Beyond the tick-box: developing a person-centred approach to Security Risk Management
Security Risk Management (SRM) is first and foremost about the protection of individuals, but it is sometimes at risk of losing this focus and becoming over-procedural. In too many instances, SRM is perceived as an administrative burden, limiting – rather than enabling – staff actions. To be truly effective, SRM should be thought, communicated and implemented in a way that is person-centred. This blog presents what makes a person-centred approach to SRM, deconstructing its rationale, challenges and looking at ways to move forward with it.
While the label itself may be relatively new to the security sector, the rationale and arguments underlying the person-centred approach (PCA) are not revolutionary. Conveniently, the term ‘PCA’ is rather self-explanatory – it refers to SRM practices that place the person at the centre. If this definition seems basic, in reality, it encompasses difficult concepts that have blurred boundaries and can carry complex practical implications.
A PCA is particularly sensitive to the human side of both risk and security. It takes into account how and why individuals choose to comply – or not – with mitigation measures, and how human biases, as well as behavioural differences, affect SRM. By its very nature, a PCA is attentive to the diverse profiles of aid workers, and consequently to the different vulnerabilities and threats they cope with.
Much like putting on a new pair of glasses, adopting this approach changes the way we think about and do SRM.
The first step is to think about who we do security for. As a reflective tool, focusing on the person, a PCA pushes security focal points (SFPs) to question the adaptability of their security measures to the diverse profiles that make up their organisation’s workforce – would this strategy similarly protect a man of colour, a local aid worker, and a 22-year old junior staff member? Does the standard briefing upon arrival provide enough information for a person who is HIV positive, identifies as LGBTQ or suffers from PTSD to take care of themselves? There is only so far one can go and so many questions that one can find answers for on their own.
Recognising that everyone sees the world through their own ‘pair of glasses’, how do we ensure that security plans are inclusive and protective of not only one or two types of aid worker, but many? Including different voices requires the creation of a safe space for them to safely and confidently express their opinions. For staff members to feel comfortable voicing their concerns and disclosing personal vulnerability, they must trust their security focal points. This is all the more relevant when we know that certain profiles are more concerned about internal than external threats.
Given the sensitive and intimate character of the topics involved (assault, harassment, trauma…), implementing a person-centred approach requires SFPs to champion a culture of confidentiality and trust. Privacy concerns and personal fears about the impact on their careers or personal lives can make reporting incidents difficult. This process should be facilitated by ensuring that SFPs have a human face within the organisation, are known for being open and approachable and for providing reliable support. Diversifying the channels through which concerns can be expressed also optimises the likelihood of staff reporting their concerns, which allows SFPs to pre-empt risks before they manifest.
SRM takes place within an organisation, and whilst organisations can sometimes be seen as their own microcosms, they are also contingent on the broader context. Ultimately, a person-centred approach realises the interdependent nature of SRM. The behaviour of a few can easily compromise the security of an entire operation, through either reputational or direct, material implications. This interdependency exemplifies the necessity of making all staff aware of their responsibilities and their role in the security of others. SRM cannot succeed if is only implemented from the top-down by SFPs – it also requires collaboration between departments, to ensure that the relevant information about staff is shared with the appropriate parties. All too often, important information is held by HR or security, which, due to cultures of secrecy, is withheld from the other party – potentially impeding appropriate risk management measures. Rather than secrecy, a sustainable SRM demands organisational change and the development of a positive security culture that enables safe information sharing. To facilitate understanding and conversation between HR and Security, EISF created a list of 13 security tips across the employee cycle, which show how security comes into play throughout the key stages of employment.
For these changes to happen, people must care about security. For staff to fully realise the roles they have to play, SRM must be communicated in a clever and tailored way, taking into account ‘human’ realities. This means understanding staff’s daily lives (heavy workloads, stress, attention gaps…), being sensitive to their varying experiences, and exploiting windows of opportunity to communicate messages at the right time. For instance, a standard 2 hour-long online training may not be the most effective way for staff to learn about safeguarding or abduction. From senior leadership to compound guards, security must adapt its communication when supporting and training diverse bodies of staff.
Challenges and ways to move forward
It should come as no surprise that implementing a fully person-centred approach to SRM can be challenging – especially in terms of cost, time, and expertise. It is vital to assess these challenges and to recognise the limits of your organisation, to devise practical measures rather than unrealistic goals. In cases of rapid deployment, it is difficult enough to realise timely security plans without adding the requirement of well-researched, personalised briefings. In this case, such a step may well be unworkable for any aid organisation. This begs another question – how personalised can and should a person-centred approach to SRM be? Where is the best place to start and where should it end? What is the limit between the well-being and the security of your employees?
There is no one answer to these questions. Ultimately, each organisation has a principled decision to make about the type of environment they want to offer to their workforce, and the investments they are ready to have in support of diversity and inclusion. A strong commitment to allow for diversity will translate in creative solutions to overcome challenges to its implementation. Within their structure, capacities and limits, each organisation will develop different systems. Sharing good practices and tools is a great way to build on existing knowledge and to hasten the pace of change within the sector. For instance, investing in key moments such as induction and recruitment is essential to build trust with new staff, spot safety and security concerns, and clarify reporting channels.
Developing a person-centred approach means not turning a blind eye to the demographics of the organisation’s workforce, but rather remembering that security relies on the behaviour of individuals. SRM is not about treating all staff the same – it is about treating all staff equally.