Looking to the future of integrated Duty of Care for the humanitarian and development sector.

Overview 

Our Managing Director Dan Hooton was invited to be part a panel of the Opening Event in the Duty of Care Pavillon at Aidex Conference in Geneva recently.

It was a great event and very well attended. The panel which included the Executive Director of GISF, the Head of Field Security Services at UNHCR, the Director of Global Safety and Security at Save the Children and Partner at Proelium Law were all engaging and were able to draw from a wealth of experience and knowledge.

Below is taken from Dan’s opening comments during the event;

Duty of Care in the humanitarian context is certainly in the spotlight, given the current events around the world. Just to mention two in particular that are in all of our thoughts, Ukraine and Israel/Gaza, both very different environments, where we have to deliver the mission whilst keeping our people safe and secure at all costs. Our principles to achieve that might be the same, but in each country, how we do that could be extremely different. 

Duty of care has always been challenged by funding issues, and this remains no different today.  It is not just the cost to deliver effective duty of care, be that through attendance on a training course, the purchase of a travel security product, or the employment of a security specialist. Still, it is also the time is takes out of the working day, time away from core delivery, and time otherwise spent on being productive and delivering your mission. But this time must be found, as the costs to organisations if this is not done properly can be huge. 

A body of case law is emerging that will hold Spearfish to account legally if things go wrong, whether that be from your domiciled legal environment, for example, the Health and Safety Executive in the UK using Corporate Manslaughter or a private prosecution from a law firm where they think an employer has been negligent in their care, and there is a case to answer. One such example highlighted one being brought against a German NGO operating in Syria by two former employees. They believe that the security management system and the failings of the crisis response to their kidnap were significant factors in the fact that a, they were detained in the first place, and b, it took 48 days to get them released from a Syrian prison. 

The view would be that the legal framework has not changed dramatically, there is just a higher likelihood of negligence being proven as case law increases. This is also being driven by an increasing focus on the wellbeing of the individual. The funding issue however remains a constant challenge, and this is fuelled by the fact that one organisation’s view on duty of care might differ wildly from another’s. There is little consistency across the industry, a situation that events like today are seeking to address in seminars such as this.

This perspective has been largely informed by international development experience, where we tend to be engaged by programs who are taking part in pre-planned donor-funded activities, but Spearfish are increasingly being drawn into more urgent, humanitarian projects such as first aid and hostile environment training for a fast-moving and dynamic environment such as Ukraine. 

Spearfish is part way through a digitisation process, in other words, we are taking our products from largely person-led delivery, and seeing to what extent they can be delivered as digital products, or as hybrid products to save time and cost for those who may not have the time or funding to prepare as much as they might want to.

Contextualisation & Localisation of your Duty of Care platform 

Digitisation – trying to get the balance between a product that is meaningful and delivers value, versus losing impact by being a remote, non-contact experience.

User requirements – what do people want or need to remain fully engaged and conversant with your duty of care approach?

To start with contextualisation and localisation, we can’t adopt a one size fits all to our DOC, we know that, so we must adapt it to the environment we are operating in. The question is how? Three areas we as a company must consider are:

Activity - We often talk about ‘doing no harm’ when we describe donor-funded activities but what does that really mean? If I visit a community will my presence, there create issues for those people after I have gone? How will the permanent team handle this? Will it create issues for the next traveller in? What if the activity upsets the balance between two communities, or raises the risk for one? These are all questions that need to be worked out. 

Appetite - Sometimes referred to as tolerance, there is a question of how much risk an organisation is willing to bear.  This must be aligned with the individual as sometimes they can be quite different; it is our job to give a clear-eyed view of what is reasonable to take on. Residual risk will be left after mitigation plans have been developed, and again that needs to fit with expectations, both for the organisation and the individual. 

Ability - How to handle the risk, experience versus training. What assumptions are we making about the individual and the organisation’s ability to handle the risk, either due to their training and/or experience. When you dig down into the team composition, are there any weak points, i.e., people who need extra mentoring or support? Is everyone confident and happy, or do they need a little extra time and attention to properly absorb the level of risk they are taking on.

With regards to localisation, our experience is that those living and working in complex environments don’t want to hear from someone in an ops room in London or New York, but they want to speak to and interact with, someone who also lives and works in the same environment. At Spearfish we employ a large proportion of security advisors from our countries of operation. Not only have they lived and breathed the risks they are talking about, but they also have a far better appreciation of how those risks will manifest themselves in the programme or activity they are advising on. In my view, a localised DOC platform is essential to your approach but it must be run along the lines of international best practice, GPR8, etc for it to have meaning when we think back to the legal constraints we are operating within. If you can combine both, then you have a sustainable and effective approach. 

Moving onto Digitisation. At Spearfish, we are currently in the middle of a knowledge transfer partnership with a UK university to digitise our consulting products. What does that mean? 

We are developing a digital interface that connects our security advisors to their clients. This connection, allows those clients to be empowered to make timely decisions and keep safe when carrying out their activities. ​By keeping our advisors at the forefront of the product, we can maintain our value, and not replace ourselves with an algorithm or an analyst sitting in an ops room in London etc.

It allows us to provide pre-mission advice, live environmental updates, display locations of clients and points of interest and provide immediate crisis response when required. Training material and standard operating procedures are also available on your phone, creating a pool of knowledge for both clients and advisors alike.

However, remote support only goes so far, and how does that compare to having a security specialist physically with you on your field mission or missing out on a full 3-day HEAT course, compared to a 1-day Hybrid course supplemented with online learning. The answer is it needs to be a blend, maximizing the advantages of e-learning and constant communication, without sacrificing on-the-ground capability. The higher the risk, the greater physical presence required.  Finally, to finish on user requirements, and by this, the ability and appetite of the beneficiaries of your duty of care system to want to engage with it, and to follow its guidance. As part of our digitisation project, we have set up several focus groups, which have revealed some interesting facts. 

Security Focus Groups

We asked several questions to a group of security managers in various development sector organisations.

First, we asked how you currently go about solving your DOC obligations and your frustrations in this. On risk assessments, fact-checking, cleared accommodation, alerts, check-ins, and medical and mental well-being considerations were all listed. Frustrations included being presented with multiple sources with differing advice or risk levels, information overload (particularly with alerts), and lack of local sources to be able to cross-check the facts. 

A consensus formed around having an operational DOC model that was easy to use, with continuity and resilience built into it and that was easily accessible to all the users. This was described as the gold standard. Current issues revolved around not being able to get people onto platforms, either due to poor connectivity or ignorance of the user base of how to use it.

Conclusion

On policy, one item that came up time and again was that security only "owns" a portion of DOC, so ensuring buy-in from the other "owners" remains a challenge. In other words, the security team might write the policy but then had no teeth in terms of operationalising those policies. That was done by other parts of the organisation, who might have different priorities or different views on how to do this.

In all the above, there are a multitude of user requirements that need to be satisfied if you are to have any chance of success of rolling out your DOC platform. 

 To conclude, the three key areas to take away from this blog are;

Contextualisation – how we move away from a one-size fits all approach, and use factors such as activity, appetite, and ability to contextualise and localise your approach.

Digitisation – how much do we put online and into an app or your phone versus the value of physical presence either during a training course or with an advisor on your team, and how higher risk levels might inform this?

User Requirements – if you don’t consider people's ability to be able to understand, access, and operate your platform, you might have the best DOC system in the world, but it won’t get used by those who need it.

Thank you for taking the time to read our blog, if you would like more information on the services and training offered by Spearfish Security, please visit our website at https://www.spear-fish.com/