, its threats and risks.
  • Knowledge of the specific local security plan.
  • Knowledge of generic responses and procedures for specific contingencies. (e.g., general landmine awareness training).
  • Knowledge of specific procedures to follow in event of particular contingencies (i.e., standard procedures determined in your contingency planning).
  • Security risk assessment and management skills (e.g., this course).
  • First aid training.
  • Communications equipment familiarity and use.
  • Cultural awareness.
  • Language training.

10) Exposure reduction is sometimes referred to as “reducing the operational tempo” which means reducing the size of the target presented to potential threats. In general these are:

  • Reduction of geographic exposure: by limiting or curtailing operations in certain high-risk zones, declaring no-go areas, etc.
  • Reduction of the amount of time (or specific times) that you or your staff are exposed to threats: by limiting hours of operation in sensitive locations, limiting time of travel to daylight hours only, establishing staff curfews etc.
  • Reduction of total number of staff exposed by setting staffing ceilings or reducing certain categories of staff (due to sensitive nationality, gender, national/international status etc).
  • The most extreme form of exposure reduction, of course, is program suspension and ultimately, program or mission cancellation.

The risk reduction toolkit of options described above is not intended to be all-inclusive— the ways to reduce risk and enable program success are limited only by your creativity and imagination. The important points to remember are that, as a manager, you have a broad range of options at your disposal, and a balanced and comprehensive security strategy will usually include a range of these different measures.


Criticality assessment considers the importance or urgency of the program activity, and weighs this against the risks to staff in carrying out the activity.

Generally speaking, it can yield three possible outcomes:

  • Benefits clearly outweigh the risks; undertaking the program falls in the category of reasonable risk.
  • Risks clearly outweigh the benefits; the activity entails unacceptable risk.
  • The risk may be acceptable, but only with additional mitigating measures.

In this case the manager must select and implement appropriate measures designed to eliminate unnecessary risk and manage residual risk.

Criticality analysis cannot produce absolute, right or wrong answers and cannot be used to provide justification where risk is clearly unacceptable; however, it can help to clarify thinking, expose strengths and weaknesses in an argument, and provide support for a decision entailing reasonable risk once it is taken.

The SRA process should lead to practical measures designed to deal with risk.

The two basic types of risk reduction measures are:

  • Prevention measures that reduce the likelihood that potential threats will occur.
  • Mitigation measures that reduce the damaging impact of potential threats when they do occur.

The “Risk Reduction Toolkit” is a generic set of activities and means for reducing risk in the field. This toolkit of risk reduction measures includes:

  • Planning for security protocols and responses in readiness for response to potential threats.
  • Coordination, both internally among staff and organizational units, and externally with other organizations.
  • Hardening measures such as walls and strong gates and doors.
  • Deterrence measures such as guards and police.
  • Image- and acceptance-improving measures such as public outreach campaigns and immediate organizational recognition measures like flags and large decals for buildings and vehicles.
  • Communications equipment and readiness for use by all staff members.
  • Vehicles, their drivers and the associated equipment and procedures for using them.
  • Risk transference strategies, such as insurance policies and hiring others to undertake dangerous tasks.
  • Staff knowledge and skills that guide them in avoiding unnecessary risks and prepare them for emergency response if need be.
  • Reducing exposure by reducing staff in the field, the amount of time that they are in harm’s way, or the areas in which they work and travel.