Episode 11: with Christina Wille; director of Insecurity Insight

Today we are joined by Christina Wille, director of Insecurity Insight who has developed the security incident information management (SIM) approach in collaboration with RedR and Global Interagency Security Forum (GISF).  Christina Wille, together with Larissa Fast, has set up the Security in Numbers Database for the Aid in Danger project. The database contains 10s of thousand events of how violence impacted aid operations. It covers violence against aid workers, the health, education and food security sectors, in protection settings, sexual violence in conflict.  Insecurity Insight runs the Security in Numbers Aid in Danger database on violence and threats of violence affecting aid in danger database on violence, threats of violence affecting aid operations. Today we are talking about Security Incident Information Management or SIIM and how aid agencies can use this process to reduce the impact of security incidents on their operations and to meet their duty of care obligations.

For more information on Insecurity Insight’s SIIM click on the links below: 

-The Security Incident Information Management (SIIM) page with handbook, user guide and toolkit:  Insecurity Insight » Security Incident Information Management (SIIM) (EN)

-The SIIM guide for organisations (pdf content) and 10 minutes interactive mobile guide.  Link to the pdf:  https://bit.ly/3lgjhLD

-The SIIM guide for staff (pdf content) and 10 minutes interactive mobile guide. Link to the pdf: https://bit.ly/3kEeYd4

-Sign up to Insecurity Insight mailing list to receive SIIM related news: Insecurity Insight. Aid in Danger (list-manage.com)

Transcript: 

Today, we’re talking about security, incident information management, or SIIM, and how agencies can use this process to reduce the impact of security incidents on their operations, and meet their duty of care obligations to their staff and volunteers. Today, we’re joined by Christina Wille, the director of Insecurity Insight, who’s developed the security incident information management approach in collaboration with radar, and the global interagency Security Forum. Insecurity Insight runs the security in numbers, aid in danger database on violence, threats of violence affecting aid operations. Thanks for joining us today, Christina.  

Insecurity Insight Logo 

 
The security incident information management approach has been very positively received by field practitioners around the world. And most of our listeners will know that security incident Information Management involves collecting, recording, analyzing and using information to maintain staff security and access necessary areas of operation. Can you break that down into more detail for our listeners today? 

 
Well, security, incident information management, you can think about it in various ways you can think about it as a wheel and activity you do again and again. And every time as you go around, you get better at it. And you get better at various aspects around your security risk management. But you can also think of it as a roadmap of very specific activities, and that an organization wants to do, which is responding to an incident. It’s recording it within systems. It’s learning from it. And it’s taking the insights from it to use it at strategic level for the right decision making. So it’s quite a complex process that affects various different aspects of operations management.  

 
And there are so many reasons why SIIM security incident information management is important for profit, but also not for profit organizations. Can you tell our listeners about the origins of this initiative?  

 
So many policies aspects of eight operations, it was actually a terrible tragedy that got people to start thinking about recording incidents. It was in 2004, when Margaret Hassan, an aid worker who’d lived for a long time in Iraq, was kidnapped, and then really brutally murdered. And she had everything that people thought a good aid worker should have, and that would make an aid worker safe in such an environment. And it was a shock to the system, that this actually wasn’t the case.  

 
Yeah, Margaret was speaking a local language. if my memory serves me correctly, she was married to an Iraqi gentlemen. She seems outwardly to be doing everything right. When it comes to some of the systems and some of the advice. We often talk about the security triangle about acceptance, protection, deterrence, and these are widely held as the be all and end all of security management, certainly within the not for profit sector. And Margaret had achieved acceptance, multiple social and cultural levels. Do you think today we have better insight and monitoring in place that could have perhaps avoided this terrible event?  

