This action might not be possible to undo. Are you sure you want to continue?
. Page 2 Gallery Walk Results: Components of Security Management ……………. Page 4 Security Management Best Practices, Lessons Learned and Resources ……………. Page 8 Appendix A: Appendix B: Workshop agenda Facilitator contact information
Security Policy Statement Exercise
Team Alpha The Alpha organization is committed to the safety and security of our staff worldwide by mitigating risk, through our security framework policy and procedures that provide staff safety and security training that emphasizes both individual and organizational responsibility which in turn will foster the success of the organization’s mission.
Team Bravo Bravo is committed to the safety and security of our workers around the world. We all must recognize that risk is inherent in the work we undertake, and that all of us must accept individual responsibility for our own security. Individual responsibility includes abiding by company travel and security policies. Bravo will endeavor to maintain appropriate security policies and systems in place, in support of the efforts of the individual. Together we can reduce/mitigate security risks and support Bravo’s vital mission around the world.
Team Charlie Charlie’s Kids in carrying out its mission of XXXXX is committed to the safety and security of staff and volunteers as they carry out our work worldwide. Recognizing the risks in the locations where we work and travel, Charlie’s Kids will provide the resources to support our staff as we jointly mitigate the risks inherent in our work.
Team Delta Delta Inc. operates in complex and insecure environments to provide humanitarian aid. We are committed to building a partnership with our staff to enhance their safety and well-being and mitigate risk. It is the responsibility of each individual to understand and comply with Delta Inc.’s security policies and procedures for the individual’s safety and that of the organization as a whole.
Team Echo Echo staff face many risks working in challenging and difficult locations around the world. We recognize that safety and security is the responsibility of all staff – at both the individual and organizational levels. As individuals and as an employer we must strive at all times to mitigate and manage these risks so that none of our staff are exposed to unacceptable levels of risk, and to take all reasonable steps including training and clear policies and procedures.
Team Foxtrot Foxtrot International is committed to the safety and security of all employees. We acknowledge that there is risk inherent in our business and business locations. Security is a collaborative effort between employees and Foxtrot International. Foxtrot International is responsible for providing the resources and tools for the ongoing monitoring of security situations, crisis response and mitigation. Staff are empowered to develop relationships with the local communities as part of our risk mitigation plan. Staff are also expected to actively utilize the security resources and tools provided by Foxtrot International.
Gallery Walk Results: Components of Security Management
1. Information Gathering, Analysis and Dissemination Team Delta Issue #1: Crisis Management Team Statement: Identify Components of the Crisis Management Team including personnel; information; operations; logistics; internal communications; public affairs Strategy: Staff training for roles establish chain of command and alternate create a communications and public affairs plan access to financial materials and other resources access to all vendor information access to security information and sources drills Issue #2: Crisis Briefings Statement: Address information in the pre incident/crisis phase, the crisis phase and post-crisis phase. This is includes risk assessments; pre-travel briefings; pre travel medical information resources; access to specific country security information; emergency evacuation insurance; compile voluntary personal data (while complying with HIPAA). Strategy: Identify/orient security staff develop a check list of briefing topics staff compliance verification process regular security protocol orientation/training for staff regular updates to all related materials review insurance policies provide awareness of benefits to staff. 2. Personnel & Training Team Echo (STRAP) Staff Training Responsibility Accountability Policies and Procedures Issue #1: Personnel Statement: ECHO will implement hiring policies and personnel procedures to prepare staff to cope with the security issues at their posts of assignment, support them during service, and address post assignment issues and will incorporate accountability for security into their management systems at the field and HQ levels. Strategy: identify what policies need to be written write and distribute these policies incorporate feedback into creation of policies have staff sign on to policies HR staff will be trained in implementing policies policies will undergo review routinely to ensure they stay current audits will be conducted to ensure policies are being adhered to (incorporate) implement a security accountability assessment in annual employee reviews. 4
Issue #2: Training Statement: ECHO will have policies addressing the key security issues and formal plans at the field and HQ levels and will provide training resources to meet these standards. Strategy: determine training needs prioritize training determine financial resources needed coordinate training track participation follow up/monitor and evaluate updates and reviews as needed implement training ‘refresher’ requirements.
