Security Plans and Regulations
All IFRC offices must security regulations as well as contingency plans for relocation and medical evacuation. They must be clear, functional, and up-to-date.
Strict adherence to the regulations is mandatory for all personnel, including visitors and dependents, to ensure security measures are effectively implemented. Breaches of security regulations are deemed a breach of the IFRC Code of Conduct and may be considered misconduct or gross misconduct.
The security regulations document must focus on “rules” and not on recommendations. Experience shows that including many recommendations can lead to confusion and result in incidents/breaches.
The rules and plans must be clear, functional, up-to-date, and adapted to the local context and situation. See the tips provided below.
5 Tips to Write Good Security Regulations
Here are some tips to help you write effective security plans and regulations:
Note: Within the IFRC, we use the term “security regulations” instead of security plan, but it is essentially the same thing except that the document is more focused on the rules and does not include detailed risk descriptions and contingency plans (as these are captured in other documents).
Don’t mix rules with recommendations. Keep them separate.
Mixing rules and recommendations in the same sentence or paragraph is a common mistake that causes confusion and may put people at risk.
It must be very clear what is mandatory and what is not. When describing rules, use words such as "must" and “will” and avoid words like "should", “shall” or "is recommended" as these are often interpreted as optional. For example, if a 2-vehicle convoy is a security requirement, the document must say “2 vehicles must be used when travelling to the field” and not 2 vehicles should or shall be used…”
A good approach is to start each section with a rules paragraph followed by a recommendations paragraph (if necessary). This visual separation makes it much easier for readers.
Focus on rules not explanations - Keep it short
The security regulations should focus on the rules (what to do) and not include lengthy explanations. Yes, explanations are important but that’s what security briefing and welcome packs are designed for. Think of regulations as a recipe: it should list the steps and ingredients but not a long explanation of why you like to bake cakes…
Think of your audience
Staff and volunteers who are new or speak another primary language must understand the document. Avoid (or spell out) acronyms and use simple language and short sentences.
Don’t change the template
We know it's tempting to add or remove parts of the template but don't do it. Templates exist to ensure consistency and were developed based on best practices. Most organisations have instructions on how to write security regulations but if not, ask your security advisor or the Global Security Unit.
Write it with others
Drafting regulations should be a team effort that requires input from the managers and employees if concerns the most (eg, drivers, radio room staff, team leaders etc).