Duty of Care -- What is it & what does it mean to my organization?
In recent years the concept of Duty of Care has firmly established itself in the lexicon of international risk management. But what exactly is Duty of Care? And more importantly, what can organizations do to maximize Duty of Care for their personnel around the world?
First, a definition:
A duty of care is a legal obligation which is imposed on an individual requiring adherence to a standard of reasonable care while performing any acts that could foreseeably harm others.
Perfectly clear, right? Well, maybe not. As this definition illustrates, Duty of Care is a broad concept rather than a precise standard. Therefore, to successfully provide Duty of Care, organizations and companies must have a broad-based, holistic approach to risk management for their global operations. Key elements:
- Assess risk. Organization-specific assessments are the foundation of risk management upon which all plans are built. Comprehensive baseline assessments are important, but risk is dynamic and ever evolving so ongoing updates are essential especially prior to travel, new or significant activities or following major changes in the environment.
- Gather info & build culture of awareness. Good decisions require the most timely and accurate information available. Establish an information network of diverse sources including embassies, security firms, peer organizations, local partners and staff. Share information to avoid the “why didn’t anyone tell me that road was dangerous at 2am” moments.
- Integrate risk management into project planning. All too often, risk management is an afterthought in project planning, resulting in incongruent procedures that appear to hamper activities. Weaving it into planning early increases awareness and buy in, and allows risk management to serve as an enabling element.
- Communicate, train & educate. Inform and warn prior to travel or deployment, and then periodically update since risk is dynamic. Provide training based on risk environment and role. For example, senior staff expected to assist in an emergency should be trained in incident management. Include experienced staff and those with training from prior roles (US Govt, other companies or orgs) since procedures and systems vary across different organizations.
- Build risk-based plans & procedures – update, communicate & Plans should be living documents built around the risks identified in assessments and updated as the environment evolves. Nicely bound, multi-volume plans may look great but they are easily outdated, quickly becoming irrelevant. If no one is following the plan, it’s worse than not having one; it’s essential to communicate and enforce plans and policies.
- Incorporate community best practices. Benchmarking your risk management systems to peer groups is an effective way of understanding if your systems are “reasonable” and helps reduce the chance you’ll be confronted with the question: “No other organizations were driving that road at night, why were we?” Peer networking groups like the Overseas Security Advisory Council and the International NGO Safety and Security Association are great starting points.
- Plan for and practice crisis management. Don’t wait for a crisis to think through response. Build a plan tailored to your organization, identify internal and external resources and conduct training with key personnel.
- Track personnel. Knowing who is where helps understand risk exposure and assists with accountability and communication in the event of an emergency or incident.
- Implement & test emergency communications. Communication is critical for sharing information about specific risks as well as to account for staff and pass along instructions in the event of an emergency.
- Align resources to risk. Ensure internal and external resources have the capacity to address organizational risk. Internally, this includes security, legal, human resources, finance, and IT. Key external resources:
- Insurance — Business Travel Accident (BTA), Workers Compensation, Defense Base Act (DBA), Special Risks/Kidnap, Ransom, Extortion.
- Medical and Political Evacuation coverage.
- Security and crisis management providers.
- Staff resiliency and trauma support.
Providing Duty of Care to a global workforce requires plans, procedures and resources tailored to an organization’s specific risk exposure. While nothing provides immunity from risk, appropriate systems prepare organizations and companies for the challenges they face operating internationally and lay the foundation for effective Duty of Care.