Strategic Management of Safety and Security Risks in the Sahel for NGOs

by Oumalha Haidara

As a risk management professional and trainer in a region of Africa unfortunately destabilized by growing insecurity (SAHEL) after the fall of Gaddafi (Libya) in late 2011.

I’ve often found that people confuse the difference between the concepts of threat, risk, vulnerability, safety and security when it comes to risk management. It’s important to know exactly what these concepts mean if you want to do the work of risk management, which is becoming increasingly important all over the world.


The way in which a threat affects the organization’s personnel, assets, reputation or programs. Examples of risks: flooding of the organization’s facilities, collapse of buildings, contamination by cholera or other diseases, etc.


Any event that jeopardizes the organization’s own safety, the safety of its personnel, or the safety of assets in the context in which it occurs. Types of threat: violence, conflict, natural disasters, terrorism, health problems, political interference, crime and corruption, etc. Examples of threats: crime; events of physical origin (floods, earthquakes, contaminated water); institutional negligence (lack of rules, organization charts, training, etc.).


Expresses both exposure to risk and the extent of response capacity in the face of such events. Examples of vulnerability: untrained personnel, offices located near clay soil, precarious building conditions, lack of emergency plans, etc.

Security is an intrinsic human need. It’s an emotional situation that may or may not enable us to develop our private, social and professional activities in an environment of normality and serenity. Security is the sum of two concepts: protection and resistance. It’s the certainty of knowing that something has happened, the possibility of immediately discovering what’s going on, and the peace of mind of being able to take immediate action in the event of an intrusion. It involves protecting staff, volunteers or organizational resources against acts of violence, theft or damage.

To mitigate all these risks, humanitarian and development organizations recruit specialists in the field, people with extensive experience of security management in humanitarian or development organizations. By recruiting these specialists, the organization is already promoting the profession, which is thus enhanced and a department in its own right is created.

A little further down, the main security strategies used to manage NGO security in a hostile environment.

Safety has two main components:

  • Individual responsibility, understood as all the actions people take personally to meet their obligations and guarantee minimum safety standards.
  • Institutional responsibility: measures, actions and procedures to manage the risk incurred by individuals/organizations in the face of threats (Security Plan/Guide).

Mitigation measures:

Once threats have been identified and ranked, it is recommended that mitigation measures be taken to reduce exposure to risk. Preventive measures designed to reduce the probability of an incident occurring (with the aim of preventing the incident from happening in the first place).

Example: vehicle maintenance. Reactive measures aimed at reducing the impact when an incident occurs (with the objective of reducing the negative effects assuming the incident does occur).

Example: ensuring seatbelt use. Be aware that if the probability is high and only reactive measures are taken, the effect of these actions will be limited.

Development of safety strategies: (Acceptance, Protection and Deterrence)

Once the context and risks have been analyzed, what are the next steps?

What strategies can be followed to reduce risk?

This section describes the main strategies adopted prior to the deployment of safety plans, which are more in the nature of “organizational culture” than protocol.


A relationship of trust based on acceptance of your presence, your working methods and the purpose of your activities.

To build acceptance, you’ll need:

  • Mapping the players
  • Identify allies and build constructive relationships with them
  • Involve all members of the organization, consult the community and adapt programs to real needs
  • Consistently present your identity, tasks and work plans (internal and external)
  • Analyze the local situation and understand the aspects that might make their acceptance difficult.
  • Acceptance takes time, being the hardest thing to gain, and also the easiest to lose

Example: if you are a religious organization, communicate clearly how its definition does or does not affect its work.

Example: explain where the funds come from and what the program’s priorities are (mission and vision).


The aim of protection is to reduce the risk (not the threat) by reducing the organization’s vulnerability.

  • Protective measures are based on an analysis of the organization’s physical threats and vulnerability factors.
  • Measures will be taken to reduce the vulnerabilities identified.
  • All measures must be clearly described and apply equally to all staff.
  • Be aware that adopting measures disproportionate to the risks may have an impact on the organization’s image.

Example: protective measures (fences, alarms, guards, etc.). Try to prevent the antenna from becoming a bunker.

Example: protective measures to ensure safety on the move (radios, telephones, regular contact policies, etc.).

  • It’s important for your organization to reflect on the security strategies it usually uses (consciously or unconsciously) and understand their advantages and disadvantages, and how to implement them.
  • Don’t forget that the responsibility for your organization’s safety rests on your protocols, strategies and their implementation, at both organizational and individual levels.


Measures that directly affect the person posing the threat and are used to counter threats and armed actions such as legal, political or economic sanctions.

Strategy of last resort, when the previous two have been inconclusive. In developing these deterrent strategies (if any), you’ll need to analyze:

What are the limits to your ability to threaten or effectively withdraw your services?

Need for armed personnel such as security guards when traveling.

Be aware that these measures may jeopardize your acceptance.

Example: the use of armed personnel when traveling is generally not without consequences when working with communities.

Example: if a withdrawal or suspension of activities is possible, anticipate the consequences for the beneficiary populations and for your staff, and mitigate the repercussions (payment of salaries, remote monitoring, etc.).

Safety culture is a process and a spontaneous behavior within teams. It ensures that safety procedures are understood and respected in the implementation of activities. This respect for procedures then becomes a reflex and a spontaneous reaction on the part of every member of staff. A sense of individual and collective responsibility is nurtured and developed within the teams.