Does Every Office Need a Security Plan?. Yes. Every office should have some form of security plan; however, what is required for your particular office’s security plan will vary considerably depending on your location and situation. For example, your organization may occupy an office alongside partner agencies in a building which already has an adequate building-wide security plan. In this case you might only need to maintain a copy of the plan on hand and ensure that staff are kept informed and aware of the parts that concern them.
This principle holds true for organizations working in the field sharing common security protocols (e.g., UN agencies under the UN security management system or NGOs operating in accordance with shared guidelines). Where a system-wide plan exists, it would be pointless to create a separate plan; however, your office’s plan should address agency-specific contingencies (such as incidents involving refugees in the case of UNHCR), as well as particular information about how the office would integrate into the overall plan. In a very small field activity, such as a satellite office, security plans might consist of 2-3 pages of key information (means and location of evacuation, concentration and assembly areas) along with updated staff lists and information on key communications to maintain in the event of an emergency. In short, each office should go through the security planning process, but the resulting plan should be unique and tailored to the realities of that office.
So who should prepare the security plan?
In many offices, a security specialist (field security officer or field safety adviser) takes the lead in drafting the security plan. However, the plan must be approved by the responsible manager, and the manager must have detailed familiarity with its contents. Ideally, the manager should have direct involvement in the planning and preparation process as well. If you do not have an assigned security specialist working in your office, this does not mean that you do not need a security plan.
In the absence of such specialists, office managers are encouraged to seek assistance from their headquarters, partners in their area and other avenues to undertake the process themselves.
To sum up: not having a security officer is no excuse for not having a security plan.
Is the security plan a “sensitive document”? If so, what, if any of it, should be shared with staff?
Yes the security plan is usually a sensitive document. In some duty stations, your summary of the situation and possible risks may be politically sensitive. In high-crime duty stations, open access to complete staff lists may be perceived as exposing people to targeted crime. In other cases it may be deemed necessary to limit knowledge of security plans or intentions in the event of an emergency.
For these reasons, the complete security plan should generally be kept locked in a secure place. However, it is important that staff members are aware of the basic elements of the plan, and what will be required of them in certain contingencies. For example, they must know how to evacuate the building in the event of a fire, where to assemble, where to concentrate in an evacuation, and who their zone wardens are. Moreover, staff members should have the right to know that there is a plan and, barring exceptional circumstances, to see it and ask questions about it if they desire.
In certain duty stations, where the security plan is relatively concise and there are no special sensitivities, the plan may simply be made available to all. In other duty stations, the best solution may be to condense the information that all staff must know into a brief (1-3 page) document for general distribution. In such instances, staff members should still have the right to view the full plan (but not take a copy for themselves) unless exceptional circumstances prohibit this. In all cases, critical information should be the subject of regular briefings, and ideally, rehearsals.