Strategise detail 05

3.5 Assessing Organisational Security

As an organisation, its likely that you already have some security measures in place. At the same time you probably feel if there is room for improvement – there usually is! Knowing where to start may seem overwhelming so it’s a good idea to carry out an assessment to get a realistic overview of your existing organisational security first.

There are key people we should include in this process. These may differ from organisation to organisation and it might be helpful to include external advisers to help guide the process too. For example:

  • Internal - Board of directors, executive directors, management and senior staff, regular staff and volunteers

  • External - Donors, external consultants and trainers

Involving each of these actors has advantages and disadvantages1 and it is important that the process is carried out in an inclusive, participative, transparent and non-judgemental manner. Formal hierarchies within organisations need to remain sensitive to the needs of their programme and 'field' staff or volunteers who may face greater risk in their day to day work. Staff and volunteers should also respect the fact that management face a difficult task in standardising an approach to security.

Criteria for assessment

We can begin by looking at some concrete issues and indicators to help assess how security protocols are observed by staff. Consider the following points:2

  • Acquired security experience: Do staff have experience of implementing security practices? Is this experience spread evenly across staff, or concentrated among a few individuals?

  • Attitudes and awareness: Are people aware of the importance of security and protection? Are their attitudes towards it positive and open to making improvements? What barriers do they perceive? Are attitudes and awareness regarding digital security, physical security and psycho-social well-being shared across the organisation?

  • Skills, knowledge and training: Resources, time and space need to be made available for training (either formal or informal). Is such training available to members of the organisation? Does this include training on psycho-social well-being and digital security?

  • Security planning: To what extent is security planning integrated into our work? How often are context analyses carried out and security plans created? Are plans updated regularly, and do they include digital device management and stress management?

  • Assignment of responsibilities: Is there a clear division of responsibilities for implementation of our security practices? To what extent are these responsibilities observed, and what are the potential blockages?

  • Ownership and compliance: How are people involved in the organisational security planning, and to what extent do they observe the plans that exist? What are the problems which arise here, and how can they be overcome? How can the process be made more participative?

  • Response to indicators and incidents: How often are security indicators shared? How often are they analysed and subsequently acted upon if necessary?

  • Regular evaluation: How often are security strategies and plans updated? Is there a concrete process in place for this, or is it ad-hoc? How can it be made more regular? What other problems exist and how can they be overcome?

Try completing the below exercise with your organisation to explore the extent to which security plans are observed and to lean what barriers people identify in cases of poor implementation.

Exercise: Assessment of Organisational Security Performance

When assessing our current situation we're likely to come up against areas which need improvement. These should provide the basis for updating and expanding our security plans and agreements. This process should:

  • have a clear objective in terms of new best practices to be implemented

  • include a time-line, indicating who needs to be involved, when and what is expected of them

  • clearly stipulate the resources needed for each improvement to be made.

In order for improvements to take place, we must make sure that staff and volunteers are granted time to undergo any required training or other capacity building necessary.

Overcoming resistance to security planning3

When introducing new security protocols, we may be confronted with resistance from management, staff, or volunteers. Remember that security is a deeply personal concept and people may have personal reasons for resisting certain protocols. New measures can require having to learn new skills which can be challenging and poor handling of power dynamics and hierarchies can pay a role too.

Take a look at this chart to learn about common resistance stereotypes, the underlying causes and possible responses to help overcome resistance in your group, organisation or community, or download the full-length chapter for a detailed look as overcoming resistance.

When dealing with resistance to security planning, it's always important to create a safe space in which individuals can comfortably voice their concerns around any new policies or operational changes. Check back to Section I | Prepare to read more about creating safe spaces.

Now read on to learn about improving the positive impact of your security measures and reducing possible negative impact with the Do-No-Harm approach.


1)  For more detail on this see Chapter 1.3 “Managing organisational shift towards an improved security policy” in the New Protection Manual for Human Rights Defenders (2009) Protection International.

2)  Based on Chapter 2.1 “Assessing organisational security performance: the security wheel” in the New Protection Manual for Human Rights Defenders (2009) Protection international.

3)  Based on material from Chapter 2.3, New Protection Manual for Human Rights Defenders (2009) Protection International, p.153.