 
I think to some extent, issue was really as you say that Margaret had all the acceptant policies in place and I think everyone sort of thought that because with everything she did and how she was she just communicated that she was politically neutral and not involved in the conflict in any particular way that she would not be touched by the security or the insecurity around her. And I think a lot of Iraqis felt the same. So you saw demonstrations of people asking for her release, or you found that someone who should work for saying they’ve got the wrong person. So I think at that time, there was a very, very strong sense that if you did it right, if you had the right acceptance approaches, you said, you were safe. And that was completely disbelief was shaken by what had happened to her. And that’s when the sort of security incident thinking about it, the management around it really started. So are we better at it today? Well, it’s difficult because I think what the tragic death of Margaret Hassan really did was that NGOs started to think differently about their security risks, and looking at specific incidents, and analyzing them was definitely something that many organizations started to do.  

 
I had a conversation just last week with a government department that wants to be running pre-deployment training for their staff, before they deploy them all over the world. And they work with other government agencies in Africa, the Middle East, and Asia. And they were asking me about how to prepare their stuff, what sort of training should be included, and one of the things I said to them is, you shouldn’t be looking at just to show a straight off the shelf heat course a hostile environment and awareness training course or pre deployment short course, that’s just packaged and given the same because every organization has a different risk profile, or exploration company versus a government agency versus a not for profit organization versus a secular versus a Christian or religious based organization. Those organizations have different risk profiles. But then even the employees on the training, we’ll have different risk profiles, males, females, people with medical conditions, people with different sexual preferences, people with a whole bunch of different perceptions about what is safe, and what is what their risk appetites are. And these courses, these trainings need to consider all the different issues, SIIM security incident information management, how does it work in practice?  

 
It is a two-way process. And I think this is also what I would say to someone who wants to run a course, because I think that’s the key thing to think about. There is on the one hand, the responsibilities of an organization. And if we’re the security incident information management, in practical terms, it means you have to know who the person is, who will pick up the phone and respond to an incident. If someone calls and says this has happened, and this person clearly has to be trained and needs to know what to do, then you need the staff who knows how to do a good debriefing after an incident, it’s very important not to assign blame, and to have these discussions in an atmosphere where people can actually critically and in a trusted way, discuss what has happened and where the right support is also given to staff. And then you need the people who are able to think in a sort of analytical and structural way about incidents and have databases and code them and classify them and then start to identify trends within them that would help to work out well. You know, we’re running these sort of programs, and that seems to make vulnerable in this particular area or whatever trends you can see in there. And then it’s also a question of collaborating with other organizations to sharing the insight and finding ways of spreading the word from the inside within the organization that at every level, people can take this into account, whether it is budgeting, human resources, forecasting, strategic planning, then it’s fed in there and then at the same time, the information is also taken again at the moment of induction of new staff. So pre-post posting or travel briefings to say this is what we know happens. And that’s what we know you can do to mitigate events. So yes, in practical terms, from an organizational perspective, it happens at many levels. And you probably want many different skills involved.  

 
Having a tool that encourages trust within an organization is certainly a tool that everyone should be jumping on board. After an incident, people are often so relieved that the incident has been resolved, and they’re so keen to get back to their usual work that’s been building up that often the debrief is forgotten. And for those that do remember that a debrief should be done, they’re often afraid of conducting a debrief. How do you think organizations should critically review an incident, review the available information, and then take these learnings forward so that they can do something constructive with them? 

I think this is absolutely essential because you really want to debrief in a way that the individuals who were present at an incident and I think we also need to remember there may be someone who was a direct victim of a threat or violence and there may be others who were just in quotation mark the witnesses to it. So there may be many people who’ve experienced the incident from different perspectives, and a good debrief would talk to all and understand what they’ve seen how they experienced it, and helping staff to come to terms with what it happened. That’s the one element of it. But the other is really understanding what were the factors that contributed to this happening in the first place. And also, what were the factors that perhaps mitigated and meant that it didn’t become the terrible tragedy, it could have been, but we just got away with a sudden incident, but it could have been much worse. And that’s sort of really, really important learning to know what it is you should be doing in such a situation and learning from colleagues of how you defuse a confrontation or what you can do in quick thinking and contacting someone. And it’s really important to pass this on to the future staff because we all know that staff turnover in the aid industry is very fast. So the learning needs to be passed on as well. We can’t just assume that the same people will be confronted with the same situation again.