Building a Security Focal Point Community of Practice

Blog

December 31, 2018

Building a Security Focal Point Community of Practice

By Mike Blyth

Chief Operating Officer, Risk and Strategic Management, Corp.

Organizational resilience functions vertically within an organization, spanning from the most junior member of the team to the most senior members of the team at the executive level. And it moves horizontally across functions, activities, and geographies. Within the community of risk practitioners resides the field-based Security Focal Point – the person responsible for the tactical and operational day to day management and coordination of actions to control their team’s exposure to security risk. As such, Security Focal Points form their own loose community of practice within an important but often ill-defined and under-supported remit.

The Security Focal Point role is pivotal in identifying and addressing risks to people, facilities, assets, information, operations, and the reputation of not only their activity or location, but also their entire organization. They also impact external stakeholders – be they donors, implementing partners, or host nation counterparts. The knowledge and skill requirements are layered, with a common nucleus of need consistently found across different organizations, activities and operating environments. There’s also variation which reflects the nature of the work being conducted, the influence of internal and external stakeholders, the environments and communities in which work is performed, and the influences of emergent threats which generate unforeseen risk. These threats drive proactive or reactive risk management measures. The Security Focal Point is often working within a continuum of vulnerability and potential disruption that, at one extreme, is characterized by great dynamism where risks can emerge or surge, decline, or disappear with little forewarning. This demands an approach to field security risk management which must be scalable, understanding that no two Security Focal Points are alike, and that risk conditions are inherently fluid.

The qualifications and experience Security Focal Points bring to their role are also wide ranging. Some have prior military, police, or professional security knowledge and skills, while – as is more typically the case – many assume the role as a secondary function, with little to no training or experience. This variation presents a challenge to not only the Security Focal Point whose influence either safeguards or exposes their team to risk, but also to the organization which is in turn affected by disruptive risk events and held accountable for failures to protect people and business interests. The case for a minimum standard of training and capacity building within the aid and development sector’s Security Focal Point and risk management practitioner community is clear and well-recognized. And, in developing an approach to up-skilling these key staff, it must take into account educational and language differences, understanding that people learn through different mediums, and that programs may need to be delivered in the recipient’s native language.

The complexity of the role, even as a secondary function in a relatively benign environment, requires a defined competency framework focused on core areas of commonly-required knowledge and skill. Beyond this core of learning, the ability to self-determine additional areas of learning and development to ensure the approach is sufficiently nuanced and reflects the context the Security Focal Point will be important. The exercise of analyzing what should be regarded as core learning against what would be elective can be an extremely useful and thought-provoking discussion at the organizational level, and particularly where multiple Security Focal Points are working in a diverse range of international environments.

Core areas might include the role and responsibilities of a Security Focal Point, leadership techniques within emergency management, risk analysis and critical event planning, emergency communications and travel risk management. Supportive areas of learning might include:

  • Pre-planned responses and reporting,
  • family liaison during a crisis
  • stakeholder engagement and management
  • facility safety and security
  • hibernation
  • relocation and evacuations
  • bomb threats
  • civil disorder
  • event security risk management
  • selecting hotels and guesthouses
  • planning for and responding to natural disasters
  • fraud
  • corruption and ethical violations investigations
  • medical emergency management including mass casualty incidents
  • guard force management and how to activate their incident management team during an emergency

 

In addition, ethical standards and compliance is becoming increasingly important, and the Security Focal Point must understand the mechanisms by which to monitor and maintain their team’s risk management system.

Training must also be accompanied by exercising to practice and validate not only what was learnt, but also to ensure that standards and practices are reinforced. Training without exercising and testing is likely to fail to build strong understanding and competency at the outset. As such, a supportive program must be developed to enable the Security Focal Point to put their knowledge into action, not only as individuals, but ideally within their local incident management teams as well.

Organizations are also faced with the question of how to implement a Security Focal Point training and capacity building program; including whether to conduct in-person or online training and exercising, and whether the program should be formally recognized through external accrediting bodies to not only enthuse participants, but also to provide it legitimacy and credibility and, in so doing, protect the organization from reputational and litigation risk. Organizations need to determine the advantages and disadvantages of either authoring or influencing the content, determining the cost versus benefit of developing a credible and effective program internally which meets technical content and language needs, and which can withstand external stakeholder scrutiny during legal action. Or, organizations may elect to outsource the research, development, production and potentially translation of the program, drawing on proven and appropriate content which might hold 3rd Party Awarding Body recognition, and which can be personalized sufficiently to make the program resonate within their learner group. Outsourcing also provides the advantage of creating an arms-length liability distance between the organization and the author, without necessarily undermining the value of the program.

Regardless of the approach used, Security Focal Points hold an important position within organizational resilience. They act as the voice and engine for security risk management and emergency response at the activity level, while indirectly influencing the organization’s ability to control risk and to ensure effective business continuity during a crisis. Having an organizational program for Security Focal Points can also present a strong win-theme for business, demonstrating to donors an investment in human capacity, as well as a focused effort to protect their mission and often significant financial contributions. The investment into Security Focal Points is an investment in protecting people, operations, facilities and assets, and the reputational interests of organizations working in remote, challenged and dynamic operating environments.

Learn more about upcoming RSM trainings - new opporunities monthly - here: https://www.rsmconsulting.us/events/

Feel free to contact the author, Mike Blyth, directly with questions, comments, or requests for more information: mike.blyth@rsmconsulting.us

## Comments

Login to join the discussion.