What is inclusive security risk management?
In a TEDx talk, security expert Kelsey Hoppe shared some insight into the concept of safety. In her words,
“Let’s stop asking, ‘Where is safe?’. Because safe isn’t a place. Safe is where we are and who we are.”
Recent research by the European Interagency Security Forum (EISF) has similarly found that an aid worker’s security is influenced by who they are, where they are, and their role and organisation. Unfortunately, the research has also found that many aid organisations do not consider diversity in staff profiles in their security risk management systems.
There are, nonetheless, examples of good practice within the public, private and third sectors that address diversity in risk. EISF’s new research paper "Managing the Security of Aid Workers with Diverse Profiles" has used these examples to introduce the concept of ‘inclusive security risk management’.
Inclusive security risk management means taking an organisation’s existing security risk management framework and applying a diversity lens to key processes. The aim of this inclusive approach is to balance an organisation’s duty of care responsibilities with its employees’ rights to privacy, equality and non-discrimination, in line with key actions and responsibilities highlighted under Commitment 8 of the Core Humanitarian Standard.
What does inclusive security risk management look like?
EISF has developed the following diagram to illustrate the crucial elements of an inclusive security risk management framework, including key recommendations for each process.
For a detailed explanation of each element of the inclusive security risk management framework, please see EISF’s full research paper.
Many of the recommendations and learnings from the research indicate that education and culture are central to ensuring that staff with minority profiles - such as those who identify as LGBTQI or with a disability - have their security concerns addressed appropriately. Therefore, two of the most important elements of the framework are policy and training.
Only 13% of survey respondents who contributed to EISF’s research paper agreed that their organisation makes explicit reference to diversity in staff profiles in their security policy. When security policies did include some reference, then this tended to be limited to gender and ethnicity.
The research, nonetheless, did find examples of good practice where diversity was referenced in organisational policies. One policy example explicitly says that the organisation strives for equality in its security approach. The policy states that individuals will be informed of the specific risks they may face and be advised on how they can minimise these, but staff will not be subjected to any discriminatory restrictions. However, in given circumstances, the organisation may need to take additional security measures.
A simple way to ensure that policies reflect the concerns and needs of a wide range of staff identities is to consult minority profiles during the development of each policy.
The security policy should guide managers in making decisions that reflect organisational policy towards diverse profiles, including adhering to privacy, equality and non-discrimination obligations. Essential to inclusive security risk management is having a security policy that echoes and reinforces the organisation's equality, diversity and inclusion policy.
To support inclusive security risk management, there are two types of training organisations should provide to their staff:
- Inclusive security training; and
- Diversity training for decision-makers.
Inclusive security training
Organisations should ensure that the security training they provide to staff caters to different types of profiles. Which profiles to cover can be informed by the equality and diversity monitoring that takes place at recruitment. This inclusive security training should provide generic guidance that considers a diverse range of profiles. Trainers should not target any participants, and should also avoid assigning vulnerability to specific groups, e.g., women, LGBTQI staff, etc.
One example from the research was from an organisation that provides information about the laws and lived experiences of being LGBTQI to their volunteers before their deployment. In one instance, this helped one gay volunteer decide that he preferred to be placed elsewhere.
By providing aid workers with security information that is relevant to them, aid organisations are empowering their staff to make more informed security decisions.
Security focal points, human resources teams and managers should be formally trained on how equality, privacy, and anti-discrimination legislation interact with duty of care obligations. These decision-makers should be offered a safe space to voice their concerns around security, diversity, and discrimination. It is likely that these discussions will reveal unconscious biases. Staff should be encouraged to reflect on these biases and use the training to try to overcome any discomfort they may feel about engaging in conversations with colleagues around diversity and security.
By implementing an inclusive security risk management framework, aid organisations are acknowledging and celebrating the diversity of their staff.
‘Safe’ is not just about where an aid worker is, but also about who they are. Employers who understand how diversity can impact security risk and put in place measures to address this are strengthening their commitments to equality, diversity, inclusion, and duty of care towards their staff.