Climbing back down: the challenge of reducing security levels
Many organisations use a security level system which grades environments on a scale - 1 to 5 or green to black. This type of system is not without its difficulties especially when it comes to reducing security levels. Our CEO, Kelsey Hoppe, discusses this in an article for the Humanitarian Practice Network. Read more here.
Using a security level system
Many humanitarian INGOs work in high-risk environments, requiring them to continually assess the context and then either accept the risks or adopt mitigation measures. To help them do this, INGOs have adopted a security management tool – usually referred to as a security level system – to help security managers understand the security situation, and what they should do in response to it.
Using security level systems typically involves measuring the situation against levels of standard indicators, each of which has associated actions or mitigation measures. While systems vary, most have a number or colour attached to each level, with green, or 1, being low risk, and red, or 5, high risk. The system can provide a standardised way of assessing security throughout an organisation, reducing some of the subjectivity and biases that can creep in. For example, it allows new security managers to assess an environment of which they have little experience in the same way as a security manager who has been there for years. Regular assessment of the security context against these pre-determined indicators can reassure a security manager that they are managing threats and mitigation in a way that the organisation deems appropriate. The security level system can also help an organisation to homogenise its indicators across countries.
HQ versus on-the-ground objectives
However, a layer of complexity is added when the security level system attempts to serve several functions. While security managers in the field use the security level system to manage day-to-day security, HQs use a security level system in order to determine R&R and travel allowances and means of travel (road, air), and decide what insurance cover and training is necessary. For example, all high-risk countries require staff to be trained in Hostile Environment Awareness Training (HEAT). However, the security levels used for day-to-day decision-making are not designed to be tallied up and used as the basis for broader judgments, such as whether a location should be a family posting.
The problem with the security level system is that it is a tool shared by two groups with two separate – and not always complementary – sets of needs. Levels are used by one group, HQ staff, to make decisions about insurances and are also used by another group, security managers, to make day-to-day operational decisions. Security managers must contend with the fact that HQ’s priorities usually trump their own, which has resulted in it being quite easy to move the levels up but not so easy to move them down, as this makes sense in terms of insurance. Or, as the trailer for a new movie about climbing Mount Everest reads, “Climbing up is easy. Getting down is the hard part.”
Experiences from the field
Lisa Reilly, the Coordinator of the European Inter-Agency Security Forum, recalls being posted to an area of Southeast Asia where violence was expected following an election. As a field security manager, Reilly wanted to move the security level up for the period of the election in order to manage field-level security, and was permitted to do so. When she then attempted to move it back down she was told that sign-off was necessary from HQ and that it wasn’t a priority. The programme was then forced to operate at an unnecessarily high level of security for several months. Reilly said she really just wanted to use the security level system to manage security on the ground, but it had other implications of which she, as a field manager, wasn’t fully aware.
Chris Williams, the Director of Care’s Security Unit, agreed with this, saying that the ‘initial impediment’ to reducing a security level is that most systems have a defining set of indictors for raising it, with triggers and red lines, whereas this is not the case for lowering the level. Equally, the process of reducing a security level may be complicated, as often a high security level will be accompanied by different allowances. Reducing a security level may therefore affect benefits and have a knock-on impact on staff retention. In some cases, a higher security level will also facilitate a higher level of oversight, which helps Country Offices control and manage entry to their operational areas.
Perceptions and inertia
Leaving levels higher has implications for how a context is perceived. Do we have the walls and barbed wire because threats are present, or because they were expensive to put up in the first place and we can never be fully sure that the threat has gone away? Moving a security level down requires security managers to be finely attuned to things which don’t happen. Improvement is harder to measure than deterioration. For example, in a security level system, indicators to move up a level might include an increase in armed actors on the streets, increased checkpoints or a certain number of armed robberies in an area. However, it is less clear what represents an adequate decrease in these things to justify moving the level down. As Michael O’Neil, the Director of Global Safety and Security at Save the Children, points out, this is complicated because the fact that an incident hasn’t occurred does not mean that the threat isn’t still present.
This can all create inertia in security decision-making related to reducing a security level. Someone has to say that the security situation has improved to the extent that mitigation measures can be reduced. ‘Who is going to take the decision to take the wall down because what if something happens then?’, asks Reilly. ‘No one wants to be the one to say, “we’ll take the barbed wire down”.’
Different ways of approaching security management
In order to help security managers create a more nuanced picture, CARE has developed a system that involves security managers looking at seven ‘risk ratings’, rather than simply relying on a set of indicators which feed into a security level system. These ratings include conflict and terrorism, crime, kidnapping, political and social stability, access, infrastructure and natural hazards. Different elements may be weighted differently depending on the context.
Concern, for some of the reasons mentioned above, doesn’t use a security level system. Concern’s Senior Humanitarian Advisor, Peter Crichton, who oversees the organisation’s security management, felt that too much time within INGOs can be ‘taken up looking at trigger points, and colour codes, and developing what if scenarios that assume security deteriorates or improves in a linear fashion which can be predetermined’. Instead, Concern focuses on training security managers and bringing together a security focal group in each location, to make recommendations about changes in security and mitigation measures, relying heavily on local knowledge and relationships.
Pursuing a nuanced and flexible approach
Even with security levels systems, both Williams and O’Neill also agree that collaboration and discussion were critical in the process, and that the ‘indicators’ for moving levels should not automatically mean a move in levels. Rather, the triggers or indicators being present should trigger assessment and discussion rather than immediate action.
Williams also emphasises that the need for changes in security levels – whether up or down – should be well articulated to all staff in the programme. Non-security staff need to be aware of what high and low risk mean, and the practical implications for their day-to-day work.
Ultimately, security level systems must be practical tools that assist INGOs in delivering programmes in some of the world’s most difficult places, whilst keeping risk to staff within acceptable levels. They must enable those responsible for security to manage the contexts in which they work better. This requires a nuanced and flexible approach. If security level systems are used they need to work in day-to-day management at a field level. This means that security managers need to know how to move them down as well as up. The system should also be understood to be a starting point for discussion and assessment, rather than a calculator into which indicators are put, and out of which actions come. A nuanced approach to analysing movement between levels can make climbing down as easy as climbing up.