3. Facilities Team Foxtrot Issue #1: Business Continuity Statement: Following a disruption, Foxtrot seeks to have essential operations up and running with 48 hours, if possible. Strategy: I. Mitigation stage have a crisis management team (CMT) in place and identify essential staff; have up to date evacuation plans and phone trees; maintain backup data on an offsite and accessible server; have normal operating location stocked with food, water, first aid kits; have an alternate location ready and stocked. II. Crisis event stage activate CMT; access public services as appropriate; access information resources. III. Recovery stage CMT evaluates damage; activate phone tree; essential staff go to alternate location; inform all staff of next steps; access data/information services. Issue #2: Access Control Statement: Foxtrot will mitigate risk by controlling access to facilities, personnel and information. Strategy: I. Facility access (at minimum) controlled entrances and exits; exterior lighting; above standard door locks; controlled landscaping (e.g. prevent tree growth over building) and a location with set-back. II. Personnel and visitor access (at minimum) sign in with an ID check upon entry to the facility; an enforcement policy will be devised for compliance. III. Information access (at minimum) login and passwords for every work station; data will be secured offsite; critical files will be protected (for those with a ‘need to know’ only). 4. Communication Systems Team Alpha Issue #1: Communications plan
Objective and Strategy: Utilize fully redundant communication methods and equipment. Issue # 2: Warden system Objective and Strategy: Implement a rehearsed warden system. A warden system is a pyramidal contact system that provides a reliable way to reach employees in the event of an emergency, disaster or threat. 5. Travel and Transportation Team Bravo Mission Statement: Bravo will have pre-departure and in-country policies in place to mitigate security risks associated with travel. We will follow a collaborative process to develop corporate and in-country policies, which will include reviewing current field practices, and accessing resources such as the Overseas Security Advisory Council for best practice information. Our policies will be reviewed and updated on a regular basis. Issue #1: Pre-departure o Visa o Immunization o Embassy registration o Med evac and health insurance cards o Emergency contacts o Liability waivers, if appropriate o Submission of flight itinerary (and journey plan if applicable) o Paper copy of hotel and important arrival information (including airport pick-up) o Filing of digital image of passport o Updated emergency contact and dissemination info with HR o Informed of information resources related to destination o Travel policies and procedures supplied to employee, including security training materials/session if applicable [Care Intl has a safety and security handbook available online]. Inclusive of seat belt policy o Pre-departure review and sign-off with HR Issue #2: In-country o “Journey plan” submission o Daylight travel policy o Armed guard/armor policy o Emergency supplies in boats/vehicles policy o Driver & vehicle policy Driver advanced training Acceptable travel means o In-country approved carriers (via Embassy/OSAC) 6. Other Team Charlie 6
Issue #1: Insurance Objective: To adequately protect staff and organization by transferring risk. Strategy: identify risks identify available products, vendors gain consent from management assess organization’s tolerance for risk get bids and proposals present proposal to key decision-makers get approval. Implementation: Work with a broker to implement insurance (write policies, make necessary decisions) work with staff to develop organizational procedures annual review of policies. Issue #2: Emergency evacuation plan/relocation Objective: When possible, remove staff from imminent danger. Strategy and Implementation: identify target population (i.e., expat, local nationals, TCNs) identify resources identify trigger for evacuation/relocation is evacuation mandatory? who decides on evacuation (crisis management team, CEO, etc)? identify options for staff by population type choose vendors plan out resources (e.g. safe house) roll out plan to staff training drills.
Security Management Best Practices, Lessons Learned & Resources
What are some of the best practices for developing a security management plan? • • • • • • • Leadership buy-in and support are keys to success. Assess risks & vulnerabilities for your organization. Communicate the sense of urgency in developing and implementing security policies and procedures. Conduct due diligence and be aware of your organization’s liability. Prioritize security management implementation—address critical events first. The security in three acts exercise is a useful brainstorming tool. Conduct analysis of your organization’s security incidents and city/country/regional security environments. Utilize outside analysis resources such as OSAC. Stay informed on current research and studies. Be cognizant of organizational envy.
