First published by Grant Rayner on 30 Oct 2023
5 min readTravel Security
This essay was originally published in Dangerous Travels on 30 Oct 2023
So far this year, I’ve covered quite a lot of ground on the subject of travel security. Aside from articles that focus on individual travellers, I’ve also touched on quite a number of issues integral to an organisation’s approach to travel safety and security.
There’s quite a bit that goes into a robust Travel Safety and Security Programme. The good news is that none of it is particularly complicated. The key is that all of the various pieces are in place and are all properly integrated. Without effective integration, the programme won’t work.
Let’s start by defining why you would want to do this in the first place.
A good start point for designing a travel safety and security programme is to understand why your want to do this in the first place. Here’s a few important objectives that such a programme should be able to deliver:
The key here, at least in my view, is to take a human centric approach to travel security. While a good programme will certainly help the organisation by reducing liability and improving reputation, the focus of the programme should always be to protect travellers from psychological and physical harm. That focus needs to dominate the discussion when designing the programme. If not, there’s a real risk you’ll end up with a programme that looks nice on paper but does little in terms of reducing risk for your travellers.
Let’s break down the different aspects of the Travel Safety and Security Programme into discreet capabilities that can be implemented and improved over time.
The first capability you’ll need to put in place is a Travel Risk Management Framework.
A Travel Risk Management Framework enables your organisation to determine the level of risk in each country and allows for different mitigation measures to be aligned with risk. A risk-based approach to mitigation is not only effective, but it’s the most efficient way to allocate resources to fund the programme.
The Travel Risk Management should comprise three interrelated aspects: country risk levels, security intelligence and updates, and travel restrictions.
Country risk levels enable your organisation to assign risk levels to each country where you send your travellers. You could use frameworks provide by governments or security vendors. Alternatively, you could develop your own frameworks. If you’re a large organisation with a competent security team, you should customise your own frameworks based on where your travellers actually go, how long they spend on the ground, and what they do there.
Ideally, there should be an overall country risk level for each country. There should also be discreet risk levels for different risks, including terrorism, crime, civil unrest, and natural disasters. It’s useful to differentiate between security and medical risks.
To go a step further, you should try to apply risk ratings at the city level, allowing for more nuanced decisions relating to travel.
To ensure country risk levels are routinely reviewed and updated, there should be a documented review process. Risk levels should also be noted in the respective country destination guides.
The challenge with country risk levels is the determination of risk. Risk is typically a function of likelihood and consequence. While it may be possible to determine the likelihood of a risk event, it’s very difficult to determine the impact on travellers of that event. A terrorist attack on a hotel could have a catastrophic impact if your travellers are in the lobby of the hotel. If they’re in a different hotel across town, the attack–while terrible–will have no impact on your travellers.
Some organisations take a different approach by focusing on threat. Taking this approach, they define the capability and intent of different threat groups. The challenge here is that, while it’s not to difficult to assess a threat group’s capability based on past actions, it’s significantly more difficult to determine their intent to conduct an action that may harm your travellers. In addition, it’s difficult to use the threat model to assess natural disasters, which are a key risk in many countries.
Regardless of the approach your organisation takes to assessing country risk levels, that approach should be informed by security intelligence and analysis.
High quality and timely security intelligence is an essential input for determining country risk. Your organisation can obtain security information from different vendors and from open sources. Ideally, an internal team should then process this information to determine what impact, if any, it has on the organisation’s operations. This team can then package the information and send it to appropriate teams, which may include travellers. You should avoid sending unprocessed information from vendors directly to travellers.
In addition to using security intelligence as an input for determining country risk levels, it’s also critical that your GSOC is alerted of major events, such as plane crashes, train accidents, terrorist attacks, and natural disasters. These alerts are essential for ensuring the organisation can quickly identify new risks, account for travellers after incidents, and provide support at anyone impacted.
The last component of the Travel Risk Management Framework is to have a documented system of travel restrictions. As with country risk levels, you could rely on frameworks provide by governments or security vendors. Alternatively, you could develop your own travel restriction framework.
At a basic level, travel restrictions can be applied to the country level. Ideally, however, travel restrictions should be applied at the city level (you only need to be concerned with the cities your travellers will go to on business travel).
For travel restrictions to be effective, they need to be integrated into the travel approval and travel booking processes. The travel approval process should prompt the approving manager that travel restrictions are in place for a particular location. The travel approval process should be risk based, with different levels of management responsible for approving travel based on the prevailing travel restriction (more on the approval process below).
The current travel restrictions for each country should be noted on the respective country destination guide.
An important point to note is that country risk levels are not the same as travel restrictions. While they may correlate at times, travel restrictions will often go up and down based on different events that don’t impact the overall country risk level (for example, an election may result in travel restrictions for a specific city in an otherwise low risk country).
I discuss other aspects of travel restrictions in an earlier article.
Let’s turn our attention to a key pillar of any travel safety and security programme–the approval and booking process.
I touched on the travel approval process above. In the sections below, I’ll expand on the importance of having a formal approval process and a tightly integrated booking process.
The organisation should have a documented travel approval process, with the travel approval process preceding the travel booking process.
As a baseline, all travel should require approval as part of basic governance. From there, approval requirements should be aligned with the travel restrictions framework. In principle, the higher the risk, the higher the level of approval required.
Travel approval shouldn’t just be a paper exercise. The onus should be on the manager to evaluate the risk and determine whether business imperatives justify the increased risk of harm to the traveller.
A key factor in decision making should be the traveller. The approving manager should evaluate the traveller’s experience and profile. Wherever possible, less experienced travellers should be paired with more experienced travellers. Such a practice could be a condition of the travel being approved.
Of course, it’s important that security executives weigh in on these decisions as well. A business manager should not be able to approve travel to a high-risk location without input and guidance from appropriate qualified security professionals.
The approval process should be automated into a workflow, up to a point. The higher the risk, the more detailed the process of evaluation and assessment. If someone wanted to travel to Mogadishu on a sales trip, for example, the process should involve more than a tick in a box.
Once travel is approved, the traveller can book flights, accommodation and transport. Ideally, all travel bookings should be through a designated company travel agent. Using a travel agent provides a fail safe against accidental or deliberate attempts to travel to locations where travel restrictions are in place. As such, the travel booking process must be integrated with the travel approval process. It should not be possible for a traveller to book travel to a higher-risk location without having already received the necessary approvals.
I’ll be covering travel logistics in more detail in subsequent articles, and will describe how each element can be integrated into the booking process.
This article has provided an introduction to designing a travel safety and security programme. Next week I’ll go a level deeper, focusing on destination guides, journey management, and a few other essential components of a robust programme.
Thanks for reading.
The fifth article of a series focused on designing a robust and effective travel safety and security programme.
27 Nov 2023 · Read now
The fourth article of a series focused on designing a robust and effective travel safety and security programme.
20 Nov 2023 · Read now
The third article of a series focused on designing a robust and effective travel safety and security programme.
13 Nov 2023 · Read now
The second article of a series focused on designing a robust and effective travel safety and security programme.
06 Nov 2023 · Read now
Why your organisation will struggle to assist travellers during critical incidents and need to instead focus on empowering travellers through effective training.
16 Oct 2023 · Read now
Different techniques your organisation can implement to improve your approach to implementing travel restrictions.
09 Oct 2023 · Read now
Different approaches organisations can use to provide high quality advice to their travellers to help mitigate risk.
02 Oct 2023 · Read now
How to develop useful destination guides that empower your travellers to manage risk.
01 May 2023 · Read now