Enabling the delivery of humanitarian and development assistance.

Institutionalizing the security function

I am interested in learning how your organizations institutionalized the security function at your organization.  I tend to get a lot of push back when it comes to the implementation of polices/procedures and mandates. Any comments or thoughts would be appreciated.

Views: 160


You need to be a member of INSSA to add comments!


Comment by Daniel Hardy on April 25, 2012 at 1:51am

I had the benefit in DRC of working on the revised safety policy (we include safety, security, health and wellness under the same rubric), which was then presented to all CDs at the annual meeting.  It is contained in the Operations Handbook that covers all manner of support services.  We then started rolling it out from the top down.  A key point is having some way of measuring compliance and performance, which we do through MOSS audits.  We've put together an excel sheet that calculated compliance % based on yes/no answers.  This allows us to monitor what should be incremental progress towards full compliance.  At the same time, I worked with an IT guru to roll out an online dashboard to provide a summary by location of the safety level, staffing, programmes and MOSS compliance (http://sls.drc.dk).

I've tried to build a more organic system that empowers programme staff a managers, but I've found that in high risk locations this is not enough - dedicated people are needed because of the increased workload. 

Finally, the core principle guiding the policy is duty of care, both legal and moral aspects, similar to what Shannon was referring to above.

Comment by Rafael on March 12, 2012 at 2:44pm

In our case we understood from the beginning that it's going to be a long and bumpy ride. By the end of the day, we are talking about changing culture and it can't be done by imposing authority. Also, it has to start from very top - the CEO, COO, SMT. Our team was succesful, I belive, but we were able to see first recognizable fruits of our activities only after the first year. Surprisingly, it's easier to deal with new people joining the organisation (who take it here new rules ot learn) versus 'old' staff, who often will resist any change. Happy to discuss our experience over the phone. Good luck and patience - it takes a lot of time, very strong leadership, commitment to the couse and efforts to change organisatoional culture.


A few personal thoughts.

Comment by Shannon Fariel-Mureithi on March 5, 2012 at 12:28am

Hi Jack, 

I'm currently in the process of revising our security strategy.  One thing I did in my proposal to the top 4 is to present minimum security standards as US legal requirements and international practices; thereby aligning our organization to international standards.  Both of these reasons have triggered the attention of the executives.  My second strategy for their consideration is minimum plus other practices which I developed based on an organizational assessment I did, our operations, and our strategic direction.  Then I gave the 2 strategies to the executives for their pick.  Either way - I have minimum standards in there which will be selected and supported from the top and mandated throughout the entire org.  

Comment by Nick Archer on February 25, 2012 at 8:35pm

Jack, another way to look at this is to pose the question to management this way: "what is, or could be, the cost to the organization of not institutionalizing adequate security policies and procedures".  I don't like to scare people into security, but it is another way of presenting the picture.




Nick Archer

Comment by Jack Blanchette on February 13, 2012 at 1:15pm

Thanks Shawn, this is a great help,

Comment by Shawn Bardwell on February 6, 2012 at 2:07pm


one of the things that we have focused on has been to explain how security is part of the process of providing assistance.  Stressing that the Safety and Security Unit is working under the same mission and mandate - we enable programming is our mantra.  Here are some specific approaches we have used:

  1. Security get's people in the field to do the organization's work; we have gone to great lengths in our Saftey and Security Unit to demonstrate that - draw attention to successes
  2. Get involved in the programming aspect, know the programs inside and out and how important their implementation is to the organization.  All too often I find that security professionals invest little in understanding the programs - if you say you are enabling, you must know what it is that you are enabling, speak programming language.
  3. Get security staff involved in all aspects of the organization, don't just focus on "your element" - if you are involved you are developing relationships, you're at the table and harder to overlook as an essential part of getting the work done.
  4. We arrpoach security from a perspective that all are charged with the responsibility of addressing operational security.  While that is easy to say, it is much harder to "live"!  Talk with people (everyone) get thier views, get them invested in the process and the outcomes!  Avoid the all-too-easy-to-fall-into trap of always telling people they can't - discuss, come to conclusions and even point out places that you can expand operations.


However you approach it, it takes time to shift attitudes.


A few personal thoughts.







Strategic Alliances

© 2018   Created by INSSA Online.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service