Home > Safety and security > Security management and duty of care audits

Security management and duty of care audits

Security management should be carried out in a systematic way to be most effective. Charities and other NGOs should apply internal management processes in a logical order to achieve the conditions and outputs that they desire.

An evidence-based security management and duty of care audit from Open Briefing will:

  • Map your current security management system
  • Identify the gaps in your system on paper and in practice
  • Develop an action plan to address weaknesses in the system
  • Help you meet your duty of care obligations

Open Briefing uses an adapted version of the Security Audit process, extended with additional duty of care benchmarking, including insurance, staff wellbeing and safeguarding, for example. The four stages of a security audit from Open Briefing are:

Security audit process

Stage 1: Initiate

We will work with you to understand your needs and agree the most appropriate elements of security management and duty of care to audit your organisation against. These modules might include:

  • Risk governance
  • Risk appetite and culture
  • Financial resources
  • Human resources
  • Staff wellbeing and resilience
  • Office opening/closing
  • Partner engagement
  • Travel management
  • Incident management
  • Information awareness
  • Continuous improvement

Within each of these modules will sit various themes (for example, process, approval and monitoring under travel management) that consist of a standard and indicators of that standard being achieved. We have developed these standards and indicators from legal precedents and community good practice. From these agreed building blocks, we will create a system reference map for your organisation.

Stage 2: Assess

We will gather evidence for the audit from several sources, including:

  • Document review (policies, handbooks, etc.)
  • Workshops with risk owners and risk managers
  • Interviews with key informants, including those who are risk exposed
  • Online survey of all staff and other stakeholders

Using a RAG traffic light system (see below), we will record in the system reference map whether you are meeting each standard. We will do this for both paper and practice, i.e. we will assess what is written down in policies and handbooks and assess what staff are actually doing.

RAG status for security audits

Stage 3: Report

We will provide you with a detailed findings report and gap analysis, including summary traffic light dashboards (see below). We will clearly explain in non-technical language the changes that your organisation should make in order to meet the standards that we are auditing you against. This will include recommendations for policies and trainings as well as the procedures that you should develop to better protect your staff and assets.

We will also include a summary of the key threats and opportunities that your organisation faces with regards security management and duty of care as well as recognise those areas where your organisation is doing well.

Security management system reference map
Example security management and duty of care audit dashboard

Stage 4: Implement

We will work with you for an agreed number of days to implement any recommendations that you need our help with. This might include developing a full package of security policies, procedures and resources for your organisation; running a crisis management simulation; or providing Psychological First Aid support to your staff, for example.

If required, we can also provide retained consultants and other ongoing support and training to ensure that your organisation stays secure and continues to meet its duty of care obligations.

Security management and duty of care audits for charities and other NGOs from a non-profit providerClick To Tweet

A security audit will usually take several weeks to complete, but it varies depending on the size and complexity of the organisation being audited. Grants and subsidies may be available to help NGOs access our audit service. Please contact us to discuss your needs.

Open Briefing is a member of the International NGO Safety & Security Association, BOND and the Charities Security Forum. We are also a certified social enterprise.