What are some potential obstacles? What are potential solutions and resources? • • Obstacle: Knowing funding availability and limitations are crucial for implementation. What is your budget? Potential solutions and resources: o Organizations are encouraged to adopt the Minimum Operating Security Standards (MOSS) in USAID/OFDA grant guidelines. o What donors might have money available for security? o Some organizations use a one percent security line item in all proposals. o Outside resources include: OSAC (it is free!), most insurance providers offer professional support and some insurance providers offer discounts off of premium costs if an organization has security policies in place. Obstacle: Be aware of varying levels of interest, unenthusiastic attitudes or other concerns, especially among staff and management. How can you address those concerns and achieve buy-in? It can be challenging to enforce policies, especially if your organization operates in a decentralized system. What are some ways policies can work within the organization’s ethics, mission and cultures? Potential solutions and resources: o One option is to adopt a reward and sanction policy. o If your management has bought-in to the policies and expresses the importance of the policies to all staff, then compliance is more likely throughout the organization. o In addition to top down accountability, also utilize adult learning and behavioral change strategies. o The financial system is an excellent model for compliance (example: travel tracking). o It is helpful to frame security policies and procedures in an enabling manner, versus rules that limit programs etc. Obstacle: Implementing a security management system takes a significant amount of time. Who and what can help you? Potential solutions and resources: 8
o There is no need to re-invent the wheel, there are many templates available (and are included on the resource website for the workshop). Further, several organizations are willing to share their versions of emergency plans etc. as long as the organization is credited appropriately. o Organizations have access to many open resources. Some of them are hyperlinked below: OSAC www.osac.gov InterAction www.interaction.org Safer Access www.saferaccess.org ReliefWeb www.reliefweb.int IRIN www.irinnews.org
Appendix A: Agenda
October 3, 2008 Introductory Security Management Workshop for Humanitarian & Faith-based Organizations held at Save the Children in Washington D.C. Agenda: 8:30am- 9am 9am -9:30am 9:30am - 10:30am 10:30-11 11-Noon Noon-1pm 1pm- 2:30pm 2:30pm- 3pm 3pm-3:15pm 3:15pm – 4pm 4:15pm – 4:45pm Arrival and Registration at Save the Children Breakfast sponsored by Clements International Introductions and Overview of the Day • Josh Kearns, InterAction & Lauren D’Amore, OSAC Exercise: Security Management in Three Acts • Facilitator: Mike O’Neill, Save the Children Exercise: Developing Security Policy Statements • Facilitator: Mike O’Neill, Save the Children Exercise: Gallery Walk • Facilitator: Tina Wesbrock, IRD Lunch sponsored by Clements International Exercise: Gallery Walk Assumptions & Implementation • Facilitator: Josh Kearns, InterAction Group Reports on Gallery Walk Break Security Management Best Practices • Facilitator: Terry Wesbrock, IRD Overview of Resources Available to Organizations • Josh Kearns, InterAction; Lauren D’Amore, OSAC & Yan Bui, Clements International What are the Next Steps? • Facilitator: Mike O’Neill, Save the Children
4:45pm – 5pm
Appendix B: Facilitator Contact Information
Yan Bui Account Executive Clements International firstname.lastname@example.org Lauren D’Amore Regional Coordinator OSAC D’AmoreLE@state.gov Josh Kearns Associate Security Coordinator InterAction JKearns@interaction.org Michael O’Neill Senior Director of Security Save the Children MOneill@savechildren.org John Schafer Senior Security Coordinator InterAction JSchafer@interaction.org Terry Wesbrock Security Director IRD email@example.com Tina Wesbrock Security Director IRD firstname.lastname@example.org
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue listening from where you left off, or restart the